Just to make sure that I'm understanding this, a complete PGP signature does not embed information about whether it is the signature of a file or the signature of a certificate, so it's a bad idea to sign a remotely generated digest?
-Kerrick Staley On Mon, Jun 13, 2011 at 5:36 PM, Faramir <faramir...@gmail.com> wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA256 > > El 13-06-2011 11:39, Hauke Laging escribió: > ... > > I would like to have the possibility to pass the hash to be signed. > > I suppose if the hash is sent using a "secure" connection, it should > be safe enough. But that option, no doubt, would be an "expert" option. > It sounds interesting to me, but of course, I'm not the one writing the > patch. > > Best Regards > -----BEGIN PGP SIGNATURE----- > Version: GnuPG v1.4.11 (MingW32) > Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ > > iQEcBAEBCAAGBQJN9pD0AAoJEMV4f6PvczxAC/sH/2iJeXN9zWUIQjO9MlFWk/SX > UtfCDd4Zvk33J2oqCT7h1mpCdpO2dQ86AkJ8zat5TMH3Ps3r4Ndvvo4CsmJxuP7A > BchcbEFt2hhKA5uUz5I7omZYdjfNhWKLYieWcCUAPoDJUeuYthUdptEU7OMTEzXQ > kIstM9sHJfckiCjfB1RC8FuWwtr4jrxa8W42WhxVJQ28SfK2YDj1kReoBB6ALLh/ > iMJBKpNv0mTued3rL93+DtEwJgGMnFi1Zx4ix2u39PuP4EYkKksHY5lswj/7GrvQ > nCuYo4ai2xBleqvXhqM/UFhbuNmO9RIXKzTYyE9JW76yJAhvvcx7OZukQ1hDFu0= > =Ttt9 > -----END PGP SIGNATURE----- > > _______________________________________________ > Gnupg-users mailing list > Gnupg-users@gnupg.org > http://lists.gnupg.org/mailman/listinfo/gnupg-users >
_______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
