Hi Lachlan, At Fri, 23 Oct 2015 10:58:22 +0200, Lachlan Gunn wrote: > Is there any way make GNUPG or libgpgme generate a signature from an > externally-computed hash? My justifications for this are twofold:
In theory yes, in practice no. To generate an OpenPGP signature, the OpenPGP implementation hashes the concatenation of the data and some metadata. That is, it computes: H(data || metadata). Thus, to do what you want you'd need to give GnuPG not the hash of the data, but the internal state of the hash function before it appends the metadata. Unfortunately, the internal state is implementation and platform dependent. If OpenPGP computed signatures as follows: H(H(data) || metadata), then what you wanted would be straightforward to implement. > 1. Isolation---by removing the need for gpg to see the original data, > it becomes possible to perform signatures on a system that is > completely isolated, at least as far as incoming data goes. > > 2. Process separation---I have ideas involving SELinux that I would > like to experiment with, and doing so requires that tasks be split at > the process level as I understand. There are two ways around this: - You can run gpg on one machine / user account and gpg-agent on another. (Look up the extra-socket option in the GnuPG manual.) Note: I briefly cover this in my "An Advanced Introduction to GnuPG" presentation, which was recorded at RMLL: https://2015.rmll.info/introduction-avancee-sur-gnupg?lang=en - Have GnuPG sign the hash of the data. That is, use something like sha256sum to compute a hash of the data, transfer the hash to the machine running gpg and sign that data. This adds a level of indirection, which the person verifying the hash needs to deal with. :) Neal _______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
