GnuPG Clearsign vs. PGP/MIME Signing

Werner Koch wk at gnupg.org
Mon Jun 6 18:32:15 CEST 2005


On Mon, 06 Jun 2005 16:16:54 +0200, Sascha Kiefer said:

> The PGP/MIME RFC states that you can first sign and then encrypt the mail.

Doing this on the MIME level allows you to easily strip the encryption
layer while leaving the signature intact.

> In S/MIME it is allowed to first encrypt and then sign the message.
> Do you think it's feasible to do the same in PGP/MIME? I think it is

Yes it is possible but you should not do it.  

When signing an encrypted document you don't know what you are
actually signing and it won't be possible to keep the signature intact
(e.g. archival purposes) without compromising the encryption key.


Salam-Shalom,

   Werner





More information about the Gnupg-users mailing list