Retrieving signature from message that was encrypted and signed
in one step
atom at smasher.org
Tue Apr 19 02:10:18 CEST 2005
On Mon, 18 Apr 2005, Patrick Chkoreff wrote:
> I have a message that was encrypted and signed in one step. When I
> decrypt it, I can read the message and see that the signature is valid.
> So far so good.
> I would now like to relay this message to a third party so he can verify
> the signature too. But as far as I know, GPG has no way to do this.
> Can GPG do this? If not, why not? Is this lack of ability actually a
> feature? I suppose it could be a feature, because this gives the sender
> a way to prove to ME that he signed something, without giving me a way
> to prove that to anyone else.
> Is that the reason why what I want to do is not possible with GPG?
there's no reason it can't be done, but i don't know of any application
that can do it.
for now, the only way to do it is to extract the session key from the
message (--show-session-key) and send that along with the encrypted
message to your 3rd party. they can use "--override-session-key" to
decrypt the message and verify the signature.
in most cases the session key should be encrypted (to your 3rd party),
because anyone who gets a hold of the session key can read the message.
PGP key - http://atom.smasher.org/pgp.txt
762A 3B98 A3C3 96C9 C6B7 582A B88D 52E4 D9F5 7808
"The Final Act of the Uruguay Round, marking the conclusion of
the most ambitious trade negotiation of our century, will
give birth - in Morocco - to the World Trade Organization,
the third pillar of the New World Order, along with the
United Nations and the International Monetary Fund."
-- Part of full-page advertisement
by the government of Morocco in
The New York Times (April 1994)
More information about the Gnupg-users