signing & encrypting
Ryan Malayter
rmalayter@bai.org
Fri May 17 17:17:02 2002
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
From: Anthony E. Greene [mailto:agreene@pobox.com]=20
>But if the message data is signed, any tampering (even=20
>if you're lucky enough to have it decrypt to something=20
>that makes sense) will make the signature fail validation.
Tampering isn't the point. Check out that reference I posted earlier.
Basically, it summarizes as:
S(E(m)) has a vulnerability in that you know who signed a message,
but you don't know who originally wrote or encrypted the message.
E(S(m)) has the vulnerability that you know who originally wrote and
signed the message, but you don't know who actually encrypted it and
sent it to you.
S(E(S(m))) prevents both of these vulnerabilites, provided that the
inner and outer signatures are both valid and made from the same
private key. Most OpenPGP programs, while capable of S(E(S(m))),
don't do it in one step, on the encryption or decryption end.
-ryan-
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6-2 (MingW32) - WinPT 0.5.7
Comment: For info see http://www.gnupg.org
iEYEARECAAYFAjzlHpEACgkQ9wZiZHyXot4DpACfZSvsBQ2OqR8UKb8NZ2J86AyU
dJYAnRkNKxgVrMyU6hqsbR0IgvgRpeGR
=3DYTq5
-----END PGP SIGNATURE-----