How to merge several detached signatures from different people into one?
Posted
by
Petr Pudlák
on Super User
See other posts from Super User
or by Petr Pudlák
Published on 2014-08-24T09:44:19Z
Indexed on
2014/08/24
10:22 UTC
Read the original article
Hit count: 226
A group of people wants to publish a file and they all want to digitally sign the file as different recipients of the file will have different chains of trust. For simplicity, it's desired that there is only one detached signature file with all the signatures, so that the recipients don't need to check them one by one:
foo.tar.gz
foo.tar.gz.sig
However, for security reasons, every person needs to perform the signing on their computer, it's not possible to create the combined signature by having multiple private keys on one computer and performing the operation with one command.
Is it possible with GPG to somehow merge detached signatures of a file from multiple participants?
© Super User or respective owner