Show that an encrypted message was signed, without decrypting it

Stefan Claas sac at 300baud.de
Sun Oct 11 17:09:23 CEST 2020


Stefan Claas wrote:
 
> Helmut Waitzmann Anti-Spam-Ticket.b.qc3c wrote:
>  
> > Stefan Claas <sac at 300baud.de>:
> > 
> > >I was reading old GnuPG threads were people were asking if it's 
> > >possible to extract a signature from an encrypted message.
> > >
> > >I would like to ask, I don't know if this is already possible or 
> > >if it's planned, if Alice would request from Bob that he always 
> > >signs his messages and Bob, lazy as he is, often forgets this, 
> > >can Alice check if Bob's encrypted message(s) have signed byte(s) 
> > >set, without actually decrypting or revealing Bob's identity?
> > 
> > As far as I know this is impossible, because messages are first 
> > signed and then encrypted, i. e. the signature is encrypted, 
> > too.  Therefore there is no access to the signature unless the 
> > message is decrypted. 
> > 
> > >If the encrypted messages would not be signed then Alice can 
> > >simply discard the message(s).
> > 
> > Yes, but why should she want to be able to do that?  She could 
> > decrypt the message and, if it turns out that the message is not 
> > signed, discard the message.
> 
> It would allow Alice (in her organization), or others, to do a
> pre-check, with procmail etc., to set-up an auto-responder, informing
> Bob that he did not signed his message and that his message will be
> discarded.
>  
> > >And is this optional in GnuPG, in case it is already implemented? 
> > 
> > 
> > As far as I know the order “first sign, then encrypt” is 
> > mandatory, so there is no way for GnuPG to deviate from it. 
> > 
> > And this is a good thing, as it thwarts Eve eavesdropping on the 
> > originator's identity (i. e. Bob) of a message sent to Alice. 
> 
> It should be not a mandatory feature and it should only append
> secured bytes, which are stating that Bob's message contains a
> signature (yes|no bytes), without revealing his identity.
> Assuming the would technically possible.

I think something along the lines like Zero Knowledge Proof Encryption.

Regards
Stefan

-- 
NaClbox: cc5c5f846c661343745772156a7751a5eb34d3e83d84b7d6884e507e105fd675
  The computer helps us to solve problems, we did not have without him.



More information about the Gnupg-users mailing list