To all,
-----BEGIN SECTION REFERENCES-----
Section 2.1 (last paragraph) notes:
"First, a signature is generated for the message and attached to the
message. Then the message plus the signature is encrypted using a symmetric
session key."
Section 2.2 (item 4) notes:
"4. The binary signature is attached to the message"
Section 10.2 notes:
"One-Pass Signed Message :- One-Pass Signature Packet, OpenPGP Message,
Corresponding Signature Packet"
"Signed Message :- Signature Packet, OpenPGP Message | One-Pass Signed Message"
-----END SECTION REFERENCES-----
To me, "attached" (as in 2.1 and 2.2) means you add it to the end of
something and this contradicts 10.2 explanation of a Signed Message (a
signed message implies that it is prepended, not attached).
By reading section 10.2, it seems that there are two possibilities for
signing a literal message:
1) You create a signature packet then prepend it to the literal packet
2) You create a signature packet and a One-Pass Signature Packet then
prepend the One-Pass packet to the literal packet and append the signature
packet to the literal packet.
Therefore, my final questions are:
1) Can you create a simple signature packet and attach it to the end of a
literal packet as stated in 2.1 and 2.2 and subsequently contradict 10.2
regarding the definition of a signed message and:
2) Why would you need a One-Pass Signature Packet if we conform to 10.2 and
simply prepend a normal signature packet to the literal data with a
subpacket of type 16 (key id), thus removing the need for a One-Pass packet
in the first place?
Cheers for any clarification once again :)
Regards
Comasp Ltd.
Level 2, 45
Stirling Hwy
NEDLANDS
WA 6009
http://www.comasp.com
Erron Criddle Tel: 08
9386 9534
ejc(_at_)comasp(_dot_)com Fax: 08
9386 9473