Is the signature encrypted

Hauke Laging mailinglisten at
Mon Nov 5 16:29:24 CET 2012

Am Mo 05.11.2012, 10:01:02 schrieb David Shaw:

> Virtually always you *want* your signature to be encrypted.

Why? What critical information is exposed by the signature, assuming I do not 
forge the from address?

> Why would you want something else?

The virus-checking mail gateway may want to at least be sure about the sender 
(which does not assure it of the sending system being non-compromised and not 

My personal reason is that I (in contrast to one well-known member of this 
list...) believe signatures to be the only solution against spam and do not 
want the filters be forced into the the mail client. This could be done by 
other means than the data signature though. I don't understand why PGP/MIME 
does not define a seperate signature for the relevant sender created headers 
(from, to, subject, date). That would protect the headers and allow filters to 
check the sender without exposing the data signature.

PGP: 7D82 FB9F D25A 2CE4 5241 6C37 BF4B 8EEF 1A57 1DF5 (seit 2012-11-04)
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 572 bytes
Desc: This is a digitally signed message part.
URL: </pipermail/attachments/20121105/ebf36b9e/attachment.pgp>

More information about the Gnupg-users mailing list