[Cryptography] Does PGP use sign-then-encrypt or encrypt-then-sign?

Stephan Neuhaus stephan.neuhaus at tik.ee.ethz.ch
Tue Jan 21 11:01:35 EST 2014

Dear list,

I'll be darned if I can find in RFC4880 how to do both encryption and 
signature in OpenPGP.  Knowing that both naively doing sign-then-encrypt 
and encrypt-then-sign have their problems, surely it can't be that, 
right?  So what *is* actually happening in OpenPGP?  And where does it 
say that in the RFC?



More information about the cryptography mailing list