[Cryptography] Does PGP use sign-then-encrypt or encrypt-then-sign?
Tony Arcieri
bascule at gmail.com
Tue Jan 21 16:11:52 EST 2014
On Tue, Jan 21, 2014 at 11:17 AM, James Cloos <cloos at jhcloos.com> wrote:
> Some even suggested doing s-e-s, possibly with different signing keys.
Wouldn't it make the most sense to sign-then-encrypt-then-MAC (with the
latter ideally handled by an authenticated encryption mechanism)?
What's the value in being able to verify a signature without decrypting? It
seems like if you can do that then anyone can tie a signature to a
particular message even if they can't decrypt it, which seems like a
drawback to me.
--
Tony Arcieri
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.metzdowd.com/pipermail/cryptography/attachments/20140121/62a9d66f/attachment.html>
More information about the cryptography
mailing list