Show that an encrypted message was signed, without decrypting it

Teemu Likonen tlikonen at iki.fi
Mon Oct 12 08:28:35 CEST 2020


* 2020-10-11 22:47:01+02, Neal H. Walfield wrote:

> On Sun, 11 Oct 2020 11:02:00 +0200,
> Teemu Likonen wrote:
>> It seems that there is a visible signature packet in encrypted and
>> signed messages. See the output of this command:
>> 
>>     echo message | gpg --encrypt --sign --default-recipient-self | \
>>         gpg --list-packets
>
> The signature information is normally (that is, when doing sign then
> encrypt) completely encapsulated by the encryption container.  What I
> think you are seeing is gpg caching something.  If you replace 'gpg
> --list-packets' with 'pgpdump', then you probably won't see any
> signature information.

Thank you. I was surprised to see all the packets listed with "gpg
--list-packets" but trusted its output. It seems that my "gpg
--list-packets" command (see above) decrypts the message using the
cached secret key and then shows all the packets.

As you said "pgpdump" don't show any signature information. There is
just a public key encrypted session key packet and a symmetrically
encrypted message packet.

-- 
/// Teemu Likonen - .-.. http://www.iki.fi/tlikonen/
// OpenPGP: 4E1055DC84E9DFF613D78557719D69D324539450
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 251 bytes
Desc: not available
URL: <https://lists.gnupg.org/pipermail/gnupg-users/attachments/20201012/0e4e3cf0/attachment.sig>


More information about the Gnupg-users mailing list