sign encrypted emails

Daniel Kahn Gillmor dkg at
Fri Jan 3 18:50:47 CET 2014

On 01/03/2014 08:12 AM, Leo Gaspard wrote:
> So changing the encryption could break an opsec.

If someone's opsec is based on the question of whether a message was
encrypted or not, then they've probably got their cart before their
horse too.

opsec requirements should indicate whether you encrypt, not the other
way around.

> BTW, is a timestamp included in the signature? If not, it could lead to similar
> issues.

Yes, all OpenPGP signatures generated by standards-compliant tools
include a timestamp:


-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 1027 bytes
Desc: OpenPGP digital signature
URL: </pipermail/attachments/20140103/e633047e/attachment.sig>

More information about the Gnupg-users mailing list