Obtain a signature ID with only a sig file?
Is there a way to obtain the signature ID from a detached sig file without the signed file? I haven't been able to get anything out of gpg without both files present. ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Obtain a signature ID with only a sig file?
Jeff Hanson jhansonxi at gmail.com wrote on Tue Jan 1 23:39:58 CET 2013 : >Is there a way to obtain the signature ID from a detached sig file without the signed file? - It can be done by using gpg --list-packets 'detached sig filename' Here is what happens on my system by doing the above for a detached signature file, when only the signature file is present, and the file signed is not: $ gpg --list-packets /cygdrive/c/users/vedaal/'My Documents'/km1.pdf.gpg :compressed packet: algo=1 :onepass_sig packet: keyid A306C37B495CA15B version 3, sigclass 0x00, digest 8, pubkey 1, last=1 :literal data packet: mode b (62), created 1357154353, name="KM1.pdf", raw data: 24689 bytes :signature packet: algo 1, keyid A306C37B495CA15B version 4, created 1357154353, md5len 0, sigclass 0x00 digest algo 8, begin of digest 88 48 hashed subpkt 2 len 4 (sig created 2013-01-02) subpkt 16 len 8 (issuer key ID A306C37B495CA15B) data: [2048 bits] vedaal ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Obtain a signature ID with only a sig file?
On 01/01/2013 05:39 PM, Jeff Hanson wrote: > Is there a way to obtain the signature ID from a detached sig file without > the signed file? I haven't been able to get anything out of gpg without > both files present. If you're talking about the "SIG_ID", then i don't think that's possible. According to the DETAILS file (/usr/share/doc/gnupg/DETAILS.gz on debian-ish systems): >> SIG_ID >> This is emitted only for signatures of class 0 or 1 which >> have been verified okay. The string is a signature id >> and may be used in applications to detect replay attacks >> of signed messages. Note that only DLP algorithms give >> unique ids - others may yield duplicated ones when they >> have been created in the same second. >> >> Note, that SIG-TIMESTAMP may either be a number with seconds >> since epoch or an ISO 8601 string which can be detected by the >> presence of the letter 'T' inside. And you can't have a signature that's "verified okay" if you don't have the data that was signed, since the OpenPGP signature block doesn't contain the digested data itself (v3 data signatures contain the two leftmost octets of the digest, but that's certainly not enough to calculate the SIG_ID). Regards, --dkg signature.asc Description: OpenPGP digital signature ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Obtain a signature ID with only a sig file?
On 01/02/2013 02:32 PM, ved...@nym.hush.com wrote: > Jeff Hanson jhansonxi at gmail.com wrote on > Tue Jan 1 23:39:58 CET 2013 : > >> Is there a way to obtain the signature ID from a detached sig file without > the signed file? > > - > > It can be done by using gpg --list-packets 'detached sig filename' this does not produce the sig id. it produces the key ID of the issuer of the signature, which is a different thing. regards, --dkg signature.asc Description: OpenPGP digital signature ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
