What is the benefit of signing an encrypted email
Werner Koch
wk at gnupg.org
Wed Jan 12 11:48:39 CET 2011
On Wed, 12 Jan 2011 11:01, nicholas.cole at gmail.com said:
> in section 1.2 about not signing crypt texts? Am I right that openpgp
> always encrypts signed text, rather than signing encrypted text, and
No. It is common practice to sign and encrypt. For gpg it is not the
default. Before the introduction of the MDC (manipulation detection
code), the signing helped to mitigate a possible ciphertext scrambling
attack. The MDC was introduced as a countermeasure for non signed
messages.
Note also, that signing an encrypted message creates a privacy problem
in that it is obvious who actually sent (or well signed) the message.
Salam-Shalom,
Werner
--
Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz.
More information about the Gnupg-users
mailing list