GPG support in Mahogany
Janusz A. Urbanowiz
Wed Dec 11 11:01:14 2002
On Tue, Dec 10, 2002 at 04:25:26PM +0100, Xavier Nodet wrote:
> A general first question: when I use --sign and --encrypt at the same
> time, do I get a signed then encrypted message, the other way round, or
> does it depend on the order of options on the command line?
the message is signed then encrypted
> My understanding is that encryption/signing layers can be artitrarily
> For example, a message could be signed, encrypted, then signed again.
> Is there a way to get such an S/E/S message in one step? Using '-s -e -s'
> on the command line gives an error... Could GPG handle all those nested
> levels in one step when given such a message?
no and it should not
encryption is the second step after signing because it hides the originator
> When a message is multiply signed as above, we should verify that the
> signatures have actually been done with the same key: the point in
> signing twice is to assert that the signer actually encrypted the
> document himself, thus proving that he wanted the recipient to get it
this proves nothing at all
> (while, if a message is only signed then encrypted, the recipient could
> decrypt it, then forward it re-encrypted to a third person without this
> third person noticing that he was not the intended recipient).
there is no way/need to multiple encrypt
there's no simple way (as it shouldn't be) to multiple sign
> Something more specific to mails. When a message is signed, we should
> verify that the 'From:' header actually matches one of the IDs of the
> signing key. This prevents an attacker from forging headers to make the
> recipient believe he got the message from a third person.
possibly, although this is rarely done