ietf-openpgp
[Top] [All Lists]

separation of signed and encrypted pgp mesages into signed pgp messages

2001-07-02 10:27:57

-----BEGIN PGP SIGNED MESSAGE-----

There was a recent paper,
<http://world.std.com/~dtd/sign_encrypt/sign_encrypt7.html>
describing a flaw in the sign and encrypt function of Open PGP.

the author assumes that is is possible for the recipient
to strip off the encryption from a signed and encrypted pgp message, 
leaving only a verified signed message,
and that the ability to do this is ensured in the Open PGP Standard

{afaik} this can be done in pgp only when both the receiver and sender are
using RSA keys, 

{can be done only from 2.6.x with the simple one step command: 
 pgp -da(filename)
which will leave an armored signed message in text form, with a signature
that verifies in any version of pgp

cannot be done in later command line versions of pgp, as the -d command,
will just decrypt, and not leave a signature,   
the -b command will do the same.}

the people at sci.crypt seem to feel that as long as the program conforms
to pgp standards, such a separation is *do-able* for any key type, even if
a
custom program must be written to do this.


does anyone know of any way that this separation can be done for a message 
signed and encrypted with a DH/dss key, 
with pgp, gpg or any other program, and, is it, in-fact, guaranteed by the 
Open PGP Standard, that it 'must' be so?

vedaal

-----BEGIN PGP SIGNATURE-----
Version: 6.5.8ckt _ build  6    http://www.ipgpp.com/
Comment: { Acts of Kindness better the World, and protect the Soul }
Comment: KeyID: 0x6A05A0B785306D25
Comment: Fingerprint: 96A6 5F71 1C43 8423  D9AE 02FD A711 97BA

iQEVAwUBO0CixGoFoLeFMG0lAQFztgf+K+sHFg8bkf2LO4HAsm0sINs4bzBBSKCO
ctXYl75F3B+SrPW58DwvrdOGwkhO75O4vH9tjOzv7SQR+T9mCK0MQWcar3sYM+D9
GpCnFgq6o9HoBcgwr+cp90y2j1/UQPRrcOjh68EEQy1eXLEvNdz4ZjOgK3cootrK
CJSpq2+vX+ki9gRKnZ4LXfCxenNqdHGQkUxXwbBmoJgazeA/orvcNycBJ0CWvCdc
tw41Enm3jbFS5aWPmbk90XaCB9tr5R8cixCqvNGaXPKvefBFtwlZfUSQOcTOv4sW
23YFue0ITIpbru3GGQ6sYaJkSdNnFqKZ/sfSnNlJ0Rhu7Pxf3QJAMw==
=GP0y
-----END PGP SIGNATURE-----



---
Outgoing mail is certified Virus Free.
Checked by AVG anti-virus system (http://www.grisoft.com).
Version: 6.0.263 / Virus Database: 135 - Release Date: 6/22/01

<Prev in Thread] Current Thread [Next in Thread>