verifying signature after decryption
Atom 'Smasher'
atom-gpg at suspicious.org
Sun Apr 25 10:24:17 CEST 2004
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
calling on our good friends alice and bob....
alice sends me (and only me) a message that's signed+encrypted. i need to
show bob that this message is signed by alice.
i can think of two ways to do this:
1) i give bob a copy of the encrypted message, my secret key and my
password, so he can decrypt the message and see that it's signed
by alice. of course, this would be dumb.
2) i can give bob a copy of the encrypted message, and the session key. i
can instruct bob how to use the "--override-session-key" option.
this requires that bob can understand and follow instructions.
question: is there a way to extract the signed message, including the
signature, from an encrypted message?
in other words, can i take alice's signed+encrypted message, and pass it
to bob either in plaintext or encrypted to bob's key, while still
maintaining alice's signature over her message?
of course, it must be ~possible~ to do this, but is there any ~practical~
way to do this?
...atom
_________________________________________
PGP key - http://atom.smasher.org/pgp.txt
3EBE 2810 30AE 601D 54B2 4A90 9C28 0BBF 3D7D 41E3
-------------------------------------------------
"Vietnam was the first war ever fought without
any censorship. Without censorship, things can
get terribly confused in the public mind."
-- General William Westmoreland
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (FreeBSD)
Comment: What is this gibberish? - http://atom.smasher.org/links/#digital_signatures
iEYEARECAAYFAkCLdbYACgkQnCgLvz19QeP5DACgmwxijFAjJ8aqCKaXRwnrPgrp
ryEAoJY6nLPBF8VW4m2zGRkMwngDX5Sp
=rcfI
-----END PGP SIGNATURE-----
More information about the Gnupg-users
mailing list