ietf-openpgp
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: separation of signed and encrypted pgp mesages into signed pgp messages

2001-07-02 11:24:13
from [Jon Callas] [Permanent Link] 

At 1:15 PM -0400 7/2/01, vedaal wrote:

-----BEGIN PGP SIGNED MESSAGE-----

There was a recent paper,
<http://world.std.com/~dtd/sign_encrypt/sign_encrypt7.html>
describing a flaw in the sign and encrypt function of Open PGP.



Well, while this is an interesting paper, it doesn't really describe a
cryptographic problem at all, it describes a semantic problem.

The problems he outlines don't require encryption, they all work equally
well with clear-signed messages, and as someone else pointed out probably
work just fine with unsigned messages for the simple reason that if someone
sends bare text, people tend to believe its authenticity.


the author assumes that is is possible for the recipient
to strip off the encryption from a signed and encrypted pgp message,
leaving only a verified signed message,
and that the ability to do this is ensured in the Open PGP Standard

{afaik} this can be done in pgp only when both the receiver and sender are
using RSA keys,



OpenPGP describes that a message is signed, and then the bundle of the
plaintext and signature are encrypted. So yes, it's certainly possible for
someone to decrypt a message and you then have in your hands a signed
message. It does *not* matter what key type it is; the packet formats are
the same no matter what the key type.


{can be done only from 2.6.x with the simple one step command:
pgp -da(filename)
which will leave an armored signed message in text form, with a signature
that verifies in any version of pgp

cannot be done in later command line versions of pgp, as the -d command,
will just decrypt, and not leave a signature,
the -b command will do the same.}

the people at sci.crypt seem to feel that as long as the program conforms
to pgp standards, such a separation is *do-able* for any key type, even if
a
custom program must be written to do this.


does anyone know of any way that this separation can be done for a message
signed and encrypted with a DH/dss key,
with pgp, gpg or any other program, and, is it, in-fact, guaranteed by the
Open PGP Standard, that it 'must' be so?



Take a look at the RFC. Look in particular at Section 10.2. There's nothing
in there that specifies what the key type is.

        Jon
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  separation of signed and encrypted pgp mesages into signed pgp messages, vedaal
Next by Date:  Re: separation of signed and encrypted pgp mesages into signed pgp messages, Michael Young
Previous by Thread:  separation of signed and encrypted pgp mesages into signed pgp messages, vedaal
Next by Thread:  Re: separation of signed and encrypted pgp mesages into signed pgp messages, Michael Young
Indexes:  [Date] [Thread] [Top] [All Lists]