[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Lack of PGP signatures
>It is not possible to clear-sign binaries with PGP. The point of clear-
>signing
>is to have signed text that is readable to people who don't have the
>software
>necessary to process the text. It would make sense to clearsign a file
that
>is base64'ed or uuencoded, which wouldn't alter the contents of the file.
I
>can't see how such an option would be harmful, except that it might lose
>some
>characters that are important to the context of the message.
>
Mark,
Of course you can use pgp to sign binaries. How else did the pgp binary
itself get signed? You can either sign it in a separate file, or in the
same file. PGP sorts it out for you.
What do you use it for? Same reasons you sign text. "I signed this file"
means that you vouch for it in some undefined way (maybe I wrote and
compiled it, or somesuch).
Clay
***************************************************************************
Clay Olbon II * [email protected]
Systems Engineer * PGP262 public key on web page
Dynetics, Inc. * http://www.msen.com/~olbon/olbon.html
***************************************************************** TANSTAAFL