sign encrypted emails
Hauke Laging
mailinglisten at hauke-laging.de
Sun Jan 5 04:38:58 CET 2014
Am Sa 04.01.2014, 22:28:26 schrieb Johannes Zarl:
> Wouldn't one have to encrypt the signed-encrypted-signed message again
> to prevent an attacker from stripping away the outer signature? What
> would the recipient then do with the simple signed-encrypted message?
That would be possible for an attacker but not make any sense: If the
recipient expects the outer signature (only then this feature is a
protection like signing is a protection only if the recipient acts
differently on signed vs. non-signed messages) then the attacker is
discovered without any advantage.
There is another reason for creating this fourth layer: Some people want
to hide the metadata (who made the signature).
> One should certainly not act differently depending on the encryption
> of a message.
You are aware that is doesn't make any sense to make this claim without
any argument after the opposite has been claimed with an argument (a
very strong one)?
Hauke
--
Crypto für alle: http://www.openpgp-schulungen.de/fuer/unterstuetzer/
http://userbase.kde.org/Concepts/OpenPGP_Help_Spread
OpenPGP: 7D82 FB9F D25A 2CE4 5241 6C37 BF4B 8EEF 1A57 1DF5
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 572 bytes
Desc: This is a digitally signed message part.
URL: </pipermail/attachments/20140105/ee85f8ea/attachment-0001.sig>
More information about the Gnupg-users
mailing list