[Cryptography] Does PGP use sign-then-encrypt or encrypt-then-sign?
Werner Koch
wk at gnupg.org
Thu Jan 23 10:36:30 EST 2014
On Wed, 22 Jan 2014 18:57, pete at petertodd.org said:
> GnuPG at least does sign-then-encrypt, and for good reason. Consider
> the following encrypted message:
Right, this is the de-facto standard since PGP 2. PGP/MIME (RFC-3156)
also demands sign-then-encrypt.
In addition OpenPGP demands the use of an MDC (manipulation detection
code) which is the SHA-1 hash of the plaintext appended to the plaintext
before the encryption. It is not the best thing one could do but it
mitigates many attacks on the CFB mode. The MDC feature is widley
deployed since its introduction in in 2000 (GnuPG 1.0.2, PGP 7).
Shalom-Salam,
Werner
--
Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz.
More information about the cryptography
mailing list