sign encrypted emails
mailinglisten at hauke-laging.de
Sun Jan 5 04:38:58 CET 2014
Am Sa 04.01.2014, 22:28:26 schrieb Johannes Zarl:
> Wouldn't one have to encrypt the signed-encrypted-signed message again
> to prevent an attacker from stripping away the outer signature? What
> would the recipient then do with the simple signed-encrypted message?
That would be possible for an attacker but not make any sense: If the
recipient expects the outer signature (only then this feature is a
protection like signing is a protection only if the recipient acts
differently on signed vs. non-signed messages) then the attacker is
discovered without any advantage.
There is another reason for creating this fourth layer: Some people want
to hide the metadata (who made the signature).
> One should certainly not act differently depending on the encryption
> of a message.
You are aware that is doesn't make any sense to make this claim without
any argument after the opposite has been claimed with an argument (a
very strong one)?
Crypto für alle: http://www.openpgp-schulungen.de/fuer/unterstuetzer/
OpenPGP: 7D82 FB9F D25A 2CE4 5241 6C37 BF4B 8EEF 1A57 1DF5
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 572 bytes
Desc: This is a digitally signed message part.
More information about the Gnupg-users