Re: Multiple signatures on a single file
Alphax wrote: -BEGIN PGP SIGNED MESSAGE- Hash: RIPEMD160 Berend Tober wrote: Is it possible to have multiple persons sign a single file? If so, how is this done? The particular scenario is currently this: Employees submit expense reports for business travel using a spread sheet. Current practise is the the employee fills out spread sheet via computer (or optionally prints blank spread sheet template and writes by hand with a pen), physically signs using pen and ink, physically delivers signed hardcopy to supervisor for supervisor pen-and-ink signature prior to payment processing. Desired practise is to eliminate both producing hard copy and pen-and-ink signatures, and then re-work the process using gpg electronic signatures. Thus, employee would enter data into expense report spread sheet, save, gpg sign, mail to supervisor, supervisor would (presumably) open and review spread sheet, close without changing, gpg sign, and then return to employee or forward to accounting dept. Sounds straightforward, but I didn't spot in the various manuals/guides/how-to's for gnupg how a second individual could add their signature after me. Use detached signatures? Generate a key to sign the document with, and have that key signed by the supervisor? What I don't like about doing that explicitly is that every additional signature, at least in the default operational mode, appends an additional ".sig" file extension. Further more, the signatures are wrapped withing one another, so that to verification would require serial verification of each preceding outer layer signature. What I've been refining during the last couple days uses a command line script to append additional detached signatures into a single signature file. This approach models more directly the co-signature concept of legacy contracts, i.e., think of buying a house -- you and you spouse are co-signators rather than having one sign the contract and the other sign the others signature. What you suggested models the concept of a notary public witnessing a signature, but that we already have by signing public keys in the trust model. ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Multiple signatures on a single file
Is it possible to have multiple persons sign a single file? If so, how is this done? The particular scenario is currently this: Employees submit expense reports for business travel using a spread sheet. Current practise is the the employee fills out spread sheet via computer (or optionally prints blank spread sheet template and writes by hand with a pen), physically signs using pen and ink, physically delivers signed hardcopy to supervisor for supervisor pen-and-ink signature prior to payment processing. Desired practise is to eliminate both producing hard copy and pen-and-ink signatures, and then re-work the process using gpg electronic signatures. Thus, employee would enter data into expense report spread sheet, save, gpg sign, mail to supervisor, supervisor would (presumably) open and review spread sheet, close without changing, gpg sign, and then return to employee or forward to accounting dept. Sounds straightforward, but I didn't spot in the various manuals/guides/how-to's for gnupg how a second individual could add their signature after me. -- BMT ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Multiple signatures on a single file
-BEGIN PGP SIGNED MESSAGE- Hash: RIPEMD160 Berend Tober wrote: > Is it possible to have multiple persons sign a single file? If so, how > is this done? > > The particular scenario is currently this: Employees submit expense > reports for business travel using a spread sheet. Current practise is > the the employee fills out spread sheet via computer (or optionally > prints blank spread sheet template and writes by hand with a pen), > physically signs using pen and ink, physically delivers signed hardcopy > to supervisor for supervisor pen-and-ink signature prior to payment > processing. > > Desired practise is to eliminate both producing hard copy and > pen-and-ink signatures, and then re-work the process using gpg > electronic signatures. Thus, employee would enter data into expense > report spread sheet, save, gpg sign, mail to supervisor, supervisor > would (presumably) open and review spread sheet, close without changing, > gpg sign, and then return to employee or forward to accounting dept. > > Sounds straightforward, but I didn't spot in the various > manuals/guides/how-to's for gnupg how a second individual could add > their signature after me. > Use detached signatures? Generate a key to sign the document with, and have that key signed by the supervisor? Just my 2c... - -- Alphax | /"\ Encrypted Email Preferred | \ / ASCII Ribbon Campaign OpenPGP key ID: 0xF874C613 |X Against HTML email & vCards http://tinyurl.com/cc9up| / \ -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.2 (MingW32) Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org iD8DBQFDGRke/RxM5Ph0xhMRA53ZAJ4jpjIAJ8nqCr/xgVBRbO1IUfK3PQCeMYTy I6huYlEG2z2zt1cc1pPqTNE= =6zNZ -END PGP SIGNATURE- ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Multiple signatures on a single file
Is it possible to have multiple persons sign a single file? If so, how is this done? The particular scenario is currently this: Employees submit expense reports for business travel using a spread sheet. Current practise is the the employee fills out spread sheet via computer (or optionally prints blank spread sheet template and writes by hand with a pen), physically signs using pen and ink, physically delivers signed hardcopy to supervisor for supervisor pen-and-ink signature prior to payment processing. Desired practise is to eliminate both producing hard copy and pen-and-ink signatures, and then re-work the process using gpg electronic signatures. Thus, employee would enter data into expense report spread sheet, save, gpg sign, mail to supervisor, supervisor would (presumably) open and review spread sheet, close without changing, gpg sign, and then return to employee or forward to accounting dept. Sounds straightforward, but I didn't spot in the various manuals/guides/how-to's for gnupg how a second individual could add their signature after me. -- BMT ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
