How to decrypt a message while preserving the signature?

Mark H Weaver mhw at
Sun Nov 3 06:55:03 CET 2019

Tony Lane wrote:

>> Does GnuPG provide a mechanism to decrypt an encrypted-and-signed
>> message in such a way that preserves the original signature, such that
>> the original signature can be independently verified by an arbitrary
>> third-party?
> The term you're looking for is a detached signature.
> You can create a detached signature (or any signature, really) only if
> you possess the private key.

I know what a detached signature is.  You misunderstood what I'm asking

In simple terms, my understanding is that when you sign-and-encrypt a
message, it is first signed, resulting in a signed message (a message
plus signature), and then the signed message (message plus signature) is
encrypted.  The details are likely more complicated, but at a high level
of abstraction, that's my understanding of what's going on.  Please
correct me if I'm wrong.

I'm asking if there's a way to decrypt the message while preserving the
existing signed message.  Of course, this requires the private
decryption key, but it should *not* require the private signing key.

I can study the details and implement this myself if necessary, but to
save myself precious time and energy, I'm asking if GnuPG already
provides a mechanism to do this.  More generally, does there exist free
software to do this?


More information about the Gnupg-users mailing list