decrypt is not de-encrypt and then verify ?
Matthias Odisio
odisio@icp.inpg.fr
Wed Jan 8 10:49:01 2003
Hello,
(Thank you David for your reply to my former message.)
In the manual, decrypt is told to decrypt the message and then to verify
it if it is signed.
The following make me think it may not be strictly the same :
0. Consider a text file f.txt
1. clearsign it: gpg -o fs.txt --clearsign f.txt
2. modify fs.txt by adding lines in the beginning (some mailers
-- possibly mis-configurated :) -- do that!)
******************************
some
garbage lines
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
[...]
-----BEGIN PGP SIGNATURE-----
[...]
-----END PGP SIGNATURE-----
*******************************
3. encrypt fs.txt: gpg -o fse.txt --armor --encrypt fs.txt
4. decrypt fse.txt: gpg -o fsed.txt --decrypt fse.txt
decrypt don't verify signature
5. verify signature: gpg --verify fsed.txt
gpg was able to perform the verification !
PGP handling by mailers appears to be quite drafty by now, and maybe that
could explain misfunctionnements when sending message. In the case
considered above, the mailer seems to add these 3 "garbage" lines :
***
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: 8bit
***
By the way, I've subscribed to this mailing list now, so you don't need
any more to cc me on reply.
Matthias