Can you use one key to authenticate another key automatically?

J. Scott Edwards j.scott.edwards.nwos at gmail.com
Tue Feb 14 03:18:30 CET 2006


I am working on an app that has hundreds of thousands of files stored
on a server.  I am planning to have an detached signature for each, to
insure that they are the originals when they are read by the client
app.

The question is, if there are multiple people creating the files, is
there a secure way to automatically verify that each one is authentic?
 For example, could there be one public signature that the user could
download.  And then when the app downloads a file and sees it was
signed by another user, the app automatically downloads that user's
public key, uses the master key to authenticate it.  Or is there a
gaping hole in this plan, that I am missing?  Is there a better way of
handling, say hundreds of signatures?

Thanks for advise
   -Scott



More information about the Gnupg-devel mailing list