On Sun, May 18, 2025 at 6:58 AM Richard Stoughton <[email protected]> wrote: > To "sign" the hash on M, it would be necessary to inject a one-time > secret (e.g. a OpenPGP private key
This would seem to invalidate H's purpose for existing. At that point may as well backup the keys on H & move its signing subkey to a USB GPG Card. Install the card-based keypairs on M, and remove H from the process. The card provides M a means to sign only at the time that physical card is inserted, w/the correct PIN is entered, and M never gains access to read the secret. > creates the final signatures. This could be done in a much more > efficient way if GnuPG would be able to create signatures with hashes > instead of the complete file content as input. You can provide a list of hashes and filenames as the text to be signed by GPG. The signing of a text message usually outputs both the content of the message and a signature. For the input to be signed the signer has to have access to a message. Otherwise: How can that signer apply their policies and scan the content of what they are signing in order to confirm that it adheres to the standard of what should be signed? If the signer is to blindly trust M, then you may as well perform the signing from M. The PGP format/protocol for the digital signature to be outputted also does not provide a way to sign without the complete file content and the ability to concatenate that content with Other PGP subpackets added to the message signature before the SHA256 (or other hash) is calculated which are inserted by the signer. The subpackets are specific to the signer's software implementation and version; might contain various extensions, signer information, randomized data, timestamps (the signature creation timestamp), or other padding sequences which would ensure no two digital signatures are based on an identical hash, even if the content of file being signed is identical. A precomputed SHA256 hash based on the file content alone cannot be copied into a PGP signature, since a signature presumably could not be derived from a hash of the file directly, even with changes to the source code.. this is presumably a feature that could not be easily added. Since other PGP hashed signature packets are likely to be contained in the PGP signerare which are part of the value that are to be hashed, but are Not part of the contents of the file being signed. As per RFC 4880, Page 23, 5.2.3 Version 4 Signature Packet Format 5.2.3.1. Signature Subpacket Specification -JA _______________________________________________ Gnupg-users mailing list [email protected] https://lists.gnupg.org/mailman/listinfo/gnupg-users
