-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 On 27/03/14 17:47, Daniel Kahn Gillmor wrote: > if all you care about is a MAC, then you don't need certification > of the key out-of-band. stuffing any arbitrary signing key in-band > with the message and a signature over it, and having the recipient > verify the signature, will give you the equivalent of a MAC on an > unsigned message.
No it won't. A man-in-the-middle can strip off the signing key and signature, modify the body, and attach a new signing key and signature. To prevent that, either the recipient has to recognise the authentic signing key, or the signing key has to be certified by some key that the recipient recognises. Either way, an out of band password isn't sufficient to integrity-check the file. With a MAC, on the other hand, the sender and recipient can derive cipher and MAC keys from the password, so only the password needs to be sent out of band. Cheers, Michael -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.10 (GNU/Linux) iQEcBAEBCAAGBQJTNeRfAAoJEBEET9GfxSfMPJgH/jelVeVzzHY3phmcwnpqx3YR pa/VUV/nKEwSVnPiXplwdzqc20JN/l2FRGaNoIL6CBSbXm+VnnON8sd+Cz+921NJ kWk6MHCDElQjV7pZd+F0y/LlYoh9tTq2C3oC7a+FgD/QrhcbY/kuthpdHzkvil8B 37G8U2+LHLRNFKuZfwV8bsHluG/DakawKh+hknzEWJsco871xn74/WcbKMnDTif3 HjUVzbkcQyizAtUQUVCjD4SlYdZSHyo1JLwyDu4CHJw53C3BLHgBBH71WlYAGLFm ENW3szATy8040XWvqv5T1bhpc6dOXXbnFoGNLNCl1SprNwSiz3eesHGPIyNdIfE= =p5uM -----END PGP SIGNATURE----- _______________________________________________ Messaging mailing list [email protected] https://moderncrypto.org/mailman/listinfo/messaging
