[Q]signing an encrypting, integirty

Lukasz Stelmach Lukasz.Stelmach@k.telmark.waw.pl
Wed Jul 9 17:12:03 2003

Content-Type: text/plain; charset=iso-8859-2
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

Greetings All!!!

I have found an article in Dr.Dobb's Journal about <subj.>. There
has been shown a problem of dependency between signed text and
and encryption. Lets assume we have three parties Alice, Bob
and Charlie (A,B,C)

* A,B,C are their public keys
* a,b,c are their private keys (for signing)
* {msg}A means "msg encrypted for Alice"
* {msg}b means "msg signed by Bob"

Now, there is situation:"


Alice sends, some secret data to Bob. Bob can decrypt message
and crypt it for Charlie as if it has been sent by Alice:


which in fact is not true. There is no way for charile to
know that Bob has anything to do with the message.

If Alice has first encrypted and then signed the message


Bob can't do the same trick. But this is not fully secure either.
Now Charlie if he knows what is in the message he can strip Alice's
signature and give his own:


and Bob may think Charlie is the author.

There are several simple ways walk around these problems. Alice may

{{To: Bob, msg}a}B

and Bob cannot send msg to Charlie and pretend that he has nothing
to do with taht message. The other case may be solved this way:

{{msg, Wrote by Alice}B}a

Now Bob knows taht msg should have been signed by Alice not by Charlie.

In the article (i can't remever the issue now) mentioned above
there were som other soulutions too. My [Q] is now:

Are there any "automatic" ways in GnuPG (open PGP) to avoid
such situations?

|/       |_,  _   .-  --,  Ju=BF z ka=BFdej strony pe=B3zn=B1, potworne rz=
|__ |_|. | \ |_|. ._' /_.         B=EAd=EA uprawia=B3 nierz=B1d, za pieni=

Content-Type: application/pgp-signature
Content-Disposition: inline

Version: GnuPG v1.2.2 (FreeBSD)