----- Original Message -----
From: "Derek Atkins" <derek(_at_)ihtfp(_dot_)com>
To: "vedaal" <vedaal(_at_)hotmail(_dot_)com>
Cc: <ietf-openpgp(_at_)imc(_dot_)org>
Sent: Tuesday, May 21, 2002 10:33 AM
Subject: Re: secure sign & encrypt
sorry, vedaal, but you are incorrect. With current OpenPGP is _IS_
possible to strip off the encryption from a message and re-encrypt it
to another user, keeping the signature intact. In fact, back in the
early 90's (and mid-90's when we were first designing the pre-OpenPGP
packets), this was in fact a design goal!
Remember that a signed/encrypted message looks like:
ESK{PubA, K} ... Enc{K, PreSig{Hash{M}}, Lit{M}, PostSig{Hash{M}}}
Given this format, you can easily replace the K in ESK{} and Enc{}
without destroying the Presig,Literal,PostSig packets.
Wouldn't that cause a CRC error, indicating that the message was tampered
with?
Or could a new CRC be calculated and included in the new re-encrypted
message?
Also, could the MDC be utilized to prevent such substitutions, by detecting
alterations of any of the packets?
Thanks,
vedaal
{i don't know, so am asking}