-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Hi
On Friday 23 July 2010 at 10:15:05 PM, in <mid:[email protected]>, Jean-David Beyer wrote: > I have what I am sure is a frequently asked question, > but I cannot find a FAQ. I can find the archives, but I > know no good way to search them. Did you try http://marc.info/?l=gnupg-users ? > It is the question about the order of signing and > encrypting a message. I am pretty sure that is the > correct order, The usual way is to issue the --sign and the --encrypt options on the same command line. It makes no difference which order they appear, GnuPG will (in effect) combine encryption and signing into a single step. Some people (clear)sign a message and then encrypt the signed message. There may be groups or organisations that require this. I'm not aware of any advantages of doing it this way. A disadvantage is doubling of effort: the sender performs two gpg commands instead of one and so does the recipient. If you are communicating with a Hushmail address, your signature will only be detected if you first encrypt the message and then sign the encrypted message. Hushmail's webmail system is the only application I have encountered that requires it this way around. - -- Best regards MFPA mailto:[email protected] War is a matter of vital importance to the State. -----BEGIN PGP SIGNATURE----- iQCVAwUBTEwlO6ipC46tDG5pAQp/WgP/RRH6G39t1MMKXzPOZqgo59LrCNKlWx7g cBcp/GCOO2l4BuvR5hcHWonmPcgSsIJ5Zdz/IbllQSiPAfCZI4DlYUka7sYn9gqd a8xKfOm/gpTRCtpReBdRuj08/QkmjvKtRue6fMOBkADQn6RBy0dZrmu55dlsYo2R gyR2FoEWefE= =WF3G -----END PGP SIGNATURE----- _______________________________________________ Gnupg-users mailing list [email protected] http://lists.gnupg.org/mailman/listinfo/gnupg-users
