On 07/04/2013 01:53 PM, Nathan England wrote: > So is there an advantage? Or maybe not an advantage, but a better reason to > use gnupg over sha2?
Since you control the server and the upload process, I'd say that sha256 hashes paired with a username are the equivalent of a gnupg signature in terms of what you require. Since a username and password are required to log into your upload system, you've already assured (reasonably) that the uploader is the username. Gnupg has the advantage of being decentralized. Signatures are created by the user outside your server upload process. Gnupg would not be possible to be used inside your server process after the upload (since you don't have your users' private keys). And after another user downloads the file (and also the signature) he can check them "offline" as it were. /* PLUG: http://plug.org, #utah on irc.freenode.net Unsubscribe: http://plug.org/mailman/options/plug Don't fear the penguin. */
