-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 > fields. I suppose its futile to try to change a standard but it > seems that it might be very damaging indeed to have a signed > message altered after signing. That seems to defeat the reason for > signing as the common person would assume that a signed message is > protected entirely against unauthorised changes.
The signed message _is_ protected entirely against unauthorized changes. Or, rather, as close to "entirely" as you can get with our current level of cryptography. The signature block is just a private-key encryption of the digest of the message, plus a few additional bits of information of use to OpenPGP. That private-key encryption of the digest of the message is the signature. Everything else is, to some degree, irrelevant, with some things being more irrelevant than others. If you alter a comment field, you're not altering either the original message nor the private-key encryption of the digest of the message. So what's the complaint? How is this tampering with the signature scheme? -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.7 (Darwin) iQEcBAEBCAAGBQJGEBCSAAoJELcA9IL+r4EJzS4IANXJtvWSKnxWBA4oowoyaRtG QrQGSv1LQJ9sreJ0c+GmxTF8K9Hi+gTRPeoIy5NUN4HJV5x+TbxmkTpO1QvcVsgN DfZYYf3sZugMOIdzQzbp0F63Z0SAV2Lz4NtRMiD6HflvQHovdE0V8k6M6G23XvcY QLstIn+XMRWBdIXX2zE7RZxNGY73TOSobNI0lDcjMyoBrSkMSdkJ4QdJv07ChI5t 5X+/mwpdh4KU41DE/osuqwcV/vUCqJ7+EKhdKlvHNqlhWMvJnabL3ssvopgTU9yv 1oqLR14toInTrUZGJ8mxkEmzdDKRm53qEfGKEmmsTNS0w5QBUgDRBOJY3ZgDis4= =8OOA -----END PGP SIGNATURE----- _______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
