[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: secure sign & encrypt
----- Original Message -----
From: "Derek Atkins" <derek@xxxxxxxxx>
To: "vedaal" <vedaal@xxxxxxxxxxx>
Cc: <ietf-openpgp@xxxxxxx>
Sent: Tuesday, May 21, 2002 10:33 AM
Subject: Re: secure sign & encrypt
>
> sorry, vedaal, but you are incorrect. With current OpenPGP is _IS_
> possible to strip off the encryption from a message and re-encrypt it
> to another user, keeping the signature intact. In fact, back in the
> early 90's (and mid-90's when we were first designing the pre-OpenPGP
> packets), this was in fact a design goal!
>
> Remember that a signed/encrypted message looks like:
>
> ESK{PubA, K} ... Enc{K, PreSig{Hash{M}}, Lit{M}, PostSig{Hash{M}}}
>
> Given this format, you can easily replace the K in ESK{} and Enc{}
> without destroying the Presig,Literal,PostSig packets.
Wouldn't that cause a CRC error, indicating that the message was tampered
with?
Or could a new CRC be calculated and included in the new re-encrypted
message?
Also, could the MDC be utilized to prevent such substitutions, by detecting
alterations of any of the packets?
Thanks,
vedaal
{i don't know, so am asking}