>> > Is it possible to generate the digest for a file, and then create the >> > signature from that digest later?
>> Problem is, you don't know what you're signing. > I realize that this is a problem; however, it considered to be an > acceptable risk. The same problem happens if the developers sign a > SHA512 of the database. The only way for developers to verify the > database is to copy it to their computer, but this is considered to be > too much of a hassle. Who makes these considerations? In any case, what kind of database is this that it's too much of a hassle to copy over? What size, etc.? -- Jerome Baum tel +49-1578-8434336 email [email protected] web www.jeromebaum.com -- PGP: A0E4 B2D4 94E6 20EE 85BA E45B 63E4 2BD8 C58C 753A PGP: 2C23 EBFF DF1A 840D 2351 F5F5 F25B A03F 2152 36DA _______________________________________________ Gnupg-users mailing list [email protected] http://lists.gnupg.org/mailman/listinfo/gnupg-users
