atom at smasher.org
Thu Dec 1 04:03:19 CET 2005
On Wed, 30 Nov 2005, Kurt Fitzner wrote:
> I am contemplating a change to my GnuPG Explorer Extension, but I need
> some background information.
> I know that encrypting a file without signing it is commonly done with
> symmetrical encryption. My question is, do people commonly use GnuPG to
> encrypt a file without signing it using PK-encryption?
> Personally, I don't think this would be very common at all. I mean, I
> can come up with conceptual reasons why someone might want to encrypt a
> file to someone else's key without signing the file, but in practice I
> would think it would be very rare.
> I would appreciate knowing if this is something that is commonly done,
> or if it is very rare.
done all the time in email for, um, (somewhat) plausible deniability.
encrypting without signing can also be useful in automated encryption
applications where it would not be beneficial to leave a signing key
laying around. things such as writing data to a database or sending out an
encrypted email can benefit from public key encryption; if the server is
successfully attacked, the public key is compromised and can not aid the
attacker in recovering encrypted data. adding a signing key (that's
available to an automated application, and also an attacker) only adds a
false sense of security as to the message's authenticity.
PGP key - http://atom.smasher.org/pgp.txt
762A 3B98 A3C3 96C9 C6B7 582A B88D 52E4 D9F5 7808
"According to the Environmental Protection Agency, factory farming
pollutes U.S. waterways more than all industrial sources combined."
More information about the Gnupg-users