[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [openpgp] Chunked OpenPGP streams


On Wed, 30 Dec 2015 at 14:01:46 +0100, Nils Durner wrote:
>> I wonder if chunked streams could make their way to RFC4880bis instead.
>> The verification mechanism (MDC or data signature) would be added to
>> each chunk using the intermediate hash value,
> I think this goes in the same direction that OAED or online
> authenticating cipher modes are being considered for - see the recording
> of the last IETF meeting at
> http://recs.conf.meetecho.com/Playout/watch.jsp?recording=IETF94_OPENPGP&chapter=chapter_1

Thanks for the pointer.  I think however that this could be useful for
detached sigs, too.  For instance assuming a remote tarball, a local
detached signature, and an OpenPGP implementation that would copy
*verified* data to the output File Descriptor, one could write

    ssh remote.example.org cat /path/to/backup |
    gpg --verify /path/to/backup.sig - |
    tar -x

without fear of race condition and without the inconvenience of creating
a temporary local file.


Attachment: signature.asc
Description: PGP signature

openpgp mailing list