PGP Bug Solution?

Nicholas Cole nicholas.cole at
Sat Mar 24 12:20:02 CET 2001

I may be completely wrong, but if I understand the paper correctly,
the modified key will not produce a valid signature.

If that is the case, could not GPG attempt to validate a signature
when created, and ring alarm bells if the signature does not verify?

Of course, this would add time to the process, so perhaps there should
be an option to disable this check if the user feels the enviroment in
which keys are stored is secure.

Nicholas Cole
	    nicholas.cole at || npcole at
			private key fingerprint: 
	   2EFA D405 1B23 73F6 572E  A1C7 BEDA 238C 560F 6E28

More information about the Gnupg-devel mailing list