Re: Multiple signatures
On 10/03/2011 14:39, Aaron Toponce wrote: > On Mon, Oct 03, 2011 at 07:49:21PM +0200, pet jemen wrote: >> I want to sign binary data in OpenPGP Message Format. >> I want sign it by two or more keys. >> According to http://tools.ietf.org/html/rfc4880#section-5.4 it seems it is >> possible. >> (A one-octet number holding a flag showing whether the signature is >> nested. A zero value indicates that the next packet is another One-Pass >> Signature packet that describes another signature to be applied to the same >> message data.) >> >> I'd like to use gpg from command-line to sign an input file by two keys. >> I tried to sign it by: >>gpg2.exe --quiet --yes --force-v3-sigs -z 0 -u "test1 (test1) < >> te...@test1.org>" -o %1.signed --sign %1 >>gpg2.exe --quiet --yes --force-v3-sigs -z 0 -u "test2 (test2) < >> te...@test2.org>" -o %1.signed2 --sign %1.signed >> >> But the second signature signed the first one also with the first signature. >> I need to sign it in way were I can verify signature of signed data by both >> keys (the last octet of One-Pass Signature Packets (Tag 4) packet should be >> equal to zero). > > You should use detached signatures: > > $ gpg -b -u $KEYID1 file.txt > sig1.gpg > $ gpg -b -u $KEYID2 file.txt > sig2.gpg > > At this point, just concatenate the two detached sigs: > > $ cat sig1.gpg sig2.gpg > signatures.gpg Wouldn't it be easier to just use >> :) Doug -- Nothin' ever doesn't change, but nothin' changes much. -- OK Go Breadth of IT experience, and depth of knowledge in the DNS. Yours for the right price. :) http://SupersetSolutions.com/ ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
rfc 4880 // armor headers and footers
Rfc 4880 section 6.2 ( http://tools.ietf.org/html/rfc4880#section-6 ) lists the following header as one of the acceptable ones: BEGIN PGP MESSAGE, PART X/Y (It assumes - before BEGIN and after Y) GnuPG doesn't recognize this, and gives an error message of: $ gpg /cygdrive/c/hflt3dCH.txt.asc gpg: WARNING: using insecure memory! gpg: please see http://www.gnupg.org/faq.html for more information gpg: no valid OpenPGP data found. gpg: processing message failed: eof It does this even when the message is a simple unsplit symmetric message, with only the header and footer changed. here is the file: -BEGIN PGP MESSAGE, PART 1/2- Version: GnuPG v1.4.11 (Cygwin) Comment: passphrase = sss jA0EAgMIUjoRauj6Ll9gyS0XpeAXFWQEVfkClC8b7e1YDMpyZsXpa+Hm+N8DZMOd 90PmxTwGso5sgWm+TNw= =kYAM -END PGP MESSAGE, PART 1/2- (It decrypts as expected when changing the header and footer back to the standard one). This PART X/Y header is used for pgp commandlines 2.x - 6.x (maybe even current pgp, I don't know, lost my copy of 8.x, and only have 2.x and 6.x) when wanting to break up a long armored message and send it out as parts. Have played around with this, and have managed to send out an armored symmetrically encrypted PGP message of a 500mb truecrypt container file using gmail. Disastry's pgp2.x symmetrically encrypted it and split it into 99 parts each of about 110 k lines, and gave a suffix to each part, (.a01 .a02, ... , .ao99), and after copying each into the same folder, successfully restored and decrypted it, with only a simple command: pgp -filename.a01 (After the correct passphrase for the symmetric encryption was given, it concatenated, decrypted, and restored the original truecrypt container.) Nowadays, with larger e-mail storage, and when people don't trust the 'cloud' for file storage, it might be useful to have gnupg sign, encrypt, armor, and split large files, send them through e- mail, and then decrypt, verify and restore them. just a thought for a 'feature request' of being able to split and reconstitute large files... Thanks, vedaal ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Multiple signatures
On Oct 3, 2011, at 1:49 PM, pet jemen wrote: > Hi, > > I want to sign binary data in OpenPGP Message Format. > I want sign it by two or more keys. > According to http://tools.ietf.org/html/rfc4880#section-5.4 it seems it is > possible. > (A one-octet number holding a flag showing whether the signature is nested. > A zero value indicates that the next packet is another One-Pass Signature > packet that describes another signature to be applied to the same message > data.) > > I'd like to use gpg from command-line to sign an input file by two keys. > I tried to sign it by: >gpg2.exe --quiet --yes --force-v3-sigs -z 0 -u "test1 (test1) > " -o %1.signed --sign %1 >gpg2.exe --quiet --yes --force-v3-sigs -z 0 -u "test2 (test2) > " -o %1.signed2 --sign %1.signed > > But the second signature signed the first one also with the first signature. > I need to sign it in way were I can verify signature of signed data by both > keys (the last octet of One-Pass Signature Packets (Tag 4) packet should be > equal to zero). Just repeat -u as many times as you need: gpg -u the-first-key -u the-second-key -u the-third-key -u etc --sign thefile David ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Multiple signatures
Hi, I want to sign binary data in OpenPGP Message Format. I want sign it by two or more keys. According to http://tools.ietf.org/html/rfc4880#section-5.4 it seems it is possible. (A one-octet number holding a flag showing whether the signature is nested. A zero value indicates that the next packet is another One-Pass Signature packet that describes another signature to be applied to the same message data.) I'd like to use gpg from command-line to sign an input file by two keys. I tried to sign it by: gpg2.exe --quiet --yes --force-v3-sigs -z 0 -u "test1 (test1) < te...@test1.org>" -o %1.signed --sign %1 gpg2.exe --quiet --yes --force-v3-sigs -z 0 -u "test2 (test2) < te...@test2.org>" -o %1.signed2 --sign %1.signed But the second signature signed the first one also with the first signature. I need to sign it in way were I can verify signature of signed data by both keys (the last octet of One-Pass Signature Packets (Tag 4) packet should be equal to zero). Any help how to achieve from pgp command line is welcome. Thanks. Pavol Misik ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: kernel.org status: establishing a PGP web of trust
On 10/2/2011 10:53 PM, Jerome Baum wrote: > What I don't get is, why didn't he just make his own food? He did, until he ran out of food. Then he was literally too paranoid to leave the house to buy groceries. Clinical paranoia is a brutal mental illness. ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: kernel.org status: establishing a PGP web of trust
On 2011-10-02 00:58, Aaron Toponce wrote: > On 10/01/2011 02:46 PM, Robert J. Hansen wrote: > That's not a healthy dose of paranoia. A healthy dose of paranoia in > that case would be washing your hands before you eat, or not eating > something off the floor. Starving yourself, because you think people are > tying to poison you is not healthy. "When his wife was hospitalized, Gödel literally starved himself to death, unwilling to eat anything not prepared by her." (http://www.webcitation.org/629GhJ129) What I don't get is, why didn't he just make his own food? -- Q: What is your secret word? A: That's right. Q: What's right? A: Yes. Q: Sir, you're going to have to tell me your secret word. A: What? Q: I said please tell me your secret word. A: What? Q: What's your secret word? A: Yes. Q: Sorry, "yes" is not your secret word. You have two more chances. A: I said what? Q: Yes. A: Right, so you admit I said it. Q: No, you said "yes." A: No, "what!" Q: When? A: When you asked for my secret word! Q: What? A: Yes! Q: I'm sorry, that's incorrect. You have one more chance to say your secret word. A: I'd like to speak to your supervisor. Q: Very well, I'll transfer you. His name is Hu. (http://boingboing.net/2010/05/03/fun-with-a-banks-sec.html) ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
