ietf-openpgp
[Top] [All Lists]

Re: clearsigned sigs

1997-11-14 09:59:52
Hal Finney wrote:

I am considering doing sign-and-encrypt by clearsigning and then
encrypting the clearsigned message.  This way you just decrypt and are
left with a nice clearsigned message, which you can then verify.

From PGP/MIME:

6.2  Combined method

Versions 2.x of PGP also allow data to be signed and encrypted in one
operation.  This method is an acceptable shortcut, and has the
benefit of less overhead.  The resulting data should be formed as a
"multipart/encrypted" object as described above.

Messages which are encrypted and signed in this combined fashion are
REQUIRED to follow the same canonicalization rules as for
multipart/signed objects.

It is explicitly allowed for an agent to decrypt a combined message
and rewrite it as a multipart/signed object using the signature data
embedded in the encrypted version.

Could your MUA could do this automatically and rewrite a
signed+encrypted message as cleartext plus a signature message part?
This even hides the PGP data in the mailer, which I like.

Ian.

<Prev in Thread] Current Thread [Next in Thread>