2
1
Let's say I have a multi-gigabyte file on a work computer, and (2) I have my private GnuPG key on my home computer. I want to sign the really big file with my private key.
I trust my home computer completely.
I trust the work computer to certain degree, I trust that there is no malicious code running on it at the moment, I trust there is no one fiddling with the hashing functions, and I trust the network connection between work and home is secure and un-altered. What I do not want to do is save my very valuable private key on the work computer, not even temporarily.
I also do not want to spend 4 hours transmitting the really big file over the internet from work to home. What is the minimum amount of data I need to send between the work and home computers in order to sign the file with my private key?
What I'm trying to figure out is if all PGP does is sign the hash of the file, is it possible for me to hash the file on the work computer, and then send the hash (along with any other required metadata) to the home computer to be signed, transparently, as if I actually had the file in hand?
SSH has agent forwarding features. Is there a similar feature already in GnuPG, or would I need to modify the source code if I wanted to create something like this?
IQAndreas
Posted 2015-10-16T19:56:10.897
Reputation: 2 317
Only the private key can sign the file. So if your not willing to transfer the file to the environment with the private key and your not willing to transfer the private key to the environment with the file you have no other options. – Ramhound – 2015-10-16T20:04:02.503
@Ramhound No, the private key signs the hash of the file (which is comparably tiny), along with some other data, not the file itself. – IQAndreas – 2015-10-16T20:04:52.453
You literally used the words "i want to sign the really big file with my private key" I am sure you are right. I appreciate your feedback and will take it into consideration in the future. – Ramhound – 2015-10-16T20:18:14.397