On 10/03/2011 14:39, Aaron Toponce wrote: > On Mon, Oct 03, 2011 at 07:49:21PM +0200, pet jemen wrote: >> I want to sign binary data in OpenPGP Message Format. >> I want sign it by two or more keys. >> According to http://tools.ietf.org/html/rfc4880#section-5.4 it seems it is >> possible. >> (A one-octet number holding a flag showing whether the signature is >> nested. A zero value indicates that the next packet is another One-Pass >> Signature packet that describes another signature to be applied to the same >> message data.) >> >> I'd like to use gpg from command-line to sign an input file by two keys. >> I tried to sign it by: >> gpg2.exe --quiet --yes --force-v3-sigs -z 0 -u "test1 (test1) < >> te...@test1.org>" -o %1.signed --sign %1 >> gpg2.exe --quiet --yes --force-v3-sigs -z 0 -u "test2 (test2) < >> te...@test2.org>" -o %1.signed2 --sign %1.signed >> >> But the second signature signed the first one also with the first signature. >> I need to sign it in way were I can verify signature of signed data by both >> keys (the last octet of One-Pass Signature Packets (Tag 4) packet should be >> equal to zero). > > You should use detached signatures: > > $ gpg -b -u $KEYID1 file.txt > sig1.gpg > $ gpg -b -u $KEYID2 file.txt > sig2.gpg > > At this point, just concatenate the two detached sigs: > > $ cat sig1.gpg sig2.gpg > signatures.gpg
Wouldn't it be easier to just use >> :) Doug -- Nothin' ever doesn't change, but nothin' changes much. -- OK Go Breadth of IT experience, and depth of knowledge in the DNS. Yours for the right price. :) http://SupersetSolutions.com/ _______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users