sign and encrypt
vedaal at hush.com
vedaal at hush.com
Tue Jun 6 16:51:20 CEST 2006
mkontakt at gmail.com mkontakt at gmail.com wrote on
Tue Jun 6 14:09:36 CEST 2006 :
> I can thing of other solutions as s-e-s or
> signing the header of email messages in separate mime part,
> but it would consume cpu, as you would not be able to sign a
message > and simply encrypt it n-times with recipients keys.
there is a simpler way,
just add the following line to the end your message,
before signing:
"this signed and encrypted message,
is intended for, and being encrypted to,
the following key(s):
(list user id's and fingerprints)"
this will be unqusetioned by all the recipients you really intended
to encrypt to,
*but*
it doesn't deal with a potentially more difficult situation :
proving you signed something,
to someone whom you would prefer it 'not' proved to ;-((
i.e.
if one of your recipients later has a disagreement with you,
and wants to harm you by 'leaking/publicly posting' this material,
then any message that you sign and encrypt,
can be posted as
a verifiable free-standing clearsigned or armored-signed text
the only way around this is to develop a type of
'deniable signature'
(i.e. the person you sent it to, knows you really signed it,
but can't prove it to anyone else)
maybe,
once the open-pgp workgroup is ready to start with new ideas for
the next rfc revision,
there can be some agreement about this signature type
(there have been several interesting proposals)
for now,
one of the ways of doing this
(in pgp)
is to use a split-key/shared-key system,
a new key is 'split' to 2 or more public keys,
and signing privileges are set to '1' share
(signing privileges [and decrypting privileges]
can be set for 1 share, all shares, or any number in between,
so that it is possible to require the co-operation of 'all' sharers
to sign or decrypt)
when signing privileges are set to 1,
then 'any' of the sharers 'could have' signed it,
while all of them know who 'really' signed it,
--the one who 'sent' it
(this is especially true when there are only 2 sharers,
since the receiver knows that the receiver 'didn't' sign it)
posting it as a free-standing clearsigned message,
or re-encrypting and sending it to someone else,
still leaves the true signer's identity unprovable
so,
again :-)
feature request, (please, please :-) )
'split key/shared key' gnupg capability ...
Thanks,
vedaal
Concerned about your privacy? Instantly send FREE secure email, no account required
http://www.hushmail.com/send?l=480
Get the best prices on SSL certificates from Hushmail
https://www.hushssl.com?l=485
More information about the Gnupg-users
mailing list