On Mon, Feb 02, 2009 at 06:25:38PM +0100, skl99...@gmx.net wrote: > Hello, >
> is there a possibility to have gpg2 make a detached cleartext > signature? I only seem to be able to have it do either the one or > the other. What do you mean by a detached cleartext signature? A detached signature that is ascii armored? If so, then: --armor --detach-sign > And the more complex follow on question for all the crypto experts > out there: the reason why I want to do that is because I would like > to timestamp some files, eg using > www.itconsult.co.uk/stamper.htm. Now my thought was that I do not > really send the file itself (which might be rather big) but that I > could sign the file and then timestamp the signature. Would this be > enough (1), and would it matter if the password of my signature key > would become compromised (2)? May guess is (1) yes, (2) no because I > am really only making use of the hashing algorithm, and indeed I > also could simply timestamp a hash (is this true?). 1) It depends on what you plan on doing with the signatures. If you're just trying to show a timestamp for the document creation, then yes, it's fine. 2) Again, assuming you're trying to show a timestamp, then no, it does not matter. The relevant timestamp is that imposed by the stamper service, not the one imposed by your key. Thus your key can be compromised without affecting the timestamps. > The reason that I want to to have a timestamped detached cleartext > signature is that I believe that this is a bit more stable than a > timestamped detached signature of a binary - views on this? Armored signatures are not any more stable than binary signatures. The data is identical. Only the file format is different. If you're just doing timestamping, note that you can also just hash the document and send that hash to the stamper service (i.e. your personal signature doesn't add much to the equation): gpg --print-md sha256 (thedocument) | mail the-stamper-service David _______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
