Hello.
John Scott wrote in
<23083923.ouqheUzb2q@t450>:
|On Saturday, December 12, 2020 5:08:25 PM EST Steffen Nurpmeso wrote:
|> I'd rather have the same for OpenPGP, a signed message with the
|> public thing extractable embedded, then i at least know that the
|> signer had the private key for that public thing at hand.
|I don't think it's standard but GnuPG enables this with the --include-key-
|block and --auto-key-import pair of options:
|
|--include-key-block
|> This option is used to embed the actual signing key into a
|> data signature. The embedded key is stripped down to a
|> single user id and includes only the signing subkey used to
|> create the signature as well as as valid encryption subkeys.
|> All other info is removed from the key to keep it and thus
|> the signature small. This option is the OpenPGP counterpart
|> to the gpgsm option --include-certs.
|
|--auto-key-import
|> This is an offline mechanism to get a missing key for
|> signature verification and for later encryption to this key.
|> If this option is enabled and a signature includes an
|> embedded key, that key is used to verify the signature and
|> on verification success that key is imported. The default is
|> --no-auto-key-import.
|>
|> On the sender (signing) site the option --include-key-block
|> needs to be used to put the public part of the signing key as
|> “Key Block subpacket” into the signature.
Very interesting! I did not know that indeed, i am still with gpg
1.4 ;-), but gnupg 2.25 is standard in CRUX-Linux, too, so.
Yes, that is a very, very good thing then, in my opinion!
Begs the question, if i will implement OpenPGP support next year
(after the MIME rewrite that thing needs first), can i somehow
integrate this with email when using standard OpenPGP MIME format.
--steffen
|
|Der Kragenbaer, The moon bear,
|der holt sich munter he cheerfully and one by one
|einen nach dem anderen runter wa.ks himself off
|(By Robert Gernhardt)
_______________________________________________
openpgp mailing list
openpgp(_at_)ietf(_dot_)org
https://www.ietf.org/mailman/listinfo/openpgp