[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Remote signing of large files

At work I want to add signing to our automatic build system.  In
theory it's a simple application of `gpg` at the end of building to
get a detached signature would do, but I'm weary of sticking the
secret key on the build servers.  I'd feel a bit more safe if the
signing could be done on a separate server.  However, the built files
are large and I don't want to introduce a bottle neck by transfering
all files back and forth over the network.

So, my idea was to somehow separate the two steps that GnuPG performs
under the hood when signing, creating the message digest (hash) and
the signing of this message digest.  I've found `--print-md` which
looks promising, but there doesn't seem to be any `--sign-md`.

Any help and suggestions are welcome!


Magnus Therning                        (OpenPGP: 0xAB4DFBA4)
magnus@therning.org          Jabber: magnus@therning.org
http://therning.org/magnus         identi.ca|twitter: magthe

Reply to: