sign encrypted emails
Hauke Laging
mailinglisten at hauke-laging.de
Fri Jan 3 11:28:28 CET 2014
Am Fr 03.01.2014, 10:02:28 schrieb MFPA:
> OpenPGP's mitigation against this is signing emails, and the web of
> trust to give assurance who signed.
That's exactly why I want signatures. But I do not only want a signature
which guarantees the data integrity, I want a(nother) signature which
guarantees the (correct) encryption.
> You mean the recipient has 2 keys, one of which the adversary has
> compromised? And the adversary intercepts and decrypts mail that is
> encrypted to the compromised key, then sends it on its way encrypted
> to the non-compromised key?
Yes, that is the more complicated case.
> Again, this would be flagged up if the
> sender was in the habit of signing outgoing messages (as you stated).
No, it wouldn't. The reason is that the signature is created the same
way in the two cases encrypted and non-encrypted. Thus you can apply
encryption later with the recipient having no chance at all to determine
who encrypted.
> > (this may mean that you sign it twice: once
> > before and once after encryption).
>
> Is that better than the usual signing and encryption carried out
> together?
It is better with respect to ensuring the encryption. It has
disadvantages, though, otherwise we wouldn't do it the other way round.
Proving the authenticity becomes more difficult if there is no signature
within the encryption because a third party cannot encrypt the data. You
would need to give them the session key. Who is capable of doing that?
Furthermore you cannot know whether an encrypted message has been signed
within. That may be an advantage in certain situations. You can send an
encrypted message anonymously. That is not possible with my proposal
(you would have to add a fourth layer... not difficult though).
But I do not suggest to make my configuration the default. I just want
to be able to use it. Sometimes it's best to send a signed cleartext
message, sometimes to send an unsingned encrypted message, sometimes a
first signed then encrypted message and I want to stress that sometimes
it's best to send a first encrypted then signed (or signed-encrypted-
signed) message.
> Both your examples seem to involve encrypted-only and not signed
> messages,
The problem is the same with signed and unsigned messages.
> so would be unaffected by introducing additional signature
> options.
I don't understand that statement.
Hauke
--
Crypto für alle: http://www.openpgp-schulungen.de/fuer/unterstuetzer/
http://userbase.kde.org/Concepts/OpenPGP_Help_Spread
OpenPGP: 7D82 FB9F D25A 2CE4 5241 6C37 BF4B 8EEF 1A57 1DF5
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 572 bytes
Desc: This is a digitally signed message part.
URL: </pipermail/attachments/20140103/cb34cbb4/attachment.sig>
More information about the Gnupg-users
mailing list