verifying signature after decryption

Atom 'Smasher' atom-gpg at
Sun Apr 25 10:24:17 CEST 2004

Hash: SHA1

calling on our good friends alice and bob....

alice sends me (and only me) a message that's signed+encrypted. i need to
show bob that this message is signed by alice.

i can think of two ways to do this:
 1) i give bob a copy of the encrypted message, my secret key and my
	password, so he can decrypt the message and see that it's signed
	by alice. of course, this would be dumb.
 2) i can give bob a copy of the encrypted message, and the session key. i
	can instruct bob how to use the "--override-session-key" option.
	this requires that bob can understand and follow instructions.

question: is there a way to extract the signed message, including the
signature, from an encrypted message?

in other words, can i take alice's signed+encrypted message, and pass it
to bob either in plaintext or encrypted to bob's key, while still
maintaining alice's signature over her message?

of course, it must be ~possible~ to do this, but is there any ~practical~
way to do this?


 PGP key -
 3EBE 2810 30AE 601D 54B2 4A90 9C28 0BBF 3D7D 41E3

	"Vietnam was the first war ever fought without
	 any censorship. Without censorship, things can
	 get terribly confused in the public mind."
		-- General William Westmoreland
Version: GnuPG v1.2.4 (FreeBSD)
Comment: What is this gibberish?  -


More information about the Gnupg-users mailing list