email bot for PGP/MIME PGP/Inline conversion

Doug Barton dougb at dougbarton.us
Mon Jul 14 22:10:22 CEST 2014


On 07/14/2014 10:49 AM, Schlacta, Christ wrote:
> Verify, strip, resign.

That would be exactly the wrong way to do it. The only reasonably secure 
way, and the only way anyone knowledgeable about cryptography would 
accept, is to synthesize an inline message which contained the original 
signature.

Your points about the bot becoming compromised are exactly why not to do 
what you suggested.

Doug




More information about the Gnupg-users mailing list