Improved verification of messages
Werner Koch
wk@gnupg.org
Wed, 13 Sep 2000 11:15:36 +0200
On Wed, 13 Sep 2000, - wrote:
> someone does happen to get a copy of the public key
> from the server, then they *may* be able to forge an
> encrypted order (with perhaps lower prices for some of
> the articles).
So you need to sign the mail using a secret key oin the server.
Another way would be to just put some secret string into the
encrypted mail or recheck each receiver mail with a log kept on the
server.
Anyway, an attacker who gets access to the webserver will be able to
do whatever he wants.
Werner
--
Werner Koch GnuPG key: 621CC013
OpenIT GmbH http://www.OpenIT.de
--
Archive is at http://lists.gnupg.org - Unsubscribe by sending mail
with a subject of "unsubscribe" to gnupg-users-request@gnupg.org