gnupg clearsigning question

David Shaw dshaw at jabberwocky.com
Thu Dec 28 06:30:43 CET 2006


On Wed, Dec 27, 2006 at 01:25:34PM -0500, vedaal at hush.com wrote:
> is it possible to construct a gnupg signature that is the same each 
> time
> for the same file (and same signing key and hash ) ?
> 
> would like to do something like this for use as a truecrypt keyfile:
> 
> the truecrypt volume is on a usb drive,
> the outer volume would contain the gnupg keyrings,
> the rest of the usb drive contains miscellenaous files,
> one of these is used for a keyfile for the outer volume,
> 
> now,
> what i would like to do,
> is clearsign one of the many textfiles on the usb,
> and use that clearsigned textfile as a keyfile for the hidden volume
> 
> 
> the problem is,
> that this changes each time it is signed ;-(((
> 
> is the only reason it changes because of the timestamp?
> (and then would just resetting the computer clock to time time of 
> the original signing work?
> assuming it would be set to a minute or so before, and signed 
> repeatedly until the timestamp was right to the second)
> 
> if the timestamp is the only thing making the signature different,
> would it be possible to request a feature option where the 
> timestamp is omitted?
> (this wouldn't affect open-pgp compatibility)

DSA signatures contain random data, so even if you hacked around the
timestamp problem, the signature would not match.  RSA signatures do
not contain random data.

However, even if you managed to do this with an RSA key, why on earth
would you want to construct such a massively convoluted way, involving
hacking around the clock on your computer, just to generate a key that
would be not good as a simple file with random numbers in it would be?

Why create complications when the simple answer is both easier and
more secure?

David



More information about the Gnupg-users mailing list