EFail mitigations for S/MIME (was: efail -> improvements in case w/o AE (e.g. CMS))
aheinecke at intevation.de
Tue May 15 14:31:37 CEST 2018
It think Bernhards mail can be summed up further. To check that the encrypted
data was not manipulated we only need:
- Any hash over the plaintext.
To get such a hash we can most easily use a signature, regardless of any trust
in the signature. The hash does not need to be encrypted.
If we have no hash we won't offer to save a decrypted file from a GUI or show
it in an HTML enabled mail client. This would disallow encrypt, then sign
schemes but in practice everyone uses sign then encrypt anyway.
Andre Heinecke | ++49-541-335083-262 | http://www.intevation.de/
Intevation GmbH, Neuer Graben 17, 49074 Osnabrück | AG Osnabrück, HR B 18998
Geschäftsführer: Frank Koormann, Bernhard Reiter, Dr. Jan-Oliver Wagner
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 228 bytes
Desc: This is a digitally signed message part.
More information about the Gnupg-devel