sign and encrypt

vedaal at vedaal at
Wed Jun 7 23:20:39 CEST 2006

Joe Smith unknown_kev_cat at wrote on
Wed Jun 7 21:08:05 CEST 2006 :

> Encrypt and then sign does not have this problem, 
> unless the other person is willing to sacrifice 
> his/her private key.
> To avoid leaking information via the signature 
> Encrypt-sign-encrypt could work.


the receiver could simply post the message and the session keys,

it also doesn't protect against surreptious forwarding,

the receiver can decrypt the outer layer,
and leave the inner encrypted layer, with the signature intact,
and re-encrypt to any toher key and send it along


Concerned about your privacy? Instantly send FREE secure email, no account required

Get the best prices on SSL certificates from Hushmail

More information about the Gnupg-users mailing list