We'd like to implement a workflow that requires multiple people to digitallly sign a document. If I have multiple secret keys in my own keychain, I can do something as simple as:
gpg --sign -u userid1 -u userid2 filename
But what do I do if I've got an already signed document and I want to add a signature? One solution would be to have everyone generate detached signatures for the document, and then package them all together in a zip file or something, but the overhead there is substantially higher. Is there a better way?
No need to ZIP them: you can simply concatenate detached signatures in a single file and all will be verified one after another.
% gpg -b -u $ID1 -o prova.c.sig1 prova.c
% gpg -b -u $ID2 -o prova.c.sig2 prova.c
% cat prova.c.sig1 prova.c.sig2 >prova.c.sig
% gpg prova.c.sig
gpg: Signature made Mar 1 Set 18:16:09 2009 CEST using RSA key ID $ID1
gpg: Good signature from "Lapo Luchini <lapo@lapo.it>"
gpg: Signature made Mar 1 Set 18:16:25 2009 CEST using RSA key ID $ID2
gpg: Good signature from "Lapo Luchini <lapo@lapo.it>"
I have verified that this works as well with ASCII-armored files tough in that case the output file size is sub-optimal since the header is repeated for each signature and it might be better to first concatenate the binary signatures and them ASCII-armor the whole thing.
I don't know OpenPGP format well enough to be sure, but I guess you can probably also have a software that, given a file and some detached signatures, makes a single attached signature with the signature packets extracted from all of them, though that would need more time to be implemented (if at all possible: maybe there are different packets for attached and detached signatures and one can't be converted in the other, but I would bet the packet is only one type).