Lindsay Mathieson, <lindsay(_at_)powerup(_dot_)com(_dot_)au>, writes, quoting
Hal Finney:
Could you explain how the following detached signature would be
encoded using RFC1847/RFC2015? Would you use multipart/signed or
multipart/encrypted?
multipart/signed, with no encoding for clear text. For opaque signing we
could either encode it with base64 or sign & encrypt.
This is not what I meant by a detached signature. PGP supports the
concept of a signature which can be sent around independently of the data
it signs. For example, I could request that someone send me a signature
on some data I received earlier. They could create a signature on the
data and send it to me, without having to re-send the data itself.
I gave an example of a detached signature in my earlier message:
-----BEGIN PGP SIGNATURE-----
Version: PGP for Personal Privacy 5.0
iQA/AwUBNH5DH7qVexb8FGk/EQKTagCg9NwSygbmXdVts7NbIyPkaX9p65QAn2Lu
DTwZos6GWUDnplXYbZXolxLY
=hgt3
-----END PGP SIGNATURE-----
This signature could potentially sign a very large amount of data which
we would not necessarily want to send along with the signature.
Hal Finney
hal(_at_)pgp(_dot_)com