On Apr 3, 2009, at 2:52 PM, Jānis Ročāns wrote:
Last few days I was trying to understand data encryption and
signing. I am using JAVA to collect data into String from database,
and need to sent them automatically by e-mail in attachment
encrypted and signed. I got them first signed, then encrypted, but
the PGP Desktop finds it only encrypted. To verify, I need to
decrypt, the result is a pgp file again, that now I can verify. But
I believe, that this all i did is wrong, so can you tell me, how to
make the signed and encrypted file fully recognized by PGP desktop?
I might not correctly understand the problem, but no one else has
spoken up, so I will jump in. I think what is happening is that, by
signing and then encrypting, you are not generating exactly the same
message format that PGP will when told to sign and encrypt at the
same time.
What you want is a message with the following structure:
[Public-key-encrypted session key]
[Session-key-encrypted data:
[Literal packet: "Blah blah blah..."]
[Signature packet] ]
But what you are probably producing is:
[Public-key-encrypted session key]
[Session-key-encrypted data:
[Literal packet: "[Literal packet: "Blah blah blah..."]
[Signature packet]" ] ]
When PGP unwraps the message, it stops when it encounters the
"Literal" packet, and considers that packet's contents to be the body
of the message.
If for some reason you can't sign and encrypt in the same step, I
think you can use gnupg's --no-literal option to tell it not to wrap
the contents in a "Literal" packet. Of course this will result in an
invalid message unless you are giving it data which is already a
properly formed sequence of PGP packets, so it's not the best way to
use gnupg in general.
You can use gnupg's --list-packets option to list the sequence of
packets in a message. (If you do, you will notice some additional
packet types in a normal message, which I ignored for simplicity's
sake...)