[Top] [All Lists]

RE: Secure mailing list service using OpenPGP

1999-01-27 09:12:38
I suggest you patch your pgpv so that it stops the decryption process
after finding an encrypted message.  Handling a message is a recursive
process, involving a series of stages: decrypting, decompressing,
signature-verifying, removing literal packets.  You can make it stop the
process after any desired stage; the code is designed to make this easy.

This way the output of your pgpv will be an OpenPGP compatible signed
message, suitable for further encryption.


That's right.

I've read OpenPGP Message Format specification and I think that it is
logically possible to decrypt a signed&encrypted message and to extract the
message together with the signature. Is this correct?

If this is true, we can build a program to do this process and to re-encrypt
to recipients of a ML.

However, which approach should we take in? Geiger's two step approach with
prohibiting the usual one step sign&encrypt process, or my approach
described above? --hiro