Why sign as well as encrypt files stored on untrusted drives?

Chris Poole lists at chrispoole.com
Thu Jul 14 11:48:10 CEST 2011

On Thu, Jul 14, 2011 at 4:58 AM, Jerome Baum <jerome at jeromebaum.com> wrote:

> On the manifest file, if you're hashing the encrypted files then it's
> really useless (the attacker can just re-hash and re-encrypt for the
> manifest file).

Yes, Duplicity uses these message digests only as a checksum, to make
sure corruption didn't occur during network transfer (i.e., nothing

Thanks for the help. I'm just going to get used to entering my
passphrase a little more!


Chris Poole
[PGP BAD246F9]

More information about the Gnupg-users mailing list