signing & encrypting
Thu May 16 14:01:02 2002
In the FAQ (http://www.gnupg.org/faq.html) it says:
There is a small security glitch in the OpenPGP (and therefore GnuPG)
system; to avoid this you should always sign and encrypt a message
instead of only encrypting it.
Can someone provide a one or two sentence explanation as to what this
glitch might be?
If one is to both sign and encrypt a message, would I be correct in
saying that one should encrypt before signing?
Does the order in which --sign and --encrypt are specified on the gpg
command line make a difference to the order in which the corresponding
operations are done?
Any help would be much appreciated.