bad signature on encrypted and signed block?

David Shaw dshaw at
Fri Jul 21 23:54:46 CEST 2006

On Fri, Jul 21, 2006 at 03:00:34PM -0300, Luis wrote:
> Can a GPG encrypted AND signed block (as in $gpg -a -e -s -r email at address
> msg.txt) end up showing a "BAD signature" warning? Or is it impossible
> because changes to the block would make it invalid, giving a CRC error
> before the signature could be checked?

No, it is definitely possible.  The CRC is not nearly as strong as the
signature for validation.


More information about the Gnupg-users mailing list