On 2/5/2019 at 4:50 PM, "justina colmena via Gnupg-users" wrote:>THE DATE PROBLEM. Only the body of the email is signed, not the envelope headers, namely the subject and intended >recipients, and probably most importantly, the date. It would be nice to have an option to automatically include some of >these headers in the body of the signed message when composing a signed email message.
>THE STRIPPING PROBLEM. Currently, each attachment is signed separately and independently by the PGP-MIME >standard. It would be preferable to digitally sign SHA hashes of the main message and all attachments in a single >additional attachment. This would leave an indication of any attachments that may have been "stripped" from the email >message, but without breaking the signatures of remaining attachments in such cases. ===== In this case, there is a simple workaround : [1] Put the subject, the intended recipients, and the date, in the introductory line(s) in the plaintext. [2] enarmor all the attachments, [ using the GnuPG --enarmor command (-a command in PGP) ], and paste the enarmored text into the body of the message, at the end of the message, right after a line saying; here are the following attachments :[3] Sign and encrypt the entire message composed of parts [1] and [2] and send it off this has the following 3 advantages: (a) no one knows what kind of attachments are being sent, or how many. (b) all the important data is in the Plaintext, where it belongs, and not vulnerable to MIMT attacks (c) backward compatibility in maintained, and no new standards have to be designed vedaal
_______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users