encrypting and signing for pgp2
Michael Roth
mroth@nessie.de
Mon, 12 Jul 1999 18:33:19 +0200 (MET DST)
On Mon, 12 Jul 1999, Werner Koch wrote:
> > Hmm, is it not enough to do the following?
> >
> > 1. Read all data from stdin and write it to a tempfile.
> > 2. Sign the tempfile.
>
> No, the signature will still be at the end. Execpt for the case of
> clear text signatures but those can't be transformed to a standard
> signed message
Hmm. I tried the following:
gpg --detach-sign -u test2 -o signature.gpg message
gpg --store -z 0 -o data.gpg message
cat signature.gpg data.gpg >result.gpg
It looks like that this work very well. However, I'm not able to compress
and/or encrypt the result correctly. Because GnuPG builds of course a
literal data packet. IMHO it would be nice, to have an option that gpg
doesn't build the literal data packet and just assumes that the input is a
valid rfc1991/OpenPGP packet.
With such an option I think it will become possible that pgpgpg or a
library is able to build every thinkable combination of packets.
cu
Michael Roth