GPG support in Mahogany

Xavier Nodet xavier.nodet@free.fr
Tue Dec 10 16:26:02 2002 

Hi all,

We are beginning to provide support for PGP operations in Mahogany[1],
an open-source cross-platform mail client. So far, we have only
verification of signatures (in ASCII armor format), and decryption of
messages, but this already leads to some questions.

A general first question: when I use --sign and --encrypt at the same
time, do I get a signed then encrypted message, the other way round, or
does it depend on the order of options on the command line?

My understanding is that encryption/signing layers can be artitrarily
nested. For example, a message could be signed, encrypted, then signed
again[2]. Is there a way to get such an S/E/S message in one step? Using
'-s -e -s' on the command line gives an error... Could GPG handle all
those nested levels in one step when given such a message?

I guess the answers are 'No' (except when -s and -e were used in the
same command), but I thought I'd better ask, just in case...

When a message is multiply signed as above, we should verify that the
signatures have actually been done with the same key: the point in
signing twice is to assert that the signer actually encrypted the
document himself, thus proving that he wanted the recipient to get it
(while, if a message is only signed then encrypted, the recipient could
decrypt it, then forward it re-encrypted to a third person without this
third person noticing that he was not the intended recipient).

This should not be very difficult to do.

Something more specific to mails. When a message is signed, we should
verify that the 'From:' header actually matches one of the IDs of the
signing key. This prevents an attacker from forging headers to make the
recipient believe he got the message from a third person.

Are there other things we should take into account to deal with the
'receive' part of GPG handling?

Thanks for your answers and comments.

[1] <http://mahogany.sourceforge.net>
[2] <http://world.std.com/~dtd/sign_encrypt/sign_encrypt7.ps> gives
    reasons to do that. 

-- 
Xavier Nodet
"They that can give up essential liberty to obtain a little temporary
safety deserve neither liberty nor safety." - Benjamin Franklin, 1759.