Greetings all, I came upon something a bit odd in gnupg 1.4.7. I found I can change the comment field in a signed message to be whatever I like. I should think this is a bad thing as an attacker could insert text in a message presumably protected against all modifications if the signature verifies properly.
I'm hoping the attachments won't be corrupted by my emailer. The first attachment is the clearsigned message. I altered the comment field manually after creating the .asc. The second attachment is the public key so you can verify that the clearsigned message is valid. Thanks loads to everyone whos worked on gnupg. It's a brilliant app and an important one at that. Cheers, Rand
phil.zimmermann.asc
Description: PGP signature
phil.pub
Description: Binary data
_______________________________________________ Gnupg-users mailing list [email protected] http://lists.gnupg.org/mailman/listinfo/gnupg-users
