verifying signature after decryption

Atom 'Smasher' atom-gpg at suspicious.org
Mon Apr 26 19:38:13 CEST 2004


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

> Someone mentioned on this list a while back that GPG supports
> extracting the symmetric session key used for a message.  If you
> provide this session key to someone, they can use GPG to decrypt that
> particular message only, including the signature.  I'm not sure what
> the exact commands are.
====================================

the session key is extracted with --show-session-key and used with
- --override-session-key.

this requires some extra work on the recipients end. ideally, i'd like to
make it idiot-resistant enough that it would automagically work, like in
someones MUA.

some people are deathly afraid of the command line. some people can be
taught how to use pgp in their MUA, but might not trust instructions that
a geek tells them to run on the command line.


	...atom

 _________________________________________
 PGP key - http://atom.smasher.org/pgp.txt
 3EBE 2810 30AE 601D 54B2 4A90 9C28 0BBF 3D7D 41E3
 -------------------------------------------------

	"We do many things at the federal level
	 that would be considered dishonest and
	 illegal if done in the private sector."
		-- Ronald Reagan
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (FreeBSD)
Comment: What is this gibberish?  -  http://atom.smasher.org/links/#digital_signatures

iEYEARECAAYFAkCNSQoACgkQnCgLvz19QeNOxACePmL2zW6bjhp41NxxcV3Qm9tt
1pcAnR7/FnFI0h6fvbPEPYfDPlu9r9PR
=3p7R
-----END PGP SIGNATURE-----



More information about the Gnupg-users mailing list