[Cryptography] Does PGP use sign-then-encrypt or encrypt-then-sign?
Werner Koch
wk at gnupg.org
Thu Jan 23 10:26:08 EST 2014
On Wed, 22 Jan 2014 19:56, crypto at senderek.ie said:
> To foil this attack do not sign some random document presented to you.
> Sign a one-way hash of the message instead.
In addition virtually nobody uses the same key for encryption and
signing. This is accomplished in OpenPGP using a set of keys instead of
just one key (By default a primary key for certification/signing and a
subkey for encryption).
Salam-Shalom,
Werner
--
Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz.
More information about the cryptography
mailing list