Feature request

Albrecht Dreß albrecht.dress at arcor.de
Tue May 16 19:29:10 CEST 2006

Am 30.04.06 23:23 schrieb(en) Daniel A. Nagy:
> Right now, it is not possible to decrypt a signed encrypted message  
> while retaining the signature. Similarly, it is not possible to encrypt  
> a signed message so that it becomes a signed encrypted message.

Hmmm, I guess you are referring to RFC 3156 [1] signed and encrypted  
messages, i.e. something with the MIME structure

multipart/encrypted; protocol="application/pgp-encrypted"; ...
   +-- application/pgp-encrypted
   +-- application/octet-stream  <<< encrypted contents

of which the application/octet-stream after decryption is actually

multipart/signed; protocol="application/pgp-signature"; ...
   +-- [signed content, might be multipart/mixed, text/plain, ...]
   +-- application/pgp-signature  <<< the signature

In this case, you need indeed two steps: first create the  
multipart/signed, and then encrypt it, forming the multipart/encrypted.

> With the exception of certain PGP/MIME messages (e.g. those created by  
> OS X's Mail.app), of course.

RFC 3156, sect. 6.2, allows to create a combined signed /and/ encrypted  
multipart/encrypted.  Is that what OSX's mail creates?  Also used by  
Enigmail (Mozilla/Thunderbird).

> These features would be immensely useful. In applications where  
> signatures are used as third-party evidence, yet confidentiality is  
> required, such features are indispensible.

Well, /if/ you are talking about what I outlined above, IMO this is out of  
GnuPG's scope (it had to implement all of RFC 3156, which in turn needs  
all details of MIME support, the nifty details depend upon the MUA used,  
etc. etc.).

If you need an excellent library to work with MIME messages, including RFC  
3156 support, please have a look at gmime [2]. Gmime talks directly to gpg  
and supports RFC 3156 ootb.

For the MUA Balsa, which is based upon gmime, I wrote a few gpgme based  
gmime extensions which support RFC 2440 (OpenPGP), RFC 2633 (s/mine) and  
RFC 3156 (pgp/mime). Please see the gmime-* files in


- it might be possible to re-use them in your application (if you need  
something else than a MUA).  Or did I /completely/ miss your point here?

Cheers, Albrecht.

[1] http://www.ietf.org/rfc/rfc3156.txt
[2] http://spruce.sourceforge.net/gmime/

  Albrecht Dreß  -  Johanna-Kirchner-Straße 13  -  D-53123 Bonn (Germany)
        Phone (+49) 228 6199571  -  mailto:albrecht.dress at arcor.de
   GnuPG public key:  http://www.mynetcologne.de/~nc-dreszal/pubkey.asc
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 191 bytes
Desc: not available
Url : /pipermail/attachments/20060516/99101206/attachment-0001.pgp

More information about the Gnupg-devel mailing list