conventional encryption with passphrase remaining blank?
vedaal@lok.com
vedaal@lok.com
Mon Nov 11 20:54:01 2002
> > in a signed file, with a detached signature, there is always the
> > possibility of the signature being lost / stored in a separate
> > area, than the signed file, with difficulties in verifying it at a
> > later date
>
> Surely the solution is to refrain from making detached signatures
> unless there's a very good reason to do so?
it is the only way to sign anything other than simple text.
word documents, pdf's, spreadsheets, images, etc.
all require detached signatures.
it can be accomplished now by signing and conventionally encrypting, and simply letting all the necessary recipients know the passphrase,
but what i was asking about,
is something analogous to 'armored signing' but for a file other than text.
armored signed texfiles decrypt without any passphrases,
and the signature verifies immediately
{with the added benefit that there is no 'whitespace alteration' in transit
that might invalidate the signature, leaving the recipient to wonder if there was 'tampering' or just 'e-mail client un-intentional changes'}
it might be beneficial to have a similar signing procedure for 'files',
where the signature and the file are 'armored', but do not require a key or passphrase for decryption/verification,
{with the benefit that the detached sig is not lost, misfiled, etc.
and have the armored file instantly verified each time it is opened}.
with Respect,
vedaal