albrecht.dress at arcor.de
Tue May 16 19:29:10 CEST 2006
Am 30.04.06 23:23 schrieb(en) Daniel A. Nagy:
> Right now, it is not possible to decrypt a signed encrypted message
> while retaining the signature. Similarly, it is not possible to encrypt
> a signed message so that it becomes a signed encrypted message.
Hmmm, I guess you are referring to RFC 3156  signed and encrypted
messages, i.e. something with the MIME structure
multipart/encrypted; protocol="application/pgp-encrypted"; ...
+-- application/octet-stream <<< encrypted contents
of which the application/octet-stream after decryption is actually
multipart/signed; protocol="application/pgp-signature"; ...
+-- [signed content, might be multipart/mixed, text/plain, ...]
+-- application/pgp-signature <<< the signature
In this case, you need indeed two steps: first create the
multipart/signed, and then encrypt it, forming the multipart/encrypted.
> With the exception of certain PGP/MIME messages (e.g. those created by
> OS X's Mail.app), of course.
RFC 3156, sect. 6.2, allows to create a combined signed /and/ encrypted
multipart/encrypted. Is that what OSX's mail creates? Also used by
> These features would be immensely useful. In applications where
> signatures are used as third-party evidence, yet confidentiality is
> required, such features are indispensible.
Well, /if/ you are talking about what I outlined above, IMO this is out of
GnuPG's scope (it had to implement all of RFC 3156, which in turn needs
all details of MIME support, the nifty details depend upon the MUA used,
If you need an excellent library to work with MIME messages, including RFC
3156 support, please have a look at gmime . Gmime talks directly to gpg
and supports RFC 3156 ootb.
For the MUA Balsa, which is based upon gmime, I wrote a few gpgme based
gmime extensions which support RFC 2440 (OpenPGP), RFC 2633 (s/mine) and
RFC 3156 (pgp/mime). Please see the gmime-* files in
- it might be possible to re-use them in your application (if you need
something else than a MUA). Or did I /completely/ miss your point here?
Albrecht Dreß - Johanna-Kirchner-Straße 13 - D-53123 Bonn (Germany)
Phone (+49) 228 6199571 - mailto:albrecht.dress at arcor.de
GnuPG public key: http://www.mynetcologne.de/~nc-dreszal/pubkey.asc
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Size: 191 bytes
Desc: not available
Url : /pipermail/attachments/20060516/99101206/attachment-0001.pgp
More information about the Gnupg-devel