Verifying multiple detached cleartext sig's
Werner Koch
wk@gnupg.org
Fri, 3 Sep 1999 21:23:25 +0200
"Todd L. Brooks" <todd.brooks@yale.edu> writes:
> Let's say you have a file which needs to be signed by multiple people. One
> thing to do is have each person create an individual detached cleartext
> signature, and then put all of them into one signature file.
>
> * In pgp6.5.1 if you verify such a file it will automatically verify all
> of these signatures.
I have not analyzed this yet. The reason may be that PGP5 does not
use the one-pass signature packets but gpg creates a faked one in
front of the cleartext and then later may not be aware, that you have
more than one signature. Not to be fixed in 1.0.0 but I give it a bug
number.
--
Werner Koch at guug.de www.gnupg.org keyid 621CC013