On 07/14/2014 10:49 AM, Schlacta, Christ wrote:
Verify, strip, resign.
That would be exactly the wrong way to do it. The only reasonably secure way, and the only way anyone knowledgeable about cryptography would accept, is to synthesize an inline message which contained the original signature.
Your points about the bot becoming compromised are exactly why not to do what you suggested.
Doug _______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
