Hi all,
I mentioned on this list a few days ago that I am implementing
gpg-signed-commits for CVS. This is somewhat of a new area for me, and
I was hoping to trust GPG to solve most of the security issues, but it
turns out this doesn't cover the possibility of replay attacks. We've
been discussi
David Shaw wrote:
>Yes, and yes.
>
>To separate signatures, use 'gpgsplit', which comes with gpg. You'll
>end up with each signature in its own file.
>
>The documentation of the signature file format is in RFC-2440:
>http://www.ietf.org/rfc/rfc2440.txt
>
>
Thank you very much. That will be us
Say `gpg --detach-sign' were used to create several detached signatures
and they were concatenated into the same file. Is there a simple way to
separate those signatures again? Is there documentation of the gpg
signature file format online?
(I am looking into allowing CVS revisions to be signed
