On Jun 13, 2011, at 8:31 PM, Kerrick Staley wrote: > Just to make sure that I'm understanding this, a complete PGP signature does > not embed information about whether it is the signature of a file or the > signature of a certificate, so it's a bad idea to sign a remotely generated > digest?
No, it's the other way. A PGP signature does embed information about all sorts of things, including whether it is the signature of a file or signature over a certificate. David _______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
