[Cryptography] Does PGP use sign-then-encrypt or encrypt-then-sign?
Peter Todd
pete at petertodd.org
Sun Jan 26 16:39:14 EST 2014
On Sun, Jan 26, 2014 at 08:54:54AM +1000, James A. Donald wrote:
> On 2014-01-26 03:05, Yuriy Kaminskiy wrote:
> >Does not work with *more than two participants* (Alice, Bob and Charlie know
> >shared secret and thus can generate and validate MAC; who was author of message,
> >Alice or Charlie?).
>
> If small number of participants sharing encrypted messages, they
> trust each other. They are worried about messages being altered by
> outsiders.
>
> If one of their shared messages leaks, the fact that outsiders
> cannot tell which of them originated it is a feature, not a bug.
In some usage scenarios it is, in others it is not.
I personally have made use of sign-then-encrypt by signing a
confidential security audit, encrypting it to the client, and telling
them how they can use the --override-session-key feature of GPG to later
release my report after the client had fixed the issues.
It's often the case that while confidentiality - encryption - is
important should the messages be leaked for whatever reason
non-repudiation is also important. In short, sometimes messages being
altered by insiders matters too.
--
'peter'[:-1]@petertodd.org
0000000000000000685ad208a55a5a97d9c789773ed6cba98a2159136528ae6b
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 685 bytes
Desc: Digital signature
URL: <http://www.metzdowd.com/pipermail/cryptography/attachments/20140126/15392621/attachment.pgp>
More information about the cryptography
mailing list