[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: gnupg signing

As I understood it from the NM pages, you have to sign the files (ie
gpg --sign --armor id.jpg) because it says it is unacceptable just to sign
the message. You would then only have to sign the message and not worry
about the files, which you could attatch self-signed (it'd be id.jpg.gpg)
and can be extracted with just gpg id.jpg.gpg. I'm not sure this is what the
page intends, but it seems logical.


----- Original Message -----
From: "Stefan Alfredsson" <stefan@alfredsson.org>
To: "Britton" <fsblk@aurora.uaf.edu>
Cc: <debian-mentors@lists.debian.org>
Sent: Monday, July 31, 2000 9:30 AM
Subject: Re: gnupg signing

> This might be somewhat inconvenient, but how about including MD5 sums
> of the attachments in the body of the message, which is then signed?
> (i.e. md5sums *.jpg  + cutnpaste)
> But since you will do a lot of signing in the future, I'd suggest
> using a mailer that handles gpg, as the others have suggested :)
> Quoting Britton <fsblk@aurora.uaf.edu>:
> >
> > see any gpg options to mh, and if I include my scanned identification as
> > an attachment, then it will not count as input to the hash of the
> Regards,
>  Stefan

Reply to: