sign encrypted emails

Hauke Laging mailinglisten at
Sun Jan 5 04:38:58 CET 2014

Am Sa 04.01.2014, 22:28:26 schrieb Johannes Zarl:

> Wouldn't one have to encrypt the signed-encrypted-signed message again
> to prevent an attacker from stripping away the outer signature? What
> would the recipient then do with the simple signed-encrypted message?

That would be possible for an attacker but not make any sense: If the 
recipient expects the outer signature (only then this feature is a 
protection like signing is a protection only if the recipient acts 
differently on signed vs. non-signed messages) then the attacker is 
discovered without any advantage.

There is another reason for creating this fourth layer: Some people want 
to hide the metadata (who made the signature).

> One should certainly not act differently depending on the encryption
> of a message.

You are aware that is doesn't make any sense to make this claim without 
any argument after the opposite has been claimed with an argument (a 
very strong one)?

Crypto für alle:
OpenPGP: 7D82 FB9F D25A 2CE4 5241 6C37 BF4B 8EEF 1A57 1DF5
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 572 bytes
Desc: This is a digitally signed message part.
URL: </pipermail/attachments/20140105/ee85f8ea/attachment-0001.sig>

More information about the Gnupg-users mailing list