Atom Smasher atom at
Thu Dec 1 04:03:19 CET 2005

On Wed, 30 Nov 2005, Kurt Fitzner wrote:

> I am contemplating a change to my GnuPG Explorer Extension, but I need 
> some background information.
> I know that encrypting a file without signing it is commonly done with 
> symmetrical encryption.  My question is, do people commonly use GnuPG to 
> encrypt a file without signing it using PK-encryption?
> Personally, I don't think this would be very common at all.  I mean, I 
> can come up with conceptual reasons why someone might want to encrypt a 
> file to someone else's key without signing the file, but in practice I 
> would think it would be very rare.
> I would appreciate knowing if this is something that is commonly done, 
> or if it is very rare.

done all the time in email for, um, (somewhat) plausible deniability.

encrypting without signing can also be useful in automated encryption 
applications where it would not be beneficial to leave a signing key 
laying around. things such as writing data to a database or sending out an 
encrypted email can benefit from public key encryption; if the server is 
successfully attacked, the public key is compromised and can not aid the 
attacker in recovering encrypted data. adding a signing key (that's 
available to an automated application, and also an attacker) only adds a 
false sense of security as to the message's authenticity.


  PGP key -
  762A 3B98 A3C3 96C9 C6B7 582A B88D 52E4 D9F5 7808

 	"According to the Environmental Protection Agency, factory farming
 	 pollutes U.S. waterways more than all industrial sources combined."
 		-- PETA

More information about the Gnupg-users mailing list