Signature semantics

David Shaw dshaw at
Tue Nov 4 17:58:49 CET 2008

On Tue, Nov 04, 2008 at 11:19:17AM -0500, vedaal at wrote:

> >One lesson that can be learned from this is that the signed 
> >portion of
> >a message should contain sufficient context so that the message 
> >cannot be repurposed in this fashion.  
> one of the ways to protect Alice (or any unwary sender)
> is to have a feature to do exactly that,
> that if a message is sent signed and encrypted,
> to have gnupg prompt the following:
> gpg: you have chosen to sign and encrypt your message
> gpg: would you like to have gnupg add a line to the plaintext 
> before the signature, saying "this message is encrypted to 
> <keyname>" ?  y/n
> gpg: you have chosen  n
> gpg: your signed and encrypted message can separated and re-
> encrypted to another key with its signature intact
> gpg: really choose n ? y/n

It is not the place of GPG to modify the plaintext.  If it is needed,
that's the job of a mail program or other program that uses GPG.  GPG
should just provide necessary primitives to solve this, and it does:

  gpg --sig-notation "whatever at encrypted this to Baker!" --sign --encrypt  blah.txt

The notation will be hashed into the signature and cannot be removed
without invalidating the signature.

All that said, doing this isn't a cure-all.  Alice (the signer here)
may not want her intended target to be public.


More information about the Gnupg-users mailing list