decrypt is not de-encrypt and then verify ?
Wed Jan 8 11:36:02 2003
On Wed, 8 Jan 2003 10:58:48 +0100 (CET), Matthias Odisio said:
> The following make me think it may not be strictly the same :
> 0. Consider a text file f.txt
> 1. clearsign it: gpg -o fs.txt --clearsign f.txt
You created an arbitrary file which happens to contain an OpenPGP
> 3. encrypt fs.txt: gpg -o fse.txt --armor --encrypt fs.txt
You encrypted that file, but did not signed it.
> 4. decrypt fse.txt: gpg -o fsed.txt --decrypt fse.txt
> decrypt don't verify signature
gpg can't verify a signature becuase there is no signature. The data
you encrypted is opaque to gpg; it does not look into it.
> 5. verify signature: gpg --verify fsed.txt
> gpg was able to perform the verification !
You checked an entirely different file; the one you create in step 1.
> PGP handling by mailers appears to be quite drafty by now, and maybe that
> could explain misfunctionnements when sending message. In the case
No. There are 3 approaches to send an encrypted an encrypted and
1. Classic PGP armor (gpg -sea)
2. PGP/MIME with combined encryptedn and signature.
3. Regular PGP/MIME where the signature is encapsulated into a MIME
object and that MIME object is than encrypted and encapsulated into
another MIME object.
2 and 3 are suggested; 3 has the advantage that it fits better with
the MIME framework and that it allows to strip the encryption header.
See RFC3156 for details. Most Windows mailers don't support 2 and 3,
What you did is similar to 3 but without using the correct MIME
syntax. MIME has the advantage that the sematics of the encrypted
data is known, and thus the mailer can do the Right Thing.
> considered above, the mailer seems to add these 3 "garbage" lines :
> Content-Type: text/plain; charset=ISO-8859-1
> Content-Transfer-Encoding: 8bit
That's no garbage, but meta information about the message; see rfc2882.