[Cryptography] Does PGP use sign-then-encrypt or encrypt-then-sign?
Gerardus Hendricks
konfkukor at riseup.net
Tue Jan 21 22:07:27 EST 2014
On 1/21/14 11:47 PM, Jerry Leichter wrote:
> Verifying a signature is a fairly expensive operation, and one
> wonders if it, too, is subject to some kind of attack.
Well yes, but while decryption requires a private key mingling with the
ciphertext, verifying a signature can be done in the isolation of secrets.
More information about the cryptography
mailing list