Technically wouldnt you want to verify the authenticity of the letter before decrypting it??
Maybe Im confused.
Using gpg with enigmail for example, when I first encrypt a letter I get a bunch of encrypted output. If I sign this, then I get encrypted output with a signature at the bottom.
If I do it in reverse, sign the letter -- I get free text with a footer signature, then encrypt the letter -- I get simply an encrypted letter with no signature footer (since its in the encryption).
Maybe Im wrong on my thinking, but dont you want the signature visible outside the encryption??? So the encrypted content is verified before decrypting it??
When I do a sign and encrypt to myself, in the resulting letter, I get the encrypted letter with a message at the bottom of the gmail screen, saying no signature found. I only get the signature verification after decrypting the letter.
****Edit
Hmm just curious
I just did a test
Wrote a letter to myself, encrypted it with my public key, and then signed the letter
On its arrival it stated the first signature was not valid and I couldnt decrypt the letter. Is this by design?? or is this a bug??
Hmm This Signature is Valid:
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Is Signature Valid
- --
Kevin Hilton
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)
Comment: http://firegpg.tuxfamily.org
iD8DBQFGuzyIpt5vMOoVFk4RAnPzAJ4ibDwJS315G5fSK8gPSnGyUKvLFwCfSYk1
LDcOZSZUbjxsVRmnMNFCQ9U=
=CmEZ
-----END PGP SIGNATURE-----
But this signature is not -- take that back it was not valid the first time I pulled it up in google, but the second time I pulled it up the signature was valid, however I could decrypt the letter:
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
- -----BEGIN PGP MESSAGE-----
Version: GnuPG v1.4.6 (GNU/Linux)
Comment: http://firegpg.tuxfamily.org
hQQOA/vNvDmoGEOOEBAAlQN2XIKcBq0F/1wk3xIx7jVZJqa00RG8x9rvRxqzJ/Od
akPWLOKjLRBITkz61M/CjA6+KSedT+JL7td9ck4CnMFYzsIdZ5R9nmeD47UL2Av1
lHjz2EHyGwBcfk+08pcCCI82Ak0Sp+fDkkSrdoAGh0w5UPFkvYA9ay7hMPbMu7Qz
XZFcpRBQ+ZWUXzL5/yfBC1OvDJqSKH7C8BSbyIB1Na+MnR5/b6uCiaUODoc7QCny
CbTuGn80cxYhP77hokztBi05KbuK6p9X0uQYEDrXlVu/gmwkhxwESIVuXLKDqdE8
jyVOFQlE8a9RvaPh023z6lOhXLdclp/YyGY+dQvghNmG9IAtfO3FeC3VM91igyNJ
8QJCRtzqInsJQr/oLikMRLQ9oiZILIbHCQ0lEBfUulHVqFvVUhGMfA0YFsk45pm4
p4BSyYQ5q/QANM+XRpw/W9cAcvBzXCPUSbTEdUqlhmVl+csYUIZZikRbvDn2zxfV
vI51YnrqL9+JMSlJi2/rhc9c5b5jz/De4dm3PEtUud7agT+SDop/8qIAtlPRzKAY
UNqUiNu/IwPOC++4LF1067LmgnyVDN3AK0ujqbxXGqvbIkbDzNloiw0u0KbEEDEL
ZAOC3swwQyfmYvsWkjmCN4ipGvSqhYgUjuxuJxaHzha5+WfVfReo6BlCZv9el/kP
/Aqc62IZzSSQARjrnJSUNyqUSHHmSi0dlm8bflO0nezteWGuFzJ7GmQ29gUXb7Ll
/oldWtuQucrdTRJhhU2N1hy8lsAkXLWF+Y/eW47oWlGLVlaXPNXNZuTroI3Brg1h
zBTvivf04szRQb30lJrP0IZDklXU+ZzPheghAsoME/yN24FjhBVfOG5KPz1Q26Yt
XeFwFpC3rB3gbNYmuLL+6y7S0c5fmmulYteABf+Orqza9eUpsucEhQhwhckfBH8z
ujHma5jHuNvgN8hAKbAn26A13VFZc6JzyPj6h/vcVZOfmTuZ+grgqdUZRHmRbFyw
FjMLUbJU54nbElMsGci6edxHHEyJuuXsVUhVkNfuek8z+929quqB82/AiIW23ypP
XI5wuREtRPHKNItHkwRLZge/QGjYSznIYgvpvst7pN52oZmckJEFSDD6IzGPpU9m
u9Cyootcl9isOXdjCJLOenPRdJb0jmfi1X7jwZT8EoUGmbx14nhgQdJKQNY5SEVa
0Wpab4oZcfifuksRCsoqPXcAe54iDB48nyeop/4a17dEsAFI74WRVEoPWekjcjur
kG+M76sv0MbskVLd/2jXPko7zyINqf09zfCazvj/RM/XIMr/lIQobiAUhVnSEvVc
KILPTTzmiRUx3d96pRVcPPr0xJQhwEEk4cH94yOnzfAH0n4Bpm4uMNINPWgXxIHJ
g5CsPi0FoV9QFltpIaOJ0/syFHyXi7YS/k7eOz+a0t373fYFH8m0oPZyba0gCe1n
5oyzf4rAvV1YPzxJIlRI5MXw6GgCLSA5M+rmWtJe3dA2PLlEsLmnfwtQBOkY6uXs
Zns4eD1YP9s4qef/DaBxoN4=
=/Se2
- -----END PGP MESSAGE-----
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)
Comment: http://firegpg.tuxfamily.org
iD8DBQFGuzsdpt5vMOoVFk4RAlXYAJsE0WhYKFSwXKsblHk+xnLf+UXC0ACgseQG
FADxw3znYXTzl7Vc20xMrF4=
=QUIW
-----END PGP SIGNATURE-----
Last edited by kevdog (2007-08-09 17:15:11)
