On Tue, Jun 14, 2011 at 02:31, Kerrick Staley <[email protected]> wrote: > Just to make sure that I'm understanding this, a complete PGP signature does > not embed information about whether it is the signature of a file or the > signature of a certificate, so it's a bad idea to sign a remotely generated > digest?
It does, and the hash it signs is generated from that (key) data prefixed with a string that differs between certs and data sigs. -- Jerome Baum tel +49-1578-8434336 email [email protected] web www.jeromebaum.com -- PGP: A0E4 B2D4 94E6 20EE 85BA E45B 63E4 2BD8 C58C 753A PGP: 2C23 EBFF DF1A 840D 2351 F5F5 F25B A03F 2152 36DA _______________________________________________ Gnupg-users mailing list [email protected] http://lists.gnupg.org/mailman/listinfo/gnupg-users
