sign and encrypt
vedaal at hush.com
vedaal at hush.com
Wed Jun 7 23:20:39 CEST 2006
Joe Smith unknown_kev_cat at hotmail.com wrote on
Wed Jun 7 21:08:05 CEST 2006 :
> Encrypt and then sign does not have this problem,
> unless the other person is willing to sacrifice
> his/her private key.
> To avoid leaking information via the signature
> Encrypt-sign-encrypt could work.
no
the receiver could simply post the message and the session keys,
it also doesn't protect against surreptious forwarding,
the receiver can decrypt the outer layer,
and leave the inner encrypted layer, with the signature intact,
and re-encrypt to any toher key and send it along
vedaal
Concerned about your privacy? Instantly send FREE secure email, no account required
http://www.hushmail.com/send?l=480
Get the best prices on SSL certificates from Hushmail
https://www.hushssl.com?l=485
More information about the Gnupg-users
mailing list