At work I want to add signing to our automatic build system. In
theory it's a simple application of `gpg` at the end of building to
get a detached signature would do, but I'm weary of sticking the
secret key on the build servers. I'd feel a bit more safe if the
signing could be done on a separate server. However, the built files
are large and I don't want to introduce a bottle neck by transfering
all files back and forth over the network.
So, my idea was to somehow separate the two steps that GnuPG performs
under the hood when signing, creating the message digest (hash) and
the signing of this message digest. I've found `--print-md` which
looks promising, but there doesn't seem to be any `--sign-md`.