[Cryptography] Does PGP use sign-then-encrypt or encrypt-then-sign?

Derek Atkins derek at ihtfp.com
Tue Jan 21 13:48:21 EST 2014


On Tue, January 21, 2014 11:01 am, Stephan Neuhaus wrote:
> Dear list,
> I'll be darned if I can find in RFC4880 how to do both encryption and
> signature in OpenPGP.  Knowing that both naively doing sign-then-encrypt
> and encrypt-then-sign have their problems, surely it can't be that,
> right?  So what *is* actually happening in OpenPGP?  And where does it
> say that in the RFC?

The RFC does not specify, because protocol-wise both are valid.  You could
do either sign-then-encrypt or encrypt-then-sign, and PGP validators
should handle either order of packet nesting.  The more appropriate
question would be: what do the various OpenPGP implementations do by
default, and that I cannot answer for you

> Fun,
> Stephan

-derek, former OpenPGP-WG Chair

       Derek Atkins                 617-623-3745
       derek at ihtfp.com             www.ihtfp.com
       Computer and Internet Security Consultant

More information about the cryptography mailing list