How to keep signature on received messages after decrypting them

David Shaw dshaw@jabberwocky.com
Tue Feb 26 01:27:01 2002


On Sat, Feb 23, 2002 at 07:00:44PM -0500, ddcc@MIT.EDU wrote:
> GPG doesn't seem to have a way to preserve the signature on an encrypted
> message. If I tell GPG to verify or decrypt, it will happily spit out the
> original message, but there does not seem to be a way to extract the
> signature.
> 
> Why would someone need this feature?
> 
> Say Alice signs and encrypts a check to Bob. Now Bob needs to prove to the
> bank that Alice signed it. Using GPG, he can recover the text of the check
> easily. But what proof of signature does he send the bank? A screenshot of
> GPG with the line that says "Good signature from Alice?" An extracted
> session key (gpg --show-session-key)? Or does he need to ask Alice to send
> another check, this one signed, then encrypted, but in two separate steps?

Sorry, GPG doesn't currently have this feature.  There is nothing
preventing it, but it hasn't been written.

David

-- 
   David Shaw  |  dshaw@jabberwocky.com  |  WWW http://www.jabberwocky.com/
+---------------------------------------------------------------------------+
   "There are two major products that come out of Berkeley: LSD and UNIX.
      We don't believe this to be a coincidence." - Jeremy S. Anderson