secure sign & encrypt

Robert J. Hansen rjhansen at
Thu May 23 17:21:02 CEST 2002

> You receive an encrypted + signed message. What do you know now?

I trust that the message really was composed by the original author, and I 
know it was encrypted when the data came out of the pipe.  If the signed 
message contains traffic which was unambiguously meant for me, then the 
message was intended for me.  Encryption and signing just means encryption 
and signing; I don't assume that crypto is some kind of magic fairy dust, 
where you sprinkle a little of it on your traffic and suddenly you're 

A signed message doesn't mean the traffic was intended for you, it just 
means the message hasn't been tampered with in transit.  An encrypted 
message doesn't mean nobody's read the message, it just means it's been 
kept safe in transit from the time someone encrypted it to the time you 
decrypted it.

More information about the Gnupg-devel mailing list