Generic OpenPGP File Signing Questions

StackOverflow https://stackoverflow.com/questions/17225003

  •  01-06-2022
  •  | 
  •  

Domanda

I'm working with a bank that requires that I sign a file with OpenPGP before sending it. I grabbed some file signing code from somewhere online and am using Bouncy Castle to sign the file. It seems to be working but I'm having a hard time finding good, readable, information on how signing with OpenPGP works.

Specifically I'm worried about a few unknowns:

  1. When signing the same plain text file twice I get different results. Is this expected?
  2. I have options for compression. I should have to match this setting on their end for them to read my file. Is there a standard for this I can fall back on?
  3. I have my choice of hashing algorithms, but certainly I will, again, have to match whatever they are expecting me to use.

Just some clarity would be appreciated,

Thanks

È stato utile?

Soluzione

I don't know why it seems so difficult to get answers on SO anymore but I did end up figuring this out. Here is what they wanted:

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

This is some content data for our test-----
BEGIN PGP SIGNATURE-----
Version: BCPG C# v1.7.4114.6375

iQFFBAEBCAAvBQJRzH1oKBxEYXZpZCBCcmludG9uIDxkYXZpZC5icmludG9uQHhh
bmdvLmNvbT4ACgkQY9FO3S6jIC+c6wf/VAEiCbLFhT9hM9I54tKF421Nk8lVTJVS
eDT1EUDVhaNhUEsATkWhZmLujKvB4kqVMINwkr07MVwGraQ7uNURx/zW2nU+Ov24
TGY1FV1ph8w5nn+p6fTRC1CLvy+phBw+EmfCeRT77Na+SgoDocMhrNBGuBZSSNub
ytBa0yjmbwRVW9b0xXvtbuOmg67j3oh4QCJgVrMLPbLgm9pUBtH1qCTdtA0E0Prp
anK3mUEdVTj+P0k1ajxsL1D4bmBZxQrCp3EXqZuvszTR7itFQz+u4YLw3OL5V6E6
toD9l0r5uHijWqT9ySJ2enTC+u9NoRWOlY3wMm80agjFlvmDgUlZ+w==
=6KH3
-----END PGP SIGNATURE-----

This is a clear text file with a signed footer to verify the source of the message.

Autorizzato sotto: CC-BY-SA insieme a attribuzione
Non affiliato a StackOverflow
scroll top