How to keep signature on received messages after decrypting them

David Shaw
Tue Feb 26 01:27:01 2002

On Sat, Feb 23, 2002 at 07:00:44PM -0500, ddcc@MIT.EDU wrote:
> GPG doesn't seem to have a way to preserve the signature on an encrypted
> message. If I tell GPG to verify or decrypt, it will happily spit out the
> original message, but there does not seem to be a way to extract the
> signature.
> Why would someone need this feature?
> Say Alice signs and encrypts a check to Bob. Now Bob needs to prove to the
> bank that Alice signed it. Using GPG, he can recover the text of the check
> easily. But what proof of signature does he send the bank? A screenshot of
> GPG with the line that says "Good signature from Alice?" An extracted
> session key (gpg --show-session-key)? Or does he need to ask Alice to send
> another check, this one signed, then encrypted, but in two separate steps?

Sorry, GPG doesn't currently have this feature.  There is nothing
preventing it, but it hasn't been written.


   David Shaw  |  |  WWW
   "There are two major products that come out of Berkeley: LSD and UNIX.
      We don't believe this to be a coincidence." - Jeremy S. Anderson