sign encrypted emails

Hauke Laging mailinglisten at hauke-laging.de
Fri Jan 3 11:28:28 CET 2014 

Am Fr 03.01.2014, 10:02:28 schrieb MFPA:

> OpenPGP's mitigation against this is signing emails, and the web of
> trust to give assurance who signed.

That's exactly why I want signatures. But I do not only want a signature 
which guarantees the data integrity, I want a(nother) signature which 
guarantees the (correct) encryption.


> You mean the recipient has 2 keys, one of which the adversary has
> compromised? And the adversary intercepts and decrypts mail that is
> encrypted to the compromised key, then sends it on its way encrypted
> to the non-compromised key?

Yes, that is the more complicated case.


> Again, this would be flagged up if the
> sender was in the habit of signing outgoing messages (as you stated).

No, it wouldn't. The reason is that the signature is created the same 
way in the two cases encrypted and non-encrypted. Thus you can apply 
encryption later with the recipient having no chance at all to determine 
who encrypted.


> > (this may mean that you sign it twice: once
> > before and once after encryption).
> 
> Is that better than the usual signing and encryption carried out
> together?

It is better with respect to ensuring the encryption. It has 
disadvantages, though, otherwise we wouldn't do it the other way round. 
Proving the authenticity becomes more difficult if there is no signature 
within the encryption because a third party cannot encrypt the data. You 
would need to give them the session key. Who is capable of doing that? 
Furthermore you cannot know whether an encrypted message has been signed 
within. That may be an advantage in certain situations. You can send an 
encrypted message anonymously. That is not possible with my proposal 
(you would have to add a fourth layer... not difficult though).

But I do not suggest to make my configuration the default. I just want 
to be able to use it. Sometimes it's best to send a signed cleartext 
message, sometimes to send an unsingned encrypted message, sometimes a 
first signed then encrypted message and I want to stress that sometimes 
it's best to send a first encrypted then signed (or signed-encrypted-
signed) message.


> Both your examples seem to involve encrypted-only and not signed
> messages,

The problem is the same with signed and unsigned messages.


> so would be unaffected by introducing additional signature
> options.

I don't understand that statement.


Hauke
-- 
Crypto für alle: http://www.openpgp-schulungen.de/fuer/unterstuetzer/
http://userbase.kde.org/Concepts/OpenPGP_Help_Spread
OpenPGP: 7D82 FB9F D25A 2CE4 5241 6C37 BF4B 8EEF 1A57 1DF5
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 572 bytes
Desc: This is a digitally signed message part.
URL: </pipermail/attachments/20140103/cb34cbb4/attachment.sig>

More information about the Gnupg-users mailing list