Re: Detaching signature from signed object
On Wed, 23 Jun 2021 17:55, Matthew Richardson said: > provide enough inforation to extract the signature? Does it vary depending > upon whether the signature is ASCII armored? Actually gpgsplit can be used to slit an OpenPGP message. In theory it is possible to convert an encrypted and signed mail into a PGP/MIME signed mail. However, this requires that the creator strictly followed the suggestions from RFC-3156. In fact it is better to not use the combined method but do signing and encryption at the MIME level; which makes it trivial to strip the encryption layer. Salam-Shalom, Werner -- Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz. signature.asc Description: PGP signature ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Detaching signature from signed object
eThinking about this further, is there any to use the details from "--list-packets" in order to extract the signature. For example, the output from the signing below produces:- >C:\>gpg --list-packets R:\Temp\signedfile.asc ># off=0 ctb=a3 tag=8 hlen=1 plen=0 indeterminate >:compressed packet: algo=1 ># off=2 ctb=90 tag=4 hlen=2 plen=13 >:onepass_sig packet: keyid DC00AF5F572550CB >version 3, sigclass 0x00, digest 8, pubkey 22, last=1 ># off=17 ctb=ac tag=11 hlen=2 plen=55 >:literal data packet: >mode b (62), created 1624466686, name="inputfile.txt", >raw data: 36 bytes ># off=74 ctb=88 tag=2 hlen=2 plen=117 >:signature packet: algo 22, keyid DC00AF5F572550CB >version 4, created 1624466686, md5len 0, sigclass 0x00 >digest algo 8, begin of digest dc 7e >hashed subpkt 33 len 21 (issuer fpr v4 > 1797615E1E1CA3357FD23365DC00AF5F572550CB) >hashed subpkt 2 len 4 (sig created 2021-06-23) >subpkt 16 len 8 (issuer key ID DC00AF5F572550CB) >data: [256 bits] >data: [256 bits] Would the:- ># off=74 ctb=88 tag=2 hlen=2 plen=117 provide enough inforation to extract the signature? Does it vary depending upon whether the signature is ASCII armored? Or am I barking up the wrong tree??? Best wishes, Matthew -- >From: Matthew Richardson via Gnupg-users >To: gnupg-users@gnupg.org >Cc: >Date: Sun, 20 Jun 2021 17:52:53 +0100 >Subject: Detaching signature from signed object >Is there any way in GnuPG to detach (or extract) a signature from a signed >object? For example, a signed object is created with:- > >>gpg --armor --output signedfile.asc --sign inputfile.txt > >where what is wanted is a detached signature which would verify against >inputfile.txt. > >This feature is in PGP 2:- > >>pgp -sa inputfile.txt -o signedfile.asc >>pgp -b signedfile.asc -o verified.txt > >which also produces verified.pgp as the detached signature. The feature is >described (briefly) in the PGP 2 documentation thus:- > >>To detach a signature certificate from a signed message: >> pgp -b ciphertextfile > >The reason for asking is that I operate a service [1], which currently used >PGP 2, and which would benefit from more recent crypto, but which also uses >"pgp -b" extensively. > >Best wishes, >Matthew > >[1] http://www.itconsult.co.uk/stamper.htm ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Detaching signature from signed object
On 6/20/2021 at 2:13 PM, "Matthew Richardson via Gnupg-users" wrote:Is there any way in GnuPG to detach (or extract) a signature from a signed object? For example, a signed object is created with:- >gpg --armor --output signedfile.asc --sign inputfile.txt where what is wanted is a detached signature which would verify against inputfile.txt. This feature is in PGP 2:- >pgp -sa inputfile.txt -o signedfile.asc >pgp -b signedfile.asc -o verified.txt which also produces verified.pgp as the detached signature. The feature is described (briefly) in the PGP 2 documentation thus:- >To detach a signature certificate from a signed message: > pgp -b ciphertextfile = Don't know how to do this in GnuPG. Cannot be done in the PGP commandlines later than 2.x with the -b command. Using the -b command in later PGP commandline versions, just decrypts, but does not save the signature. There is a program that can do this for DH keys, using the -b command but only when encrypted with AES or 3DES: Filecrypt https://m.majorgeeks.com/files/details/filecrypt.html (n.b I have NOT used 'this' version, but I did use the original Filecrypt when it first came out , to successfully use the -b command): https://www.angelfire.com/pr/pgpf/fcs.html The developer of Filecrypt is accessible in a link when downloading the Filecrypt on the majorgeeks site mentioned above. You might consider discussing a version of Filecrypt with him for your detached signature use. vedaal ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Detaching signature from signed object
On Sun, 20 Jun 2021 18:22:53 +, ?? ?? via Gnupg-users wrote:- >12021/04/10 05:36.72 ?, Matthew Richardson via Gnupg-users > ??: >> Is there any way in GnuPG to detach (or extract) a signature from a signed >> object? For example, a signed object is created with:- >> >> >gpg --armor --output signedfile.asc --sign inputfile.txt >> >> where what is wanted is a detached signature which would verify against >> inputfile.txt. >> >> This feature is in PGP 2:- >> >> >pgp -sa inputfile.txt -o signedfile.asc >> >pgp -b signedfile.asc -o verified.txt >> >> which also produces verified.pgp as the detached signature. The feature is >> described (briefly) in the PGP 2 documentation thus:- >> >> >To detach a signature certificate from a signed message: >> > pgp -b ciphertextfile >> >> The reason for asking is that I operate a service [1], which currently used >> PGP 2, and which would benefit from more recent crypto, but which also uses >> "pgp -b" extensively. >> >> Best wishes, >> Matthew >> [1] http://www.itconsult.co.uk/stamper.htm > >I believe you're looking for the -sb option, which creates a detached >signature. Unless I have misunderstood (and please correct me if I have), "-sb" SIGNS producing a detached signature, whereas I am wanting to detach an EXISTING signature from an already signed object. Best wishes, Matthew ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Detaching signature from signed object
12021/04/10 05:36.72 ನಲ್ಲಿ, Matthew Richardson via Gnupg-users ಬರೆದರು: > Is there any way in GnuPG to detach (or extract) a signature from a signed > object? For example, a signed object is created with:- > > >gpg --armor --output signedfile.asc --sign inputfile.txt > > where what is wanted is a detached signature which would verify against > inputfile.txt. > > This feature is in PGP 2:- > > >pgp -sa inputfile.txt -o signedfile.asc > >pgp -b signedfile.asc -o verified.txt > > which also produces verified.pgp as the detached signature. The feature is > described (briefly) in the PGP 2 documentation thus:- > > >To detach a signature certificate from a signed message: > > pgp -b ciphertextfile > > The reason for asking is that I operate a service [1], which currently used > PGP 2, and which would benefit from more recent crypto, but which also uses > "pgp -b" extensively. > > Best wishes, > Matthew > > [1] http://www.itconsult.co.uk/stamper.htm > > ___ > Gnupg-users mailing list > Gnupg-users@gnupg.org > http://lists.gnupg.org/mailman/listinfo/gnupg-users I believe you're looking for the -sb option, which creates a detached signature. HTH! - Chiraag -- ಚಿರಾಗ್ ನಟರಾಜ್ Pronouns: he/him/his publickey - mailinglist@chiraag.me - b0c8d720.asc Description: application/pgp-keys signature.asc Description: OpenPGP digital signature ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Detaching signature from signed object
Is there any way in GnuPG to detach (or extract) a signature from a signed object? For example, a signed object is created with:- >gpg --armor --output signedfile.asc --sign inputfile.txt where what is wanted is a detached signature which would verify against inputfile.txt. This feature is in PGP 2:- >pgp -sa inputfile.txt -o signedfile.asc >pgp -b signedfile.asc -o verified.txt which also produces verified.pgp as the detached signature. The feature is described (briefly) in the PGP 2 documentation thus:- >To detach a signature certificate from a signed message: > pgp -b ciphertextfile The reason for asking is that I operate a service [1], which currently used PGP 2, and which would benefit from more recent crypto, but which also uses "pgp -b" extensively. Best wishes, Matthew [1] http://www.itconsult.co.uk/stamper.htm ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users