Re: bad signature on encrypted and signed block?
On Fri, Jul 21, 2006 at 03:00:34PM -0300, Luis wrote: > Can a GPG encrypted AND signed block (as in $gpg -a -e -s -r [EMAIL PROTECTED] > msg.txt) end up showing a "BAD signature" warning? Or is it impossible > because changes to the block would make it invalid, giving a CRC error > before the signature could be checked? No, it is definitely possible. The CRC is not nearly as strong as the signature for validation. David ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
bad signature on encrypted and signed block?
Can a GPG encrypted AND signed block (as in $gpg -a -e -s -r [EMAIL PROTECTED] msg.txt) end up showing a "BAD signature" warning? Or is it impossible because changes to the block would make it invalid, giving a CRC error before the signature could be checked? Thanks for any info or pointers on this. -- Luis ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Version of signatures
On Wed, Jul 19, 2006 at 04:45:51PM +0200, Philipp Gühring wrote: > Hi, > > Which version of OpenPGP signature format is being used by GnuPG 1.4.1? > Is it always version 4 signatures? > Does it depend on the key? Yes, it depends on the key and a number of other details (is it a data signature or a signature on a key? Does the signature expire? Does the signature have a notation on it? etc, etc.) David ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: How to verify the file was successfully encrypted...
> > How about if you append a hash of the file to the file, and encrypt that > > too? Then have the remote machine do the trial decrypt-and-check-hash. If > > all is OK the remote machine can then tell the local one to delete the > > original; and if it's not OK, it can scream at you. > > Better than that, if you get GPG to sign the file when it encrypts it > (using a passwordless key/subkey) and/or use the MDC option, you'll be > able to do this more reliably... Wasn't the original poster looking for something which didn't require trusting one particular piece of software? If they're happy to go with gpg, or to use two different PGP implementations at the two ends, then sign+encrypt would indeed appear to cover it. (Of course, it's not quite true signing, in the sense that it's only there as a check against corruption, and the signing key will be visible on the source machine.) -- Dr George D M Ross, School of Informatics, University of Edinburgh Kings Buildings, Mayfield Road, Edinburgh, Scotland, EH9 3JZ Mail: [EMAIL PROTECTED] Voice: +44 131 650 5147 Fax: +44 131 667 7209 PGP: 1024D/AD758CC5 B91E D430 1E0D 5883 EF6A 426C B676 5C2B AD75 8CC5 pgpvmdXJWngTW.pgp Description: PGP signature ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Version of signatures
Hi, Which version of OpenPGP signature format is being used by GnuPG 1.4.1? Is it always version 4 signatures? Does it depend on the key? Best regards, Philipp Gühring ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
