How to keep signature on received messages after decrypting them
Anthony E. Greene
agreene@pobox.com
Tue Feb 26 06:38:01 2002
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On Sat, 23 Feb 2002 ddcc@MIT.EDU wrote:
>
>Why would someone need this feature?
>
>Say Alice signs and encrypts a check to Bob. Now Bob needs to prove to the
>bank that Alice signed it. Using GPG, he can recover the text of the check
>easily. But what proof of signature does he send the bank? A screenshot of
>GPG with the line that says "Good signature from Alice?" An extracted
>session key (gpg --show-session-key)? Or does he need to ask Alice to send
>another check, this one signed, then encrypted, but in two separate steps?
When I write a check to someone, I fully intend for the bank to be able to
read the check and verify my sig. In this scenario, I'd encrypt to
multiple keys: the bank's and the payee's. If the check is to be deposited
at an institution that is not known to me, then I'd clearsign the check,
then encrypt it for the recipient. If it were a paper check, I'd sign it,
then put it in an envelope.
There may be good reasons for the ability to keep a sig with the data
after decryption, but this is not a good example.
Tony
- --
Anthony E. Greene <agreene@pobox.com> <http://www.pobox.com/~agreene/>
PGP Key: 0x6C94239D/7B3D BD7D 7D91 1B44 BA26 C484 A42A 60DD 6C94 239D
Chat: AOL/Yahoo: TonyG05
Linux. The choice of a GNU generation <http://www.linux.org/>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (GNU/Linux)
Comment: Anthony E. Greene <agreene@pobox.com> 0x6C94239D
iD8DBQE8eWSNpCpg3WyUI50RAt2yAKDeDUO3yN5xV+Xhp8YhkO9rDER2ygCgnMno
hoq8mmrsNQhgxLFilF/PwYg=
=l0JN
-----END PGP SIGNATURE-----