Retrieving signature from message that was encrypted and signed in one step

Patrick Chkoreff patrick at fexl.com
Tue Apr 19 06:07:23 CEST 2005


On Apr 18, 2005, at 8:10 PM, Atom Smasher wrote:
> for now, the only way to do it is to extract the session key from the 
> message (--show-session-key) and send that along with the encrypted 
> message to your 3rd party. they can use "--override-session-key" to 
> decrypt the message and verify the signature.


How neat, thanks for the pointer.  Fortunately I do not intend to use 
this feature routinely, it would only be for rare cases where a dispute 
might arise.

But yes, the feature does work as you describe.


For example:

% gpg --show-session-key <msg.txt
...
Enter passphrase:

gpg: session key: "2:2622FADA5418975E1FA98A1C57913EB2283E115156155BC6"


Then:

% gpg --decrypt --override-session-key \
"2:2622FADA5418975E1FA98A1C57913EB2283E115156155BC6" <msg.txt


Here is a message which Patrick Chkoreff
encrypted and signed in one step.

gpg: Signature made Mon Apr 18 23:53:12 2005 EDT using DSA key ID 
E8754C0B
gpg: Good signature from "Patrick Chkoreff <patrick at fexl.com>"



> in most cases the session key should be encrypted (to your 3rd party), 
> because anyone who gets a hold of the session key can read the 
> message.


Sure, I would have the option of disclosing the session key to anyone 
or everyone.

Thanks again!


Best Regards,
Patrick




More information about the Gnupg-users mailing list