What is the benefit of signing an encrypted email

Werner Koch wk at gnupg.org
Wed Jan 12 11:48:39 CET 2011


On Wed, 12 Jan 2011 11:01, nicholas.cole at gmail.com said:

> in section 1.2 about not signing crypt texts?  Am I right that openpgp
> always encrypts signed text, rather than signing encrypted text, and

No.  It is common practice to sign and encrypt.  For gpg it is not the
default.  Before the introduction of the MDC (manipulation detection
code), the signing helped to mitigate a possible ciphertext scrambling
attack.  The MDC was introduced as a countermeasure for non signed
messages.

Note also, that signing an encrypted message creates a privacy problem
in that it is obvious who actually sent (or well signed) the message.


Salam-Shalom,

   Werner

-- 
Die Gedanken sind frei.  Ausnahmen regelt ein Bundesgesetz.




More information about the Gnupg-users mailing list