Hello, this is not a GnuPG problem. GnuPG is capable of doing what I want. But I am interested in your opinion.
I just noticed that you can easily be deluded about an email being encrypted: That you receive an encrypted mail does not mean that it was sent encrypted. An adversary may encrypt a non-encrypted message (which he has intercepted) in order to create more trust in the message for the recipient: If you receive critical information and are aware that it has not been encrypted then you may react differently from the case where you are sure that is was encrypted. Or similar: A message is encrypted to a low security key which has been compromised (unnoticed by the recipient). The adversary decrypts the message ans reencrypts it to a more secure key. This can be detected by asking the sender (which noone would do every time) or by signing the encrypted message (this may mean that you sign it twice: once before and once after encryption). I would like to ask mail client developers to add this feature. But before I would like to hear opinions whether that makes sense. >From the RfC perspective (PGP/MIME) this should not be a problem; you just need another level of nesting. Maybe the mail clients are not even prepared for reading such messages. That would not surprise me but would not be an argument against one client implementing this as the first one. I am interested in general arguments for and against this. I have tried to create a test file. Unfortunately I am not sure whether I have done that correctly. I am familiar with checking MIME signatures with gpg directly but creating a message is a different story: http://www.crypto-fuer-alle.de/docs/sign-encrypt-sign/demo.mbox KMail ignores the outer signature layer in its main window but shows the structure correctly in the lower part of the window. That could mean that my file is correct but KMail not prepared to display it correctly. Enigmail tells me that might be a signed message but doesn't show anything. If I encrypt some text manually and paste it as body content in a PGP/MIME mail which gets signed and encrypted then KMail shows all three layers in its main window. This could indicate that KMail is capable of handling three layers but that my test file is incorrect. Hauke -- Crypto für alle: http://www.openpgp-schulungen.de/fuer/unterstuetzer/ http://userbase.kde.org/Concepts/OpenPGP_Help_Spread OpenPGP: 7D82 FB9F D25A 2CE4 5241 6C37 BF4B 8EEF 1A57 1DF5
signature.asc
Description: This is a digitally signed message part.
_______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
