encrypting and signing for pgp2
Michael Roth
mroth@nessie.de
Mon, 12 Jul 1999 23:12:31 +0200 (MET DST)
On Mon, 12 Jul 1999, Holger Schurig wrote:
> Werner suggested:
> > > 1. create the signed file
> > > 2. cut off the signature and move it to the begin
> > > 3. encrypt this file
> >
>
> Michael replied:
> > 1. Read all data from stdin and write it to a tempfile.
> > 2. Sign the tempfile.
> > 3. Encrypt the signed file.
>
> Both schemes would encrypt the signature itself. Is this really the case
> with PGP2 ? I thought not after having a quick look into
> /var/doc/pgp-2.6.3i-1/pgformat.doc.
Yes, this is the right way (AFAIK). If it is not, someone else could
modify the signature or look who signed the file and so on. If something
is send encrypted to someone, nobody should know what if inside the
encrypted packet. Whether this is signed data or not.
cu
Michael Roth