signing & encrypting

Ryan Malayter
Thu May 16 20:09:02 2002

The best security comes from using sign/encrypt/sign. See:

-----Original Message-----
From: David Shaw []=20
Sent: Thursday, May 16, 2002 7:37 AM
Subject: Re: signing & encrypting

On Thu, May 16, 2002 at 12:01:18PM +0000, Aurelio Turco wrote:
> In the FAQ ( it says:
>   There is a small security glitch in the OpenPGP (and therefore
>   system; to avoid this you should always sign and encrypt a message
>   instead of only encrypting it.
> Can someone provide a one or two sentence explanation as to what this
> glitch might be?

Maybe not in one or two sentences ;)

In an encrypted, but not signed message, it is theoretically possible
to modify the message by inserting more encrypted bytes into the
middle.  Sort of like transforming "Hi Fred, I hope you are well" into
"Hi Fred, you rotten bastard, I hope you are doing badly and soon fall
down a well".

Signing prevents this problem, as the signature would not be valid on
a modified message.  However, GnuPG also supports the MDC
(modification detection code) feature of OpenPGP which includes a
mini-signature inside the encrypted data which can also prevent this
without signing.

> If one is to both sign and encrypt a message, would I be correct in
> saying that one should encrypt before signing?

Other way around - when you encrypt and sign, you are doing

> Does the order in which --sign and --encrypt are specified on the gpg
> command line make a difference to the order in which the corresponding
> operations are done?



   David Shaw  |  |  WWW
   "There are two major products that come out of Berkeley: LSD and
      We don't believe this to be a coincidence." - Jeremy S. Anderson

Gnupg-users mailing list