[149170] in cryptography@c2.net mail archive
Re: [Cryptography] Does PGP use sign-then-encrypt or
daemon@ATHENA.MIT.EDU (Derek Atkins)
Tue Jan 21 13:58:37 2014
X-Original-To: cryptography@metzdowd.com
In-Reply-To: <52DE99DF.1050900@tik.ee.ethz.ch>
Date: Tue, 21 Jan 2014 13:48:21 -0500
From: "Derek Atkins" <derek@ihtfp.com>
To: "Stephan Neuhaus" <stephan.neuhaus@tik.ee.ethz.ch>
Cc: cryptography@metzdowd.com
Errors-To: cryptography-bounces+crypto.discuss=bloom-picayune.mit.edu@metzdowd.com
Hi,
On Tue, January 21, 2014 11:01 am, Stephan Neuhaus wrote:
> Dear list,
>
> I'll be darned if I can find in RFC4880 how to do both encryption and
> signature in OpenPGP. Knowing that both naively doing sign-then-encrypt
> and encrypt-then-sign have their problems, surely it can't be that,
> right? So what *is* actually happening in OpenPGP? And where does it
> say that in the RFC?
The RFC does not specify, because protocol-wise both are valid. You could
do either sign-then-encrypt or encrypt-then-sign, and PGP validators
should handle either order of packet nesting. The more appropriate
question would be: what do the various OpenPGP implementations do by
default, and that I cannot answer for you
> Fun,
>
> Stephan
-derek, former OpenPGP-WG Chair
--
Derek Atkins 617-623-3745
derek@ihtfp.com www.ihtfp.com
Computer and Internet Security Consultant
_______________________________________________
The cryptography mailing list
cryptography@metzdowd.com
http://www.metzdowd.com/mailman/listinfo/cryptography
