secure sign & encrypt
Robert J. Hansen
rjhansen at inav.net
Thu May 23 17:21:02 CEST 2002
> You receive an encrypted + signed message. What do you know now?
I trust that the message really was composed by the original author, and I
know it was encrypted when the data came out of the pipe. If the signed
message contains traffic which was unambiguously meant for me, then the
message was intended for me. Encryption and signing just means encryption
and signing; I don't assume that crypto is some kind of magic fairy dust,
where you sprinkle a little of it on your traffic and suddenly you're
"secure".
A signed message doesn't mean the traffic was intended for you, it just
means the message hasn't been tampered with in transit. An encrypted
message doesn't mean nobody's read the message, it just means it's been
kept safe in transit from the time someone encrypted it to the time you
decrypted it.
More information about the Gnupg-devel
mailing list