On Saturday, December 12, 2020 5:08:25 PM EST Steffen Nurpmeso wrote:
I'd rather have the same for OpenPGP, a signed message with the
public thing extractable embedded, then i at least know that the
signer had the private key for that public thing at hand.
I don't think it's standard but GnuPG enables this with the --include-key-
block and --auto-key-import pair of options:
--include-key-block
This option is used to embed the actual signing key into a
data signature. The embedded key is stripped down to a
single user id and includes only the signing subkey used to
create the signature as well as as valid encryption subkeys.
All other info is removed from the key to keep it and thus
the signature small. This option is the OpenPGP counterpart
to the gpgsm option --include-certs.
--auto-key-import
This is an offline mechanism to get a missing key for
signature verification and for later encryption to this key.
If this option is enabled and a signature includes an
embedded key, that key is used to verify the signature and
on verification success that key is imported. The default is
--no-auto-key-import.
On the sender (signing) site the option --include-key-block
needs to be used to put the public part of the signing key as
“Key Block subpacket” into the signature.
signature.asc
Description: This is a digitally signed message part.
_______________________________________________
openpgp mailing list
openpgp(_at_)ietf(_dot_)org
https://www.ietf.org/mailman/listinfo/openpgp