encrypting and signing for pgp2

Holger Schurig holger@holger.om.org
Mon, 12 Jul 1999 22:10:13 +0200

Werner suggested:

> > 1. create the signed file
> > 2. cut off the signature and move it to the begin
> > 3. encrypt this file
Michael replied:
> 1. Read all data from stdin and write it to a tempfile.
> 2. Sign the tempfile.
> 3. Encrypt the signed file.
Both schemes would encrypt the signature itself. Is this really the case with PGP2 ? I thought not after having a quick look into /var/doc/pgp-2.6.3i-1/pgformat.doc. So if the signature is not signed then obiously pgp2 has to make two runs over the input file. In the case of a file this would work without a temp file, but if the data comes from a non-seekable source, one would have to use a temp file (or assume that the file is never bigger than available memory which seems not to be a valid assumption). -- Holger Schurig | Die Botschaft vom Kreuz ist dem Renzstr. 31 | Unglaeubigen eine Torheit. 74821 Mosbach | 1. Korinther 1:18