> We had a discussion about smart-card signatures here and basically the > issue with passing just a hash is that you can't distinguish data > signatures from certifications/key signatures.
To clarify, you can't tell from the hash, and you can't really add a packet "I'm signing data here" vs. "I'm signing a key here". At least that's what I got from the discussion on smart-cards, YMMV when it comes to a full-blown gnupg install. Of course, you could solve this problem by signing with a sub-key, which isn't meant to certify other keys. I do wonder how e.g. PGP would react on seeing a key certification from a sub-key. -- Jerome Baum tel +49-1578-8434336 email jer...@jeromebaum.com web www.jeromebaum.com -- PGP: A0E4 B2D4 94E6 20EE 85BA E45B 63E4 2BD8 C58C 753A PGP: 2C23 EBFF DF1A 840D 2351 F5F5 F25B A03F 2152 36DA _______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
