How to decrypt a message while preserving the signature?
codeguro at gmail.com
Sun Nov 3 07:28:43 CET 2019
-----BEGIN PGP SIGNED MESSAGE-----
On 11/3/19 1:55 AM, Mark H Weaver wrote:
> I'm asking if there's a way to decrypt the message while preserving the
> existing signed message. Of course, this requires the private
> decryption key, but it should *not* require the private signing key.
I do not think there is a way to do this. When both '-s' and '-r' options
are used for some given file, the decryption operation atomically decrypts
and verifies the file. Actually, I don't think it goes through PGP in two
"passes" like you might think. You are probably best off having the signer
encrypt and sign distinctly, like so:
gpg -s <infile | gpg -er gpg at example.com -o outfile.sig.gpg
That way, you can extract the encryption layer to get to the signed file.
I think your request to "extract" the atomic sign-encrypt layer is at odds
with itself. The signed file is intended for the recipient only, so it
only makes sense that it can be decrypted/verified only by the recipient
-----BEGIN PGP SIGNATURE-----
-----END PGP SIGNATURE-----
More information about the Gnupg-users