GnuPG Clearsign vs. PGP/MIME Signing
Werner Koch
wk at gnupg.org
Mon Jun 6 18:32:15 CEST 2005
On Mon, 06 Jun 2005 16:16:54 +0200, Sascha Kiefer said:
> The PGP/MIME RFC states that you can first sign and then encrypt the mail.
Doing this on the MIME level allows you to easily strip the encryption
layer while leaving the signature intact.
> In S/MIME it is allowed to first encrypt and then sign the message.
> Do you think it's feasible to do the same in PGP/MIME? I think it is
Yes it is possible but you should not do it.
When signing an encrypted document you don't know what you are
actually signing and it won't be possible to keep the signature intact
(e.g. archival purposes) without compromising the encryption key.
Salam-Shalom,
Werner
More information about the Gnupg-users
mailing list