Show that an encrypted message was signed, without decrypting it
Stefan Claas
sac at 300baud.de
Sun Oct 11 17:09:23 CEST 2020
Stefan Claas wrote:
> Helmut Waitzmann Anti-Spam-Ticket.b.qc3c wrote:
>
> > Stefan Claas <sac at 300baud.de>:
> >
> > >I was reading old GnuPG threads were people were asking if it's
> > >possible to extract a signature from an encrypted message.
> > >
> > >I would like to ask, I don't know if this is already possible or
> > >if it's planned, if Alice would request from Bob that he always
> > >signs his messages and Bob, lazy as he is, often forgets this,
> > >can Alice check if Bob's encrypted message(s) have signed byte(s)
> > >set, without actually decrypting or revealing Bob's identity?
> >
> > As far as I know this is impossible, because messages are first
> > signed and then encrypted, i. e. the signature is encrypted,
> > too. Therefore there is no access to the signature unless the
> > message is decrypted.
> >
> > >If the encrypted messages would not be signed then Alice can
> > >simply discard the message(s).
> >
> > Yes, but why should she want to be able to do that? She could
> > decrypt the message and, if it turns out that the message is not
> > signed, discard the message.
>
> It would allow Alice (in her organization), or others, to do a
> pre-check, with procmail etc., to set-up an auto-responder, informing
> Bob that he did not signed his message and that his message will be
> discarded.
>
> > >And is this optional in GnuPG, in case it is already implemented?
> >
> >
> > As far as I know the order “first sign, then encrypt” is
> > mandatory, so there is no way for GnuPG to deviate from it.
> >
> > And this is a good thing, as it thwarts Eve eavesdropping on the
> > originator's identity (i. e. Bob) of a message sent to Alice.
>
> It should be not a mandatory feature and it should only append
> secured bytes, which are stating that Bob's message contains a
> signature (yes|no bytes), without revealing his identity.
> Assuming the would technically possible.
I think something along the lines like Zero Knowledge Proof Encryption.
Regards
Stefan
--
NaClbox: cc5c5f846c661343745772156a7751a5eb34d3e83d84b7d6884e507e105fd675
The computer helps us to solve problems, we did not have without him.
More information about the Gnupg-users
mailing list