sign encrypted emails

Johannes Zarl johannes at
Sat Jan 4 22:28:26 CET 2014

On Saturday 04 January 2014 16:09:51 Leo Gaspard wrote:
> On Fri, Jan 03, 2014 at 07:31:29PM -0500, Daniel Kahn Gillmor wrote:
> > In your example, the fact that a message was encrypted makes the
> > recipient treat it as though the sender had indicated something specific
> > about the message because it was encrypted.  This is bad policy, since
> > there is no indication that the sender encrypted the message themselves,
> > or even knew that the message was encrypted.
> Which is exactly the reason for which Hauke proposed to sign the encrypted
> message in addition to signing the cleartext message, is it not?

Wouldn't one have to encrypt the signed-encrypted-signed message again to 
prevent an attacker from stripping away the outer signature? What would the 
recipient then do with the simple signed-encrypted message?

> Sure, there might be other ways: add a message stating to which key the
> message is encrypted, etc. But this one has the advantage of requiring
> AFAICT no alteration to the standard, and of being easily automated, for
> humans are quite poor at remembering to always state to which key they
> encrypt.
> Anyway, wouldn't you react differently depending on whether a message was
> encrypted to your offline key or unencrypted?

One should certainly not act differently depending on the encryption of a 
message. Maybe with the one exception of timeliness: If a message is 
encrypted, you'll probably be ok with me reading the mail when I'm at my home 
computer. If a message is encrypted to my offline key, you'll be prepared to 
wait for a month or so (many people have their offline-key in a safe deposit 

Of course this opens way to subtle timing attacks (delaying reading a message 
until it is no longer relevant), but these subtle attacks can be done using 
simpler means (holding the message in transit).


More information about the Gnupg-users mailing list