Hi Magnus, Magnus Therning wrote: > At work I want to add signing to our automatic build system. In > theory it's a simple application of `gpg` at the end of building to > get a detached signature would do, but I'm weary of sticking the > secret key on the build servers. I'd feel a bit more safe if the > signing could be done on a separate server. However, the built files > are large and I don't want to introduce a bottle neck by transfering > all files back and forth over the network. Would it be sufficiently secure to take an SHA1SUM or similar hash of the file on the remote side and sign that? Obviously that's not quite the same thing, but it would be a good deal faster and might meet your needs. Regards, Thomas
Attachment:
signature.asc
Description: OpenPGP digital signature