The interesting thing is that there is nothing STOPPING an application
from doing this today. OpenPGP messages like the following are
perfectly legal syntax, even in 2440:
ESK [...] Enc { PreSig ESK [...] Enc { Literal { Message } } PostSig }
Go ahead and implement this. I'm fairly sure that most of the OpenPGP
Parsers out there will Do The Right Thing with this (I'm 99% sure that
PGP 6.5.x will do this, since I wrote that original parser code).
-derek
"Dominikus Scherkl" <Dominikus(_dot_)Scherkl(_at_)glueckkanja(_dot_)com> writes:
Hi.
Well, I intended it to become an atomic function.
Nice. And how? Common public key cryptography doesn't provide
algorithms to sign an encrypt in a single, undividable step.
I see no other way than "encrypt, sign and encrypt" (ESE)
to archive all cyptografic goals which seems inportant to me:
Two goals require ES:
- to ensure that the reciever cannot forward a message
without destroying the signature or reveiling that it was
originaly send to him for his eyes only we must sign after
encryption.
- to convince the receiver he was the original target we
also need to first encryt and than sign.
two further goals require SE:
- to ensure the signature is not used for another message
we must first sign than encrypt (else especialy for RSA
there exist a choosen key attack).
- to hide that you are sending signed messages you also need
to do encryption as the very last step.
The easiest way to archive all four is ESE, an it is worth
the time cost of two encryptions, I think.
Best Regards.
--
Dominikus Scherkl
dominikus(_dot_)scherkl(_at_)glueckkanja(_dot_)com
--
Derek Atkins, SB '93 MIT EE, SM '95 MIT Media Laboratory
Member, MIT Student Information Processing Board (SIPB)
URL: http://web.mit.edu/warlord/ PP-ASEL-IA N1NWH
warlord(_at_)MIT(_dot_)EDU PGP key available