How to merge several detached signatures from different people into one?

Posted by Petr Pudlák on Super User See other posts from Super User or by Petr Pudlák
Published on 2014-08-24T09:44:19Z Indexed on 2014/08/24 10:22 UTC
Read the original article Hit count: 226

Filed under:
|
|

A group of people wants to publish a file and they all want to digitally sign the file as different recipients of the file will have different chains of trust. For simplicity, it's desired that there is only one detached signature file with all the signatures, so that the recipients don't need to check them one by one:

foo.tar.gz
foo.tar.gz.sig

However, for security reasons, every person needs to perform the signing on their computer, it's not possible to create the combined signature by having multiple private keys on one computer and performing the operation with one command.

Is it possible with GPG to somehow merge detached signatures of a file from multiple participants?

© Super User or respective owner

Related posts about security

Related posts about gnupg

  • GnuPG PHP gnupg Folder & Files Permission

    as seen on Super User - Search for 'Super User'
    Situation: we plan on using PHP's GnuPG extension to encrypt/decrypt files. Currently we've setup some test cases, using keys generated with GPG. The generated files reside in: /Users/username/.gnupg/ I am able to get keyinfo for the key I want to use to encrypt/decrypt, but when I attempt to… >>> More

  • gnupg make failure

    as seen on Ask Ubuntu - Search for 'Ask Ubuntu'
    I got errors as below when tried to make gnupg 2.0.19 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ compress.o: In function `init_uncompress': /home/steve/Desktop/gnupg-2.0.19/g10/compress.c:147: undefined reference to `inflateInit_' compress.o: In function `do_uncompress': /home/steve/Desktop/gnupg-2… >>> More

  • GnuPG + Webservice + ASP.NET

    as seen on Stack Overflow - Search for 'Stack Overflow'
    Hi! I'm exhausted. I have installed GnuPG and exported secret key, and two public keys (my own and one of my client) from another instance of GnuPG. I try to configure 'my encrypting/decrypting' method on the local machine. When I run encrypting method from a little console application it works… >>> More

  • PHP/GnuPG Decryption -- Syntax error?

    as seen on Stack Overflow - Search for 'Stack Overflow'
    I'm using php to invoke gpg, but I'm getting a pipe error. I thought that if I read in the password from a file, I could then pipe it to the command itself? But, I keep getting: Syntax error: "|" unexpected Here's the code: (Note: The files are being iterated over in a foreach loop...) foreach($files… >>> More

  • GnuPG Command Line - Verifying KeePass Signature

    as seen on Super User - Search for 'Super User'
    I'm trying to verify the PGP Signature of the latest version of KeePass 2.14's setup file against this signature, but this is the output I receive: C:\Program Files (x86)\GNU\GnuPG>gpg.exe --verify C:\Users\User\Desktop\KeePass-2.14-Setup.exe gpg: no valid OpenPGP data found. gpg: the signature… >>> More