GPG support in Mahogany

Xavier Nodet xavier.nodet@free.fr
Tue Dec 10 17:22:02 2002 

On Sun, 8 Dec 2002 18:57:29 +0100 "Janusz A. Urbanowiz" <alex@syjon.fantastyka.net> wrote:

> On Tue, Dec 10, 2002 at 04:25:26PM +0100, Xavier Nodet wrote:
>> My understanding is that encryption/signing layers can be artitrarily
>> nested.

> negative

What if I use several successive commands. For example, I can do this:

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Message


- -----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (MingW32) - GPGshell v2.65

iD8DBQE99g6VFK6OUIeqvjQRAh56AJ994wxN8TLm57ebkvZNyKrlWpvK9ACfUSyJ
cZsvv4FX/yq1ocDY5aDyiM8=
=RG1C
- -----END PGP SIGNATURE-----

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (MingW32) - GPGshell v2.65

iD8DBQE99g65FK6OUIeqvjQRAjiLAJ0bycg5LrC4vWD2JWoTmqKQQ0BtKgCdHHB7
OpveXiaqQIfJI7+cv6VKvdc=
=ygHe
-----END PGP SIGNATURE-----

I have signed this message twice. I could have encrypted it between the
two signature, no?

> encryption is the second step after signing because it hides the originator
> this way.

I understand that.

>> When a message is multiply signed as above, we should verify that the
>> signatures have actually been done with the same key: the point in
>> signing twice is to assert that the signer actually encrypted the
>> document himself, thus proving that he wanted the recipient to get it

> this proves nothing at all

If I receive a signed-then-encrypted message, how can I be sure that the
originator actually wanted me to receive this message. It may have been
decrypted by the intended recipient, then re-encrypted using my public
key.

On the other hand, if the message is signed-encrypted-signed, the final
recipient can be sure that the originator actually wanted to send this
message to him: he signed the fact that he used the recipient's public
key to encrypt the message. Of course, the originator is no more hidden,
but this is not necessarily bad.

>> (while, if a message is only signed then encrypted, the recipient could
>> decrypt it, then forward it re-encrypted to a third person without this
>> third person noticing that he was not the intended recipient).

> there is no way/need to multiple encrypt

I'm speaking about the destinator decrypting first, then re-encrypting
for a third person.

-- 
Xavier Nodet
"They that can give up essential liberty to obtain a little temporary
safety deserve neither liberty nor safety." - Benjamin Franklin, 1759.