comment and version fields.
Robert J. Hansen
rjh at sixdemonbag.org
Sun Apr 1 22:05:37 CEST 2007
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
> fields. I suppose its futile to try to change a standard but it
> seems that it might be very damaging indeed to have a signed
> message altered after signing. That seems to defeat the reason for
> signing as the common person would assume that a signed message is
> protected entirely against unauthorised changes.
The signed message _is_ protected entirely against unauthorized
changes. Or, rather, as close to "entirely" as you can get with our
current level of cryptography.
The signature block is just a private-key encryption of the digest of
the message, plus a few additional bits of information of use to
OpenPGP. That private-key encryption of the digest of the message is
the signature. Everything else is, to some degree, irrelevant, with
some things being more irrelevant than others.
If you alter a comment field, you're not altering either the original
message nor the private-key encryption of the digest of the message.
So what's the complaint? How is this tampering with the signature
scheme?
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.7 (Darwin)
iQEcBAEBCAAGBQJGEBCSAAoJELcA9IL+r4EJzS4IANXJtvWSKnxWBA4oowoyaRtG
QrQGSv1LQJ9sreJ0c+GmxTF8K9Hi+gTRPeoIy5NUN4HJV5x+TbxmkTpO1QvcVsgN
DfZYYf3sZugMOIdzQzbp0F63Z0SAV2Lz4NtRMiD6HflvQHovdE0V8k6M6G23XvcY
QLstIn+XMRWBdIXX2zE7RZxNGY73TOSobNI0lDcjMyoBrSkMSdkJ4QdJv07ChI5t
5X+/mwpdh4KU41DE/osuqwcV/vUCqJ7+EKhdKlvHNqlhWMvJnabL3ssvopgTU9yv
1oqLR14toInTrUZGJ8mxkEmzdDKRm53qEfGKEmmsTNS0w5QBUgDRBOJY3ZgDis4=
=8OOA
-----END PGP SIGNATURE-----
More information about the Gnupg-users
mailing list