You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
My question is could I seperate the hash logic out of sign function and hardcode the real hash algorithm back into Signature packet? the whole process would be like:
file -> read binary-> perform specified hash algorithm -> digest ->http request from client to server-> pgp sign with none algorithm -> construct signature packet with hash algorithm used in step2.
The text was updated successfully, but these errors were encountered:
@dignifiedquire if we could hashing the object at the client side , there would be no need to transfer the whole object to server which is our case specifically.
"The concatenation of the data being signed and the signature data from the version number through the hashed subpacket data (inclusive) is hashed. The resulting hash value is what is signed."
This means you can't calculate a regular hash (like sha256) of a file on a client, and send that hash to a "PGP signing service" to receive an OpenPGP signature. There are two possible designs you could consider:
The client needs to calculate a hash that includes the OpenPGP framing - which would require the client-side software to have deep knowledge of OpenPGP
The client could generate a small text file (e.g. a list of filenames followed by hashes, in text format), this type of file could be pgp-signed by a service
Background:
We use pgp for remote sign of binaries(all of the sign operation will be performed at server side)
Now when using pgp crate for binary sign, the functional code would be like:
My question is could I seperate the hash logic out of sign function and hardcode the real hash algorithm back into Signature packet? the whole process would be like:
The text was updated successfully, but these errors were encountered: