Remote signing of large files

To: DEBIAN-USER <debian-user@lists.debian.org>
Subject: Remote signing of large files
From: "Magnus Therning" <magnus@therning.org>
Date: Thu, 4 Dec 2008 12:26:31 +0000
Message-id: <[🔎] e040b520812040426i32e6c288r44115d36ee5c918@mail.gmail.com>

At work I want to add signing to our automatic build system.  In
theory it's a simple application of `gpg` at the end of building to
get a detached signature would do, but I'm weary of sticking the
secret key on the build servers.  I'd feel a bit more safe if the
signing could be done on a separate server.  However, the built files
are large and I don't want to introduce a bottle neck by transfering
all files back and forth over the network.

So, my idea was to somehow separate the two steps that GnuPG performs
under the hood when signing, creating the message digest (hash) and
the signing of this message digest.  I've found `--print-md` which
looks promising, but there doesn't seem to be any `--sign-md`.

Any help and suggestions are welcome!

/M

-- 
Magnus Therning                        (OpenPGP: 0xAB4DFBA4)
magnus＠therning．org          Jabber: magnus＠therning．org
http://therning.org/magnus         identi.ca|twitter: magthe

Reply to:

Follow-Ups:
- Re: Remote signing of large files
  - From: Thomas Karpiniec <arctanx@arctanx.id.au>
- Re: Remote signing of large files
  - From: "Boyd Stephen Smith Jr." <bss03@volumehost.net>
- Re: Remote signing of large files
  - From: Osamu Aoki <osamu@debian.org>
- Re: Remote signing of large files
  - From: "Douglas A. Tutty" <dtutty@vianet.ca>

Prev by Date: Re: strange system mail : what does this mean ?
Next by Date: Re: Remote signing of large files
Previous by thread: Re: strange system mail : what does this mean ?
Next by thread: Re: Remote signing of large files
Index(es):
- Date
- Thread