How to keep signature on received messages after decrypting them

ddcc@MIT.EDU ddcc@MIT.EDU
Sun Feb 24 01:03:02 2002


GPG doesn't seem to have a way to preserve the signature on an encrypted
message. If I tell GPG to verify or decrypt, it will happily spit out the
original message, but there does not seem to be a way to extract the
signature.

Why would someone need this feature?

Say Alice signs and encrypts a check to Bob. Now Bob needs to prove to the
bank that Alice signed it. Using GPG, he can recover the text of the check
easily. But what proof of signature does he send the bank? A screenshot of
GPG with the line that says "Good signature from Alice?" An extracted
session key (gpg --show-session-key)? Or does he need to ask Alice to send
another check, this one signed, then encrypted, but in two separate steps?

(Also, Anderson's forwarding attack needs a way to decrypt a message
and to keep the on it--although I doubt GPG was designed the way it is to
prevent this attack).

Would anyone know how to decrypt a message and keep the signature intact?
Should I contact the developers with my request?