On 10.12.20 22:53, vedaal(_at_)nym(_dot_)hush(_dot_)com wrote:
On 12/10/2020 at 4:38 PM, "Kai Engert" <kaie(_at_)kuix(_dot_)de> wrote:
Possible, but slightly tedious:
[1] Export the public key as an asc file
[2] Add a line after the last line, saying that the key as well as
whatever is to be signed in the message is now being signed by the
signer's key (list name and long fingerprint
[3] Armor sign the entire thing (asc key file and extra line)
[4] Send the Armored signed message as the attachment instead of the
signature
Thanks for your suggestion.
This approach probably doesn't work for us. I should have clarified that
it's about PGP/MIME. I guess receiving agents aren't prepared to receive
a signed message in the place where they expect a signature. Also, IIUC,
the signature calculation would have to be different, it would have to
feed both the primary message and the secondary message (with the key)
into the signature calculation. It seems this won't be comaptible with
existing clients.
Thanks
Kai
_______________________________________________
openpgp mailing list
openpgp(_at_)ietf(_dot_)org
https://www.ietf.org/mailman/listinfo/openpgp