Boyd Stephen Smith Jr. wrote:
> Please don't CC me on replies, unless I request one. It is against debian-*
> list policy.
Sure, and ditto!
> On Friday 2008 December 05 15:49, you wrote:
>> Boyd Stephen Smith Jr. wrote:
>>> On Thursday 04 December 2008, "Magnus Therning" <magnus@therning.org>
>>> wrote
>>> about 'Remote signing of large files':
>>>> So, my idea was to somehow separate the two steps that GnuPG performs
>>>> under the hood when signing, creating the message digest (hash) and
>>>> the signing of this message digest. I've found `--print-md` which
>>>> looks promising, but there doesn't seem to be any `--sign-md`.
>>> A detached signature is, mathematically, the message digest run thorough
>>> the encrypt() function. [Encrypting with the private key allows anyone
>>> with the public key to decrypt to the digest "plaintext" which they can
>>> compare to a locally calculated message digest, thus verifying the
>>> signature. They can also be assured that the signature is from the owner
>>> of the private key, or that the private key has been compromised.]
>>>
>>> So, you might try --encrypt'ing the output of --print-md.
>> AFAIU it wouldn't work:
>>
>> 1. Encrypting is actually using a symmetric algorithm for the bulk of
>> the data and asymmetric crypto is only used to encrypt the symmetric
>> key. In any case I don't think I can get `--encrypt` to use the private
>> key.
>
> That's only true in active protocols with a handshake, e.g. SSL or TLS. The
> only reason active protocols do this is because symmetric ciphers are
> generally faster.
>
> For "offline" encryption, using an asymmetric keys directly works fine. If
> you encrypt something with gpg it uses the public key of the chosen recipient
> or their public subkey designated for encryption.
Please refer to section 2.1 of RFC2440 and you'll see the GnuPG indeed
does use a "session key" for symmetric encryption which is encrypted
with the public key and sent with the message. I imagine this helps a
lot when encrypting the same message for more than one recipient.
>> 2. AFAIU signing always signs a message digest, no matter what type of
>> data I stick in. So signing the output of `--print-md` wouldn't do
>> since verification would require a manual step.
>
> Um, sort of. sign(data, privkey) == encrypt(digest(data), privkey), by
> definition. So, you should be able to take the output of --print-md,
> then --encrypt it, specifying your private key. It's a bit more complex then
> that, because of data encoding issues, but it should be possible with the
> command-line tools. If not, it's definitely possible with some custom C
> code -- I forget what the C binding for gpg are called, but you'll probably
> need that and libgcrypt.
I don't see how I can do that using the command line options.
I don't see how I can get `--encrypt` to use the private key, and even
if I could then we get back to the problem with gpg encrypting using a
symmetric cipher as per the RFC.
The only way I can see of getting encryption with the private key is by
using `--sign` and that will _always_ sign a hash of the file and that
won't do since I then can't use _only_ gpg to verify the signature.
Sure, i can always resort to modify gpg or write a custom tool that
combines crypto primitives in a way that solves the problem I have. In
this case that's not an option though, due to other requirements
(backwards compatibility, etc) requires that I use only a standard,
non-modified GnuPG.
Cheers,
M
--
Magnus Therning (OpenPGP: 0xAB4DFBA4)
magnus@therning.org Jabber: magnus@therning.org
http://therning.org/magnus
Haskell is an even 'redder' pill than Lisp or Scheme.
-- PaulPotts
Attachment:
signature.asc
Description: OpenPGP digital signature