On Wed, 12 Jan 2011 11:01, nicholas.c...@gmail.com said: > in section 1.2 about not signing crypt texts? Am I right that openpgp > always encrypts signed text, rather than signing encrypted text, and
No. It is common practice to sign and encrypt. For gpg it is not the default. Before the introduction of the MDC (manipulation detection code), the signing helped to mitigate a possible ciphertext scrambling attack. The MDC was introduced as a countermeasure for non signed messages. Note also, that signing an encrypted message creates a privacy problem in that it is obvious who actually sent (or well signed) the message. Salam-Shalom, Werner -- Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz. _______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
