How to decrypt a message while preserving the signature?
Tony Lane
codeguro at gmail.com
Sun Nov 3 07:28:43 CET 2019
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
On 11/3/19 1:55 AM, Mark H Weaver wrote:
> I'm asking if there's a way to decrypt the message while preserving the
> existing signed message. Of course, this requires the private
> decryption key, but it should *not* require the private signing key.
I do not think there is a way to do this. When both '-s' and '-r' options
are used for some given file, the decryption operation atomically decrypts
and verifies the file. Actually, I don't think it goes through PGP in two
"passes" like you might think. You are probably best off having the signer
encrypt and sign distinctly, like so:
gpg -s <infile | gpg -er gpg at example.com -o outfile.sig.gpg
That way, you can extract the encryption layer to get to the signed file.
I think your request to "extract" the atomic sign-encrypt layer is at odds
with itself. The signed file is intended for the recipient only, so it
only makes sense that it can be decrypted/verified only by the recipient
as well.
-----BEGIN PGP SIGNATURE-----
iLkEARMKAB0WIQQWZv6JZKxO310TWtXo8fj9gx4T0wUCXb5zmgAKCRDo8fj9gx4T
05+9AgkBDfZ6XViQknKe1r70ipE8kbPQChaXu935oY5PVBw4ziQUUDsBVOQ31vJZ
mpUSHHZQ5WFqDbiwsn3vBJAs8wv8NzYCCQGEkmDntQ603IEIiN2CyOrFmiYHS/A1
dk3AuWRkIOlu6UYArY98CZT/5sY/9wkOCMRxlbjP5L+CASFllnPquu8C6w==
=CAwQ
-----END PGP SIGNATURE-----
More information about the Gnupg-users
mailing list