Am Fr 03.01.2014, 10:02:28 schrieb MFPA: > OpenPGP's mitigation against this is signing emails, and the web of > trust to give assurance who signed.
That's exactly why I want signatures. But I do not only want a signature which guarantees the data integrity, I want a(nother) signature which guarantees the (correct) encryption. > You mean the recipient has 2 keys, one of which the adversary has > compromised? And the adversary intercepts and decrypts mail that is > encrypted to the compromised key, then sends it on its way encrypted > to the non-compromised key? Yes, that is the more complicated case. > Again, this would be flagged up if the > sender was in the habit of signing outgoing messages (as you stated). No, it wouldn't. The reason is that the signature is created the same way in the two cases encrypted and non-encrypted. Thus you can apply encryption later with the recipient having no chance at all to determine who encrypted. > > (this may mean that you sign it twice: once > > before and once after encryption). > > Is that better than the usual signing and encryption carried out > together? It is better with respect to ensuring the encryption. It has disadvantages, though, otherwise we wouldn't do it the other way round. Proving the authenticity becomes more difficult if there is no signature within the encryption because a third party cannot encrypt the data. You would need to give them the session key. Who is capable of doing that? Furthermore you cannot know whether an encrypted message has been signed within. That may be an advantage in certain situations. You can send an encrypted message anonymously. That is not possible with my proposal (you would have to add a fourth layer... not difficult though). But I do not suggest to make my configuration the default. I just want to be able to use it. Sometimes it's best to send a signed cleartext message, sometimes to send an unsingned encrypted message, sometimes a first signed then encrypted message and I want to stress that sometimes it's best to send a first encrypted then signed (or signed-encrypted- signed) message. > Both your examples seem to involve encrypted-only and not signed > messages, The problem is the same with signed and unsigned messages. > so would be unaffected by introducing additional signature > options. I don't understand that statement. Hauke -- Crypto für alle: http://www.openpgp-schulungen.de/fuer/unterstuetzer/ http://userbase.kde.org/Concepts/OpenPGP_Help_Spread OpenPGP: 7D82 FB9F D25A 2CE4 5241 6C37 BF4B 8EEF 1A57 1DF5
signature.asc
Description: This is a digitally signed message part.
_______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
