Is the signature encrypted
Peter Lebbing
peter at digitalbrains.com
Mon Nov 5 13:54:32 CET 2012
Hello,
> I would like to know if when I send an encrypted and signed message the
> signature is also encrypted or not ?
You can find out yourself whether GnuPG encrypts the signature. I did the following:
$ echo Hoi|gpg2 -o bla.gpg -r de500b3e -se
$ gpg2 --list-packets --list-only bla.gpg
:pubkey enc packet: version 3, algo 1, keyid 26F7563E73A33BEE
data: [2048 bits]
:encrypted data packet:
length: 368
As it turns out, the signature is inside the "encrypted data packet" (since it's
not outside it). So the answer is: yes, GnuPG does encrypt the signature. To
check there is indeed a signature:
$ gpg2 --list-packets bla.gpg
:pubkey enc packet: version 3, algo 1, keyid 26F7563E73A33BEE
data: [2048 bits]
:encrypted data packet:
length: 368
mdc_method: 2
gpg: encrypted with 2048-bit RSA key, ID 73A33BEE, created 2009-11-12
"Peter Lebbing <peter at digitalbrains.com>"
:compressed packet: algo=2
:onepass_sig packet: keyid 969E018FDE6CDCA1
version 3, sigclass 0x00, digest 2, pubkey 1, last=1
:literal data packet:
mode b (62), created 1352119549, name="",
raw data: 4 bytes
:signature packet: algo 1, keyid 969E018FDE6CDCA1
version 4, created 1352119549, md5len 0, sigclass 0x00
digest algo 2, begin of digest b0 37
hashed subpkt 2 len 4 (sig created 2012-11-05)
subpkt 16 len 8 (issuer key ID 969E018FDE6CDCA1)
data: [2046 bits]
This time I decrypted the packet (I omitted --list-only and it asked for my
smartcard PIN). Unfortunately (IMHO), --list-packets doesn't show hierarchy, so
it's not very apparent that the signature is inside the encrypted data packet,
but this time we do see a signature, so it's obviously there.
An interesting followup question is: does the OpenPGP standard dictate that it
be done this way, or is it left up to the implementer? I think somebody else
will know this without checking (I do not).
HTH,
Peter.
--
I use the GNU Privacy Guard (GnuPG) in combination with Enigmail.
You can send me encrypted mail if you want some privacy.
My key is available at <http://digitalbrains.com/2012/openpgp-key-peter>
More information about the Gnupg-users
mailing list