On 5/19/2025 18:08:07, Jay Acuna via Gnupg-users wrote:
On Sun, May 18, 2025 at 6:58 AM Richard Stoughton <[email protected]> wrote:
To "sign" the hash on M, it would be necessary to inject a one-time
secret (e.g. a OpenPGP private key
This would seem to invalidate H's purpose for existing. At that point
may as well backup the keys on H
& move its signing subkey to a USB GPG Card. Install the card-based
keypairs on M,
and remove H from the process.
The card provides M a means to sign only at the time that physical
card is inserted,
w/the correct PIN is entered, and M never gains access to read the secret.
creates the final signatures. This could be done in a much more
efficient way if GnuPG would be able to create signatures with hashes
instead of the complete file content as input.
You can provide a list of hashes and filenames as the text to be signed by GPG.
The signing of a text message usually outputs both the content
of the message and a signature.
For the input to be signed the signer has to have access to a message.
Otherwise: How can that signer apply their policies and scan the
content of what
they are signing in order to confirm that it adheres to the standard
of what should be signed?
If the signer is to blindly trust M, then you may as well perform the
signing from M.
The PGP format/protocol for the digital signature to be outputted also
does not provide a way to sign without the complete file content and
the ability to
concatenate that content with Other PGP subpackets added to the
message signature
before the SHA256 (or other hash) is calculated which are inserted by the
signer.
The subpackets are specific to the signer's software implementation
and version; might
contain various extensions, signer information, randomized data, timestamps
(the signature creation timestamp),
or other padding sequences which would ensure no two digital
signatures are based on
an identical hash, even if the content of file being signed is identical.
A precomputed SHA256 hash based on the file content alone cannot be
copied into a PGP signature, since a signature presumably could not be derived
from a hash of the file directly, even with changes to the source code..
this is presumably a feature that could not be easily added.
Since other PGP hashed signature packets are likely to be contained in
the PGP signerare
which are part of the value that are to be hashed, but are Not part
of the contents
of the file being signed.
As per RFC 4880, Page 23, 5.2.3 Version 4 Signature Packet Format
5.2.3.1. Signature Subpacket Specification
Please stop suggesting less secure solutions to those who have already set
up high security compartmentalized systems. It makes you look malicious .
From what you claim, it seems the data to be hashed does NOT include the
private key for the signature that would be made by the high security
compartmentalized server, just some metadata about the public key etc.
Maybe multiple signatures will have to be passed from signer to signer
as each adds their signature to the end of the set. Depending on what
the PGP standards say, this may or may not require passing along an
intermediary hash state (hash computation block and last partial hash
input block) to allow each additional signer to compute a hash from
start of message to fields added by that signer.
Obviously, such calculations are apparently not in the currently
shipping GPG code, but could be written by companies that need it
locally (using the GPL interpretation that keeping the binaries
private allows keeping the source code equally private).
Enjoy
Jakob
--
Jakob Bohm, CIO, Partner, WiseMo A/S. https://www.wisemo.com
Transformervej 29, 2860 Søborg, Denmark. Direct +45 31 13 16 10
This public discussion message is non-binding and may contain errors.
WiseMo - Remote Service Management for PCs, Phones and Embedded
_______________________________________________
Gnupg-users mailing list
[email protected]
https://lists.gnupg.org/mailman/listinfo/gnupg-users
