sign encrypted emails
Daniel Kahn Gillmor
dkg at fifthhorseman.net
Fri Jan 3 18:50:47 CET 2014
On 01/03/2014 08:12 AM, Leo Gaspard wrote:
> So changing the encryption could break an opsec.
If someone's opsec is based on the question of whether a message was
encrypted or not, then they've probably got their cart before their
horse too.
opsec requirements should indicate whether you encrypt, not the other
way around.
> BTW, is a timestamp included in the signature? If not, it could lead to similar
> issues.
Yes, all OpenPGP signatures generated by standards-compliant tools
include a timestamp:
https://tools.ietf.org/html/rfc4880#section-5.2.3.4
--dkg
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 1027 bytes
Desc: OpenPGP digital signature
URL: </pipermail/attachments/20140103/e633047e/attachment.sig>
More information about the Gnupg-users
mailing list