signatures for other people's emails

tim at piratemail.se tim at piratemail.se
Wed Apr 16 17:39:15 CEST 2014



I'm sure there are more qualified people to answer this, but since I've been staring at pgp-mime for the last few months, I thought I would give a few thoughts.

I believe you are asking, "is it possible to concatenate signatures, to create a new signature block which is then used with pgp-mime."

1. I think this is possible. If the dean signs your content, and you receive his signature, I *believe* that once an implementation gets the signature packet from the signature, it could added to a signature block. Each signature packet contains the keyid of the signer (if put there), and its own signature type/algorithm/hash/etc. So, I *believe* each signature is independent of every other signature.

In my process of checking a signature, I find the keyId and lookup the keyId for the publicKey. So it doesn't matter who the mail is actually from.



2. An alternative, which you spoke of, I believe, would also work. Where a pgp-mime signature pair, contains a pgp-mime signature pair. So your dean would send you the mail, and you could encapsulate it with your own signature. 



The tricky part, of course, would be if any implementation actually facilitates this.



Cheers,

-tim

p.s. Thanks for your help with the pgp-mime previously, -- g at pmx.mooo.com
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 513 bytes
Desc: Message signed with OpenPGPJS
URL: </pipermail/attachments/20140416/581f1361/attachment-0001.sig>


More information about the Gnupg-users mailing list