[EMAIL PROTECTED] wrote: > I have seen in the spec rfc3156 that a message should be signed and > then encrypted, but hypothetically if send a message to someone I do > not like and sign it and then encrypt it he/she can forward it to > someone else pretending that the message was originally from my self.
I assume you mean forward the decrypted version, with the signature
intact, since the encrypted version would only be readable by the
intended recipient.
Yes, this could happen, but it doesn't seem like a very big problem.
The deception doesn't work if anything in the message itself indicates
who the intended recipient is ("Hey Mike, [...]").
Signing after encryption exposes more information about the message,
which I think is the main reason it's discouraged. The encrypted
version is already tamper-proof, since any alteration will break the
decryption.
-C
signature.asc
Description: OpenPGP digital signature
_______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
