Show that an encrypted message was signed, without decrypting it

Helmut Waitzmann Anti-Spam-Ticket.b.qc3c ml.throttle at xoxy.net
Wed Oct 14 23:44:04 CEST 2020


Stefan Claas <sac at 300baud.de>:
>Helmut Waitzmann Anti-Spam-Ticket.b.qc3c wrote:
>> Stefan Claas <sac at 300baud.de>:

[The ability to check that an encrypted message has been signed.]  


>It would allow Alice (in her organization), or others, to do a 
>pre-check, with procmail etc., to set-up an auto-responder, 
>informing Bob that he did not signed his message and that his 
>message will be discarded.

>>> And is this optional in GnuPG, in case it is already 
>>> implemented?
>>
>> As far as I know the order “first sign, then encrypt” is 
>> mandatory, so there is no way for GnuPG to deviate from it. 
>>
>> And this is a good thing, as it thwarts Eve eavesdropping on the 
>> originator's identity (i. e. Bob) of a message sent to Alice. 
>
>It should be not a mandatory feature and it should only append 
>secured bytes, which are stating that Bob's message contains a 
>signature (yes|no bytes), without revealing his identity.

What do you mean by the term “secured bytes”? 


To check, whether a message pretends to have been signed by Bob, 
one could check, that the “content-type” message header field has 
got the value “multipart/signed” (look at my message, for 
example). 

I say “pretends to have been signed” rather than “has been 
signed”, because Mallory could grab the (unencrypted) message, 
remove the signature (if present), either put it into a 
“multipart/signed” structure, attaching an (of course then) bad 
signature of one of Bob's signed messages or just sign it by 
herhelf.  Then she would send the result to Alice. 

To be sure, whether the message has actually been signed by Bob, 
Alice would of course have to check the signature.  But this would 
reveal the identity of the signing key, and, if (the owner of) the 
signing key is known to the recipient, the identity of the 
signer.  (After all, proving the identity of the signer and the 
authenticity of the signed message is the purpose of signing a 
message.) 

Helmut
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 489 bytes
Desc: not available
URL: <https://lists.gnupg.org/pipermail/gnupg-users/attachments/20201014/3713ff0d/attachment-0001.sig>


More information about the Gnupg-users mailing list