Format of signed-and-encrypted documents

Ben Paul Wise
Mon Jul 2 22:46:02 2001


This is a fairly detailed question of how GnuPG, and the OpenPGP standard, 
does the sign-and-encrypt operation.

Suppose we designate the following symbols:

m: my message
p: your public key
q: my secret key

e(m, p): encryption of my message m to your public key p
s(m, q): signature operation, on message m using my secret key q

[m|n]: the concatenation of two messages

Does the 'sign-and-encrypt' option sign the message,
then encrypt both the message and the signature together,
or does is simply output the encrypted message and the
signature side by side?

That is, does the standard specify

     e( [ m | s ( m, q ) ], p)


     [ e(m,p) | s(m,q) ] 


And where could I find an explanation of why it was done one way rather than 
the other?

Thanks in advance!

Ben Wise, PhD            Mobile: 703-731-5144
SAIC                     GnuPG ID: 0xF491BD21