On Thu, 1 Nov 2018 23:50:48 +0100, Stefan Claas wrote: Hi veedal,
> > A simple, but slightly tedious workaround, would be to GnuPG Armor > > Sign the .pdf > > > > The elDAS signature will still work, but the Armored Signed message > > is much harder to alter, and such alteration is detectable as > > malicious rather than a 'mistake. > > Thank you very much for this valuable information, much appreciated! > > It is now a bit late, but i will try this out tomorrow. O.k. i played a bit with it, but as you said "slightly tedious workaround"... I will use another method, which does not allow an attack imho. I did this in the past with detached signatures, when i posted files, and it should be used more widely, imho! Simply one can use a time stamping service, based on blockchain technology. I can then time stamp the .pdf. and put also a statement in the .pdf that the file is timestamped and don't must worry in the future if one MITM would try (and why?) to alter my documents. https://opentimestamps.org Regards Stefan -- https://www.behance.net/futagoza https://keybase.io/stefan_claas
pgpl5ld9bhOha.pgp
Description: Digitale Signatur von OpenPGP
_______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
