Hello, Is it possible to generate the digest for a file, and then create the signature from that digest later?
I'm making this inquiry because developers for the Arch Linux distribution need a way to sign databases (lists of software packages) on the central repository (package server) without having to copy those repositories to their local computer and back. There is the option of hashing the databases and signing the hash, but this introduces additional complexity which shouldn't be necessary. Another option is copying secret keys to the server, but this is a bad idea because all developers' keys would need to be revoked in the event that the server is compromised; key revocation would be a huge hassle which would be compounded with the need to audit the server's security. So, being able to seperate the generation of digests and the generation of signatures would be very useful, but I cannot find documentation anywhere on how to do this. Can anyone help? Thanks, Kerrick Staley
_______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
