On Mon, Jun 13, 2011 at 3:47 AM, Werner Koch <w...@gnupg.org> wrote: > On Sun, 12 Jun 2011 23:15, m...@kerrickstaley.com said: > >> Is it possible to generate the digest for a file, and then create the >> signature from that digest later? > > No, this is not possible. We once considered to implement such a > feature but dropped that plan. The technical problem is that with > OpenPGP you don't just sign a plain hash of the message but the hash of > a modified message (in text mode) and further the hash includes a few > magic bytes. Thus to implement such a feature we we would need to do a > incomplete hash on the server and complete it on the client. It is > doable but would look ugly. > > My suggestion is to sign a the hash of the file; i.e. create a file with > the SHA-x digests on the remote box, download it and sign it on the > local box.
OK, that answers my question. I think we'll go with the hash-signing implementation. Thanks! -Kerrick Staley _______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
