GPG support in Mahogany
Tue Dec 10 16:26:02 2002
We are beginning to provide support for PGP operations in Mahogany,
an open-source cross-platform mail client. So far, we have only
verification of signatures (in ASCII armor format), and decryption of
messages, but this already leads to some questions.
A general first question: when I use --sign and --encrypt at the same
time, do I get a signed then encrypted message, the other way round, or
does it depend on the order of options on the command line?
My understanding is that encryption/signing layers can be artitrarily
nested. For example, a message could be signed, encrypted, then signed
again. Is there a way to get such an S/E/S message in one step? Using
'-s -e -s' on the command line gives an error... Could GPG handle all
those nested levels in one step when given such a message?
I guess the answers are 'No' (except when -s and -e were used in the
same command), but I thought I'd better ask, just in case...
When a message is multiply signed as above, we should verify that the
signatures have actually been done with the same key: the point in
signing twice is to assert that the signer actually encrypted the
document himself, thus proving that he wanted the recipient to get it
(while, if a message is only signed then encrypted, the recipient could
decrypt it, then forward it re-encrypted to a third person without this
third person noticing that he was not the intended recipient).
This should not be very difficult to do.
Something more specific to mails. When a message is signed, we should
verify that the 'From:' header actually matches one of the IDs of the
signing key. This prevents an attacker from forging headers to make the
recipient believe he got the message from a third person.
Are there other things we should take into account to deal with the
'receive' part of GPG handling?
Thanks for your answers and comments.
 <http://world.std.com/~dtd/sign_encrypt/sign_encrypt7.ps> gives
reasons to do that.
"They that can give up essential liberty to obtain a little temporary
safety deserve neither liberty nor safety." - Benjamin Franklin, 1759.