Is there an intermediate approach that would combine an asymmetric
signature with a chunkable authenticated encryption such that a
decryptor could stream one pass and be certain of its origin (at
least up until truncation, if (a) can't be resolved)?
Maybe sign the encrypted data.
an armored signed PGP message, where the plaintext is the already
encrypted armored text.
openpgp mailing list