signing & encrypting
Anthony E. Greene
Fri May 17 16:15:01 2002
-----BEGIN PGP SIGNED MESSAGE-----
On 17-May-2002/11:31 +0000, Aurelio Turco <firstname.lastname@example.org> wrote:
>Werner Koch wrote:
>> The problem with S(E(m)) is that it reveals information about the
>> sender/signer whereas E(S(m)) does only tell you who is the recipient
>Please forgive my ignorance in the matter, but,
>if E(m) is vulnerable to tampering, why isnt E(S(m))?
>I understand why S(E(m)) isnt, but with E(S(m)),
>it is not obvious to me at all.
You cannot reach inside the encryption to tamper with the message. You can
only alter the encrypted data. If you are lucky, the changed data may
decrypt to something different that happens to make sense to the
recipient. Most likely it will simply decrypt to garbled nonsense.
But if the message data is signed, any tampering (even if you're lucky
enough to have it decrypt to something that makes sense) will make the
signature fail validation.
Anthony E. Greene <mailto:email@example.com>
OpenPGP Key: 0x6C94239D/7B3D BD7D 7D91 1B44 BA26 C484 A42A 60DD 6C94 239D
AOL/Yahoo Chat: TonyG05 HomePage: <http://www.pobox.com/~agreene/>
Linux: the choice of a GNU Generation. <http://www.linux.org/>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (GNU/Linux)
Comment: Anthony E. Greene 0x6C94239D <firstname.lastname@example.org>
-----END PGP SIGNATURE-----