Signature semantics
David Shaw
dshaw at jabberwocky.com
Tue Nov 4 17:58:49 CET 2008
On Tue, Nov 04, 2008 at 11:19:17AM -0500, vedaal at hush.com wrote:
> >One lesson that can be learned from this is that the signed
> >portion of
> >a message should contain sufficient context so that the message
> >cannot be repurposed in this fashion.
>
>
> one of the ways to protect Alice (or any unwary sender)
> is to have a feature to do exactly that,
>
> that if a message is sent signed and encrypted,
> to have gnupg prompt the following:
>
> gpg: you have chosen to sign and encrypt your message
> gpg: would you like to have gnupg add a line to the plaintext
> before the signature, saying "this message is encrypted to
> <keyname>" ? y/n
> gpg: you have chosen n
> gpg: your signed and encrypted message can separated and re-
> encrypted to another key with its signature intact
> gpg: really choose n ? y/n
It is not the place of GPG to modify the plaintext. If it is needed,
that's the job of a mail program or other program that uses GPG. GPG
should just provide necessary primitives to solve this, and it does:
gpg --sig-notation "whatever at example.com=I encrypted this to Baker!" --sign --encrypt blah.txt
The notation will be hashed into the signature and cannot be removed
without invalidating the signature.
All that said, doing this isn't a cure-all. Alice (the signer here)
may not want her intended target to be public.
David
More information about the Gnupg-users
mailing list