Robert J. Hansen wrote: >> Well, you can go one step further. Unless the sender is throwing the >> key ids, you can look to see which keyids are given as hints in the >> outermost layer, to see which people are expected to be able to decrypt >> it. > > Sure, but this is a heuristic, not a formal verification. A useful > heuristic, absolutely, but this is still at the level of "let's look at > the packets to glean publicly available data" -- whereas message > sanitization and verification would require access to the content of the > message. > > Part of this is, I think, the OP is being a little handwavy with the > idea of verification/sanitization. If what you're checking is dependent > in any way on the cleartext, then you're screwed. And if what you're > checking is dependent on the ciphertext, you're not really dealing with > the message at all, but the container it's packaged into. >
Yes, what needs to be checked is dependent on the cipher text. Only if the message has all the packets and theoretically can be decrypted (if the recipient has the private key). It does not matter if the cleartext makes sense to the recipient or not. "look to see which keyids are given as hints in the outermost layer" -- not sure I understand here. I am trying to do a check that is natively supported by gnupg.
signature.asc
Description: OpenPGP digital signature
_______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users