signing & encrypting
David Shaw
dshaw@jabberwocky.com
Thu May 16 14:37:01 2002
On Thu, May 16, 2002 at 12:01:18PM +0000, Aurelio Turco wrote:
> In the FAQ (http://www.gnupg.org/faq.html) it says:
>
> There is a small security glitch in the OpenPGP (and therefore GnuPG)
> system; to avoid this you should always sign and encrypt a message
> instead of only encrypting it.
>
> Can someone provide a one or two sentence explanation as to what this
> glitch might be?
Maybe not in one or two sentences ;)
In an encrypted, but not signed message, it is theoretically possible
to modify the message by inserting more encrypted bytes into the
middle. Sort of like transforming "Hi Fred, I hope you are well" into
"Hi Fred, you rotten bastard, I hope you are doing badly and soon fall
down a well".
Signing prevents this problem, as the signature would not be valid on
a modified message. However, GnuPG also supports the MDC
(modification detection code) feature of OpenPGP which includes a
mini-signature inside the encrypted data which can also prevent this
without signing.
> If one is to both sign and encrypt a message, would I be correct in
> saying that one should encrypt before signing?
Other way around - when you encrypt and sign, you are doing
encrypt(sign(data)).
> Does the order in which --sign and --encrypt are specified on the gpg
> command line make a difference to the order in which the corresponding
> operations are done?
No.
David
--
David Shaw | dshaw@jabberwocky.com | WWW http://www.jabberwocky.com/
+---------------------------------------------------------------------------+
"There are two major products that come out of Berkeley: LSD and UNIX.
We don't believe this to be a coincidence." - Jeremy S. Anderson