[Cryptography] Does PGP use sign-then-encrypt or encrypt-then-sign?
Derek Atkins
derek at ihtfp.com
Tue Jan 21 13:48:21 EST 2014
Hi,
On Tue, January 21, 2014 11:01 am, Stephan Neuhaus wrote:
> Dear list,
>
> I'll be darned if I can find in RFC4880 how to do both encryption and
> signature in OpenPGP. Knowing that both naively doing sign-then-encrypt
> and encrypt-then-sign have their problems, surely it can't be that,
> right? So what *is* actually happening in OpenPGP? And where does it
> say that in the RFC?
The RFC does not specify, because protocol-wise both are valid. You could
do either sign-then-encrypt or encrypt-then-sign, and PGP validators
should handle either order of packet nesting. The more appropriate
question would be: what do the various OpenPGP implementations do by
default, and that I cannot answer for you
> Fun,
>
> Stephan
-derek, former OpenPGP-WG Chair
--
Derek Atkins 617-623-3745
derek at ihtfp.com www.ihtfp.com
Computer and Internet Security Consultant
More information about the cryptography
mailing list