Stefan Claas <s...@300baud.de>:
Helmut Waitzmann Anti-Spam-Ticket.b.qc3c wrote:Stefan Claas <s...@300baud.de>:
[The ability to check that an encrypted message has been signed.]
It would allow Alice (in her organization), or others, to do a pre-check, with procmail etc., to set-up an auto-responder, informing Bob that he did not signed his message and that his message will be discarded.
And is this optional in GnuPG, in case it is already implemented?As far as I know the order “first sign, then encrypt” is mandatory, so there is no way for GnuPG to deviate from it.And this is a good thing, as it thwarts Eve eavesdropping on the originator's identity (i. e. Bob) of a message sent to Alice.It should be not a mandatory feature and it should only append secured bytes, which are stating that Bob's message contains a signature (yes|no bytes), without revealing his identity.
What do you mean by the term “secured bytes”?
To check, whether a message pretends to have been signed by Bob, one could check, that the “content-type” message header field has got the value “multipart/signed” (look at my message, for example).
I say “pretends to have been signed” rather than “has been signed”, because Mallory could grab the (unencrypted) message, remove the signature (if present), either put it into a “multipart/signed” structure, attaching an (of course then) bad signature of one of Bob's signed messages or just sign it by herhelf. Then she would send the result to Alice.
To be sure, whether the message has actually been signed by Bob, Alice would of course have to check the signature. But this would reveal the identity of the signing key, and, if (the owner of) the signing key is known to the recipient, the identity of the signer. (After all, proving the identity of the signer and the authenticity of the signed message is the purpose of signing a message.)
Helmut
pgpcj8_QZbmB4.pgp
Description: PGP signature
_______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
