On Sun, Jun 12, 2011 at 5:37 PM, Jerome Baum <jer...@jeromebaum.com> wrote: > > On Sun, Jun 12, 2011 at 23:15, Kerrick Staley <m...@kerrickstaley.com> wrote: > > Is it possible to generate the digest for a file, and then create the > > signature from that digest later? > > Problem is, you don't know what you're signing.
I realize that this is a problem; however, it considered to be an acceptable risk. The same problem happens if the developers sign a SHA512 of the database. The only way for developers to verify the database is to copy it to their computer, but this is considered to be too much of a hassle. -Kerrick Staley _______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
