Show that an encrypted message was signed, without decrypting it

Stefan Claas sac at
Sun Oct 11 09:59:12 CEST 2020

Helmut Waitzmann Anti-Spam-Ticket.b.qc3c wrote:
> Stefan Claas <sac at>:
> >I was reading old GnuPG threads were people were asking if it's 
> >possible to extract a signature from an encrypted message.
> >
> >I would like to ask, I don't know if this is already possible or 
> >if it's planned, if Alice would request from Bob that he always 
> >signs his messages and Bob, lazy as he is, often forgets this, 
> >can Alice check if Bob's encrypted message(s) have signed byte(s) 
> >set, without actually decrypting or revealing Bob's identity?
> As far as I know this is impossible, because messages are first 
> signed and then encrypted, i. e. the signature is encrypted, 
> too.  Therefore there is no access to the signature unless the 
> message is decrypted. 
> >If the encrypted messages would not be signed then Alice can 
> >simply discard the message(s).
> Yes, but why should she want to be able to do that?  She could 
> decrypt the message and, if it turns out that the message is not 
> signed, discard the message.

It would allow Alice (in her organization), or others, to do a
pre-check, with procmail etc., to set-up an auto-responder, informing
Bob that he did not signed his message and that his message will be
> >And is this optional in GnuPG, in case it is already implemented? 
> As far as I know the order “first sign, then encrypt” is 
> mandatory, so there is no way for GnuPG to deviate from it. 
> And this is a good thing, as it thwarts Eve eavesdropping on the 
> originator's identity (i. e. Bob) of a message sent to Alice. 

It should be not a mandatory feature and it should only append
secured bytes, which are stating that Bob's message contains a
signature (yes|no bytes), without revealing his identity.
Assuming the would technically possible.


NaClbox: cc5c5f846c661343745772156a7751a5eb34d3e83d84b7d6884e507e105fd675
  The computer helps us to solve problems, we did not have without him.

More information about the Gnupg-users mailing list