3. Are multiple signatures allowed similar to multiple recipient keys?
(The spec is at work and I am not right now) E.g. 1psig(k1) 1psig(k2)...
signed text ... sig(k1) sig(k2) ... And would the order be important?
I read about the nested signature bits. Which presents a problem.
if I have
1psig(k1,nest),1psig(k2,nonest),literal,sig(k1),sig(k2)
And I want to alter the text, I can get:
1psig(k1,nonest),1psig(k2,nonest),literal,sig(k1),sig(k2)
where I alter the second 1psig until my altered literal has the same hash
value.
But to isolate the problem: I didn't see any clear definition of what a
data signature packet is supposed to be hashing. I would think "only the
immediately preceeding compressed, literal, or encrypted data packet" with
a note that multiple signature packets must be concatenated.
For example, a message of the form: (literal)(literal)(signature) - what
would the hash for the signature be over? Both literal packets or just
the final one?
I would also prefer ignoring the nest/nonest octet; any signature packet
to be signed can be encapsulated in a literal packet. The 1-pass sig
packets would then fire up the hash algorithms (optionally only if the
corresponding keyids were available) as a convienience for any signature
packet that would happen to occur after the literal.
--- reply to tzeruch - at - ceddec - dot - com ---