bad signature on encrypted and signed block?
dshaw at jabberwocky.com
Fri Jul 21 23:54:46 CEST 2006
On Fri, Jul 21, 2006 at 03:00:34PM -0300, Luis wrote:
> Can a GPG encrypted AND signed block (as in $gpg -a -e -s -r email at address
> msg.txt) end up showing a "BAD signature" warning? Or is it impossible
> because changes to the block would make it invalid, giving a CRC error
> before the signature could be checked?
No, it is definitely possible. The CRC is not nearly as strong as the
signature for validation.
More information about the Gnupg-users