Am Mi 11.07.2012, 13:57:58 schrieb David Shaw: > For signing, it's not as simple - for example, there is > no explicit recipient (and therefore no preference list) when signing > without encrypting, such as is done on a mailing list.
Is there any reason why known recipients should not be considered when signing only? I just noticed that gpg issues a warning if a recipient is given when signing only. But instead the public key could be used for hash selection. To avoid ambiguity this could fail if for any of the recipients the keys is missing. The calling application could check in advance which recipients have a key locally and only give those as recipients for the signing operation. As this is already done for encrypted signatures the required code should already be there. Hauke -- PGP: D44C 6A5B 71B0 427C CED3 025C BD7D 6D27 ECCB 5814
signature.asc
Description: This is a digitally signed message part.
_______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users