On Wed, May 14, 2025 at 11:56 PM Chris DeYoung <[email protected]> wrote: > > > > Artifacts that must be signed are produced on M which is capable of > > calculating hashes (e.g. SHA-256 hashes). H has the ability to read > > these hashes but cannot access the artifacts. > > How does H know that the hash is valid? H could just sign the hash if it > trusts what M generates, but it isn't obvious to me how that's more > secure than just having M sign it.
You're right. If M or the input of M is compromized then H will possibly sign compromized artifacts. The security of the complete process is limited by M. The purpose of H is solely to limit access to the private signature key. M signing the artifacts by itself would require the key to float around. _______________________________________________ Gnupg-users mailing list [email protected] https://lists.gnupg.org/mailman/listinfo/gnupg-users
