-----BEGIN PGP SIGNED MESSAGE-----
Hash: RIPEMD160
disastry wrote:
fake pubkey encryption packets can be added
by man in the middle so that recipient thinks that message was encrypted
to him and to other preson.
I wrote about it here:
http://lists.gnupg.org/pipermail/gnupg-devel/2001-August/006285.html
I think this can be solved by modifying
Sym. Encrypted Integrity Protected Data Packet (Tag 18).
Now it is:
version byte == 1
encrypted data
encrypted data consists of:
encrypted iv
encrypted plaintext
encrypted Modification Detection Code Packet (Tag 19)
I suggest:
version byte == 2
encrypted data
encrypted data consists of:
encrypted iv
encrypted Recipients packet (Tag 20)
(put it before plaintext - if it would be after it would
be difficult to find where plaintext ends, when decrypting)
encrypted plaintext
encrypted Modification Detection Code Packet (Tag 19)
Recipients packet
version byte == 1
number of recipients, 2 bytes (should be enough..)
number_of_recipients*20 byte list of fingerprints recipient keys
(16 byte RSA v3 key fingerprints are appended with 4 zeros
(or maybe with 4 lowest keyid bytes? I think, it's even better))
this ensures that recipient list is intact not only for signed & encrypted
messages
but also for encrypted only messages.
__
Disastry http://disastry.dhs.org/
-----BEGIN PGP SIGNATURE-----
Version: Netscape PGP half-Plugin 0.15 by Disastry / PGPsdk v1.7.1
iQA/AwUBPO0JwDBaTVEuJQxkEQMORgCg/j0R2RUf830eylTBm6zdeAmt76YAnA8p
sqW+9RNiC+62SMx6KSu/waDu
=nqXN
-----END PGP SIGNATURE-----