[Cryptography] Does PGP use sign-then-encrypt or encrypt-then-sign?
Dominik Schürmann
dominik at dominikschuermann.de
Tue Jan 21 17:29:52 EST 2014
Hey,
I am also very much interested in an answer to this question. Just read
http://world.std.com/~dtd/sign_encrypt/sign_encrypt7.html .
Has there been progress from 2001 to today in OpenPGP's standard
regarding this problem?
Regards
Dominik
On 01/21/2014 05:01 PM, Stephan Neuhaus wrote:
> Dear list,
>
> I'll be darned if I can find in RFC4880 how to do both encryption and
> signature in OpenPGP. Knowing that both naively doing sign-then-encrypt
> and encrypt-then-sign have their problems, surely it can't be that,
> right? So what *is* actually happening in OpenPGP? And where does it
> say that in the RFC?
>
> Fun,
>
> Stephan
> _______________________________________________
> The cryptography mailing list
> cryptography at metzdowd.com
> http://www.metzdowd.com/mailman/listinfo/cryptography
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 555 bytes
Desc: OpenPGP digital signature
URL: <http://www.metzdowd.com/pipermail/cryptography/attachments/20140121/928681bb/attachment.pgp>
More information about the cryptography
mailing list