Boyd Stephen Smith Jr. wrote: > Please don't CC me on replies, unless I request one. It is against debian-* > list policy. Sure, and ditto! > On Friday 2008 December 05 15:49, you wrote: >> Boyd Stephen Smith Jr. wrote: >>> On Thursday 04 December 2008, "Magnus Therning" <magnus@therning.org> >>> wrote >>> about 'Remote signing of large files': >>>> So, my idea was to somehow separate the two steps that GnuPG performs >>>> under the hood when signing, creating the message digest (hash) and >>>> the signing of this message digest. I've found `--print-md` which >>>> looks promising, but there doesn't seem to be any `--sign-md`. >>> A detached signature is, mathematically, the message digest run thorough >>> the encrypt() function. [Encrypting with the private key allows anyone >>> with the public key to decrypt to the digest "plaintext" which they can >>> compare to a locally calculated message digest, thus verifying the >>> signature. They can also be assured that the signature is from the owner >>> of the private key, or that the private key has been compromised.] >>> >>> So, you might try --encrypt'ing the output of --print-md. >> AFAIU it wouldn't work: >> >> 1. Encrypting is actually using a symmetric algorithm for the bulk of >> the data and asymmetric crypto is only used to encrypt the symmetric >> key. In any case I don't think I can get `--encrypt` to use the private >> key. > > That's only true in active protocols with a handshake, e.g. SSL or TLS. The > only reason active protocols do this is because symmetric ciphers are > generally faster. > > For "offline" encryption, using an asymmetric keys directly works fine. If > you encrypt something with gpg it uses the public key of the chosen recipient > or their public subkey designated for encryption. Please refer to section 2.1 of RFC2440 and you'll see the GnuPG indeed does use a "session key" for symmetric encryption which is encrypted with the public key and sent with the message. I imagine this helps a lot when encrypting the same message for more than one recipient. >> 2. AFAIU signing always signs a message digest, no matter what type of >> data I stick in. So signing the output of `--print-md` wouldn't do >> since verification would require a manual step. > > Um, sort of. sign(data, privkey) == encrypt(digest(data), privkey), by > definition. So, you should be able to take the output of --print-md, > then --encrypt it, specifying your private key. It's a bit more complex then > that, because of data encoding issues, but it should be possible with the > command-line tools. If not, it's definitely possible with some custom C > code -- I forget what the C binding for gpg are called, but you'll probably > need that and libgcrypt. I don't see how I can do that using the command line options. I don't see how I can get `--encrypt` to use the private key, and even if I could then we get back to the problem with gpg encrypting using a symmetric cipher as per the RFC. The only way I can see of getting encryption with the private key is by using `--sign` and that will _always_ sign a hash of the file and that won't do since I then can't use _only_ gpg to verify the signature. Sure, i can always resort to modify gpg or write a custom tool that combines crypto primitives in a way that solves the problem I have. In this case that's not an option though, due to other requirements (backwards compatibility, etc) requires that I use only a standard, non-modified GnuPG. Cheers, M -- Magnus Therning (OpenPGP: 0xAB4DFBA4) magnus@therning.org Jabber: magnus@therning.org http://therning.org/magnus Haskell is an even 'redder' pill than Lisp or Scheme. -- PaulPotts
Attachment:
signature.asc
Description: OpenPGP digital signature