manpagez: man pages & more
info gpgme
Home | html | info | man 

File: gpgme.info,  Node: UI Server Sign,  Next: UI Server Decrypt,  Prev: UI Server Encrypt,  Up: UI Server Protocol

A.2 UI Server: Sign a Message
=============================

The server needs to implement opaque signing as well as detached
signing.  Due to the nature of OpenPGP messages it is always required to
send the entire message to the server; sending just the hash is not
possible.  The following two commands are required to set the input and
output file descriptors:

 -- Command: INPUT FD=N
     Set the file descriptor for the message to be signed to N.  The
     message send to the server is binary encoded.  For details on the
     file descriptor, see the description of ‘INPUT’ in the ‘ENCRYPT’
     section.

 -- Command: OUTPUT FD=N [--binary]
     Set the file descriptor to be used for the output.  The output is
     either the complete signed message or in case of a detached
     signature just that detached signature.  If the option ‘--binary’
     is given the output shall be in binary format; if not given, the
     output for OpenPGP needs to be ASCII armored and for CMS Base-64
     encoded.  For details on the file descriptor, see the ‘INPUT’
     command.

To allow the server the selection of a non-default signing key the
client may optionally use the ‘SENDER’ command, see *note command
SENDER::.

The signing operation is then initiated by:

 -- Command: SIGN --protocol=NAME [--detached]
     Sign the data set with the ‘INPUT’ command and write it to the sink
     set by OUTPUT. NAME is the signing protocol used for the message.
     For a description of the allowed protocols see the ‘ENCRYPT’
     command.  With option ‘--detached’ given, a detached signature is
     created; this is actually the usual way the command is used.

The client expects the server to send at least this status information
before the final OK response:

 -- Status line: MICALG STRING
     The STRING represents the hash algorithm used to create the
     signature.  It is used with RFC-1847 style signature messages and
     defined by PGP/MIME (RFC-3156) and S/MIME (RFC-3851).  The GPGME
     library has a supporting function ‘gpgme_hash_algo_name’ to return
     the algorithm name as a string.  This string needs to be lowercased
     and for OpenPGP prefixed with "‘pgp-’".


© manpagez.com 2000-2024
Individual documents may contain additional copyright information.