Subject: Re: recover private key

Robert J. Hansen rjh at
Wed Jan 14 00:21:26 CET 2009

Avi wrote:
> For example, given the possibility of a piece of an e-mail being
> quoted out of context, signing my messages allows me to
> demonstrate the totality of what I did write at the time I wrote
> it, so I have a recourse to show the entire post and its
> context. The same would apply for text documents, etc.

Yes and no.  If I ask "Avi, did you really say 'I liked Yasser
Arafat'?'", you might present me with this message:

	"With respect to the Munich Massacre -- I don't know
	 who was ultimately responsible for it, but I always
	 liked Yasser Arafat as the chief culprit."

... But unbeknownst to me, you /did/ actually say "I liked Yasser
Arafat.  I liked him quite a bit, really.  I often had him over for tea
and scones and we would talk about our families."

When confronted with the quote "I like Yasser Arafat", you wanted to be
able to deny saying it.  So you wrote up an innocuous text message
involving the Munich Massacre, reset your computer clock back, signed
it, and then presented me with the doctored message as proof of what you
_really_ said at that point in time.

You cannot use signatures to put excerpts in context, not in the general
case.  The timestamp problem is a killer.

If the person presenting you with a quote also includes the signature of
the message they're quoting, though, then yes, this becomes possible.
But if they're excerpting you, odds are good they don't have your signature.

More information about the Gnupg-users mailing list