small security glitches
Aaron Toponce
aaron.toponce at gmail.com
Tue Nov 1 13:35:11 CET 2011
On Tue, Nov 01, 2011 at 02:04:31AM -0500, John A. Wallace wrote:
> Hello. I was reading this page,
> http://www.gnupg.org/faq/GnuPG-FAQ.html#cant-we-have-a-gpg-library , and I
> found this comment near the end of it in the section entitled "How does this
> whole thing work?": "There is a small security glitch in the OpenPGP (and
> therefore GnuPG) system; to avoid this you should always sign and encrypt a
> message instead of only encrypting it." If this is still applicable, would
> you explain what the small glitch is? Are there any other small glitches
> explained elsewhere, which I may not have noticed? There is a lot of
> documentation, and I am hoping to absorb it as much as I can. Thanks.
The "glitch" is exactly as described: you should always sign and encrypt a
message instead of only encrypting it. I could send you malicious encrypted
content, and masquerade as someone else behind a different email address-
maybe someone with a good reputation for security in the OpenPGP community.
Without signing the message, and only encrypting it to your public key, you
have no way to verify who really sent you the message.
Now switch sides. Suppose you're sending an encrypted mail to a collegue.
You're encrypting it for his eyes only. If you don't sign the message, he
may or may not choose to decrypt it. If you sign the encrypted mail, then
he can verify the signature, see if he trusts that key, and make a more
meaningful decision.
The "glitch" is that for security AND trust, messages must be both
encrypted and signed.
--
. o . o . o . . o o . . . o .
. . o . o o o . o . o o . . o
o o o . o . . o o o o . o o o
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 519 bytes
Desc: Digital signature
URL: </pipermail/attachments/20111101/4827d473/attachment.pgp>
More information about the Gnupg-users
mailing list