Next: , Previous: , Up: GPGSM Protocol   [Contents][Index]


5.6.3 Signing a Message

Signing is usually done with these commands:

  INPUT FD[=n] [--armor|--base64|--binary]

This tells GPGSM to read the data to sign from file descriptor n.

  OUTPUT FD[=m] [--armor|--base64]

Write the output to file descriptor m. If a detached signature is requested, only the signature is written.

  SIGN [--detached]

Sign the data set with the INPUT command and write it to the sink set by OUTPUT. With --detached, a detached signature is created (surprise).

The key used for signing is the default one or the one specified in the configuration file. To get finer control over the keys, it is possible to use the command

  SIGNER userID

to set the signer’s key. userID should be the internal representation of the key; the server may accept any other way of specification. If this is a valid and trusted recipient the server does respond with OK, otherwise the return is an ERR with the reason why the key cannot be used, the signature will then not be created using this key. If the policy is not to sign at all if not all keys are valid, the client has to take care of this. All SIGNER commands are cumulative until a RESET is done. Note that a SIGN does not reset this list of signers which is in contrast to the RECIPIENT command.