Multiple signatures
Doug Barton
dougb at dougbarton.us
Tue Oct 4 00:11:10 CEST 2011
On 10/03/2011 14:39, Aaron Toponce wrote:
> On Mon, Oct 03, 2011 at 07:49:21PM +0200, pet jemen wrote:
>> I want to sign binary data in OpenPGP Message Format.
>> I want sign it by two or more keys.
>> According to http://tools.ietf.org/html/rfc4880#section-5.4 it seems it is
>> possible.
>> (A one-octet number holding a flag showing whether the signature is
>> nested. A zero value indicates that the next packet is another One-Pass
>> Signature packet that describes another signature to be applied to the same
>> message data.)
>>
>> I'd like to use gpg from command-line to sign an input file by two keys.
>> I tried to sign it by:
>> gpg2.exe --quiet --yes --force-v3-sigs -z 0 -u "test1 (test1) <
>> test1 at test1.org>" -o %1.signed --sign %1
>> gpg2.exe --quiet --yes --force-v3-sigs -z 0 -u "test2 (test2) <
>> test2 at test2.org>" -o %1.signed2 --sign %1.signed
>>
>> But the second signature signed the first one also with the first signature.
>> I need to sign it in way were I can verify signature of signed data by both
>> keys (the last octet of One-Pass Signature Packets (Tag 4) packet should be
>> equal to zero).
>
> You should use detached signatures:
>
> $ gpg -b -u $KEYID1 file.txt > sig1.gpg
> $ gpg -b -u $KEYID2 file.txt > sig2.gpg
>
> At this point, just concatenate the two detached sigs:
>
> $ cat sig1.gpg sig2.gpg > signatures.gpg
Wouldn't it be easier to just use >>
:)
Doug
--
Nothin' ever doesn't change, but nothin' changes much.
-- OK Go
Breadth of IT experience, and depth of knowledge in the DNS.
Yours for the right price. :) http://SupersetSolutions.com/
More information about the Gnupg-users
mailing list