MIME or inline signature ?

Ludwig Hügelschäfer mlisten at hammernoch.net
Mon Feb 16 07:43:52 CET 2015


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

On 16.02.15 00:07, Robert J. Hansen wrote:
>> A "bad signature" _only shows one thing_: The message was
>> modified along the way from the signing process (at the senders
>> computer) to the verification process (at your computer).
> 
> It doesn't even show that.
> 
> The modification can be in the signature, not the message --
> meaning it's possible to have an entirely unchanged message, but
> still have a bad signature.
> 
> A good signature verifies message integrity.  A bad signature does
> not confirm tampering: it only states the integrity is not
> assured.

You're right. I assumed that modification would be anywhere in message
text and signature as a whole, but my wording too tight.

Ludwig

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2

iQIcBAEBCgAGBQJU4ZGoAAoJEDrb+m0Aoeb+fHAP/RHqt/jo8DTIXvtm+ZaggDGi
DRb3KKhnBDhHLsGRSX3xd9om/gmRDLtSSzObp63Gq3LQQg2lfIErfYqsyAChvtzL
0/zjzoRoVBrPjbbiPR5QVX1ge3xWUEeR6X4GLSKtbsPBLizS/bNelYoa4EdfNn3P
rY/DXmflm26hZYTGX6GbV321zQtV0MDNop1JFn6jhazwOFNQTssIwVGchKCkwgGz
+9aL9coSEFeqnimwS+JURpYZT3nKRa4CmUJOZ0M915DSL3GIBK9qmRoWeEGgvkSr
f54r6F2FU/Xqg2eUZI8wXrVE2fk8V38BZSWQfxwtdXzHGLxmD3xgUHjneiJBFU8L
d3XrM/iqcQWBFpCwOHizms3QZBHk7RHwcEq3XpOtc9h0hVBp80AdsWGVx2kfG8jD
2e9hyXOxIlDoAM0tdWFa45tTnys/XkGp5HNmkquNdiQtkF7IkNP2Dc85QdAXaPJ9
WLHXfVMlA4AbzZuvhrzfjWaEHDx+6xrq8OiP8xvHQ8AFyMwFmiI8xSxdC5x9hnBa
bH8FYVoDVdupTt6n/nm/7pS/Gd6iUy4/2xX8vKuff2kXRS+Duw59jmwqYi72lDwk
AA076cJskTXzu0XVG47uc37AnQPv6qB+JwKqmoH0uioft0MKmzPLMAOQmAZultGq
txZuf+NZ0KLIRrEf7HAD
=+TQu
-----END PGP SIGNATURE-----



More information about the Gnupg-users mailing list