encrypting and signing for pgp2

Michael Roth mroth@nessie.de
Mon, 12 Jul 1999 23:12:31 +0200 (MET DST)


On Mon, 12 Jul 1999, Holger Schurig wrote:


> Werner suggested:
> > > 1. create the signed file
> > > 2. cut off the signature and move it to the begin
> > > 3. encrypt this file
> >
>
> Michael replied:
> > 1. Read all data from stdin and write it to a tempfile.
> > 2. Sign the tempfile.
> > 3. Encrypt the signed file.
>
> Both schemes would encrypt the signature itself. Is this really the case
> with PGP2 ? I thought not after having a quick look into
> /var/doc/pgp-2.6.3i-1/pgformat.doc.
Yes, this is the right way (AFAIK). If it is not, someone else could modify the signature or look who signed the file and so on. If something is send encrypted to someone, nobody should know what if inside the encrypted packet. Whether this is signed data or not. cu Michael Roth