-----BEGIN PGP SIGNED MESSAGE-----
but is there any way to do it, short of rewriting gpg, pgp to include a -d
command similar to the -d command of 2.6.3?
It doesn't appear that GnuPG has such a switch now. But it would
be easy to build.
one could simply {from a remote area, without anyone needed to 'witness'
the decryption process}
separate it into the armored signed file, and release that to the
'authorities', and show that it had to have come from
the specific signed and encrypted e-mail in question.
No. The message(+signature) contents are symmetrically encrypted.
There is no way to prove that the plaintext generates that specific
ciphertext without giving up the session key. Demonstrating
a decrypted signature or MDC shouldn't convince anyone that the
full plaintext matches that ciphertext.
If you're willing to show the plaintext, why do you care about
protecting the session key? Are you reusing it? This might be an
issue for a PGPdisk, for example, where one symmetric key protects the
entire contents... you can't reveal+prove selected parts. It
shouldn't be for ordinary OpenPGP uses. Are you afraid that
your randomness source has been compromised, such that other
session keys could be deduced? If so, you have a serious problem.
-----BEGIN PGP SIGNATURE-----
Version: PGP Personal Privacy 6.5.3
iQEVAwUBO8xSM2NDnIII+QUHAQGY1wf+MxsUxkKXd0O1KTmuAD8CX2ud0CVEiaUN
MroPdg2pjhEcIS8FOx2c4bDeq0nS89ZrvjcujdaJbro7ydcsWwFVn7xrJrC3XWm7
m7dw5xHnl7Is8Gcnw5fm+CvbJK4dBDvL7jCbmIiRYv1wsTAgdRBZlLgzhq9n3XCo
2LzOlVvsg0WTQkk2i0c3SEIg0ucFP0soGZ7QzVueMccHwxpZrxfIMF2oN02BjjD1
xu8PrNs912MFZX4EJEM2U2Z4Pa3agQc/OuI7/P46GLnd74L+BUx9i6xPfzVXbeMI
53dmvolobItRSQ0BnS/TnXc4EtS9zQo53mOFQ1KUWk26nooUznNzCA==
=fxp3
-----END PGP SIGNATURE-----