[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: secure sign & encrypt
This doesn't help. Any recipient could re-encrypt the message and
change the list of encrypted recipients.
-derek
disastry@xxxxxxxxxx writes:
> disastry wrote:
> > fake pubkey encryption packets can be added
> > by man in the middle so that recipient thinks that message was encrypted
> > to him and to other preson.
> >
> > I wrote about it here:
> > http://lists.gnupg.org/pipermail/gnupg-devel/2001-August/006285.html
>
> I think this can be solved by modifying
> Sym. Encrypted Integrity Protected Data Packet (Tag 18).
>
> Now it is:
>
> version byte == 1
> encrypted data
>
> encrypted data consists of:
> encrypted iv
> encrypted plaintext
> encrypted Modification Detection Code Packet (Tag 19)
>
> I suggest:
>
> version byte == 2
> encrypted data
>
> encrypted data consists of:
> encrypted iv
> encrypted Recipients packet (Tag 20)
> (put it before plaintext - if it would be after it would
> be difficult to find where plaintext ends, when decrypting)
> encrypted plaintext
> encrypted Modification Detection Code Packet (Tag 19)
>
> Recipients packet
> version byte == 1
> number of recipients, 2 bytes (should be enough..)
> number_of_recipients*20 byte list of fingerprints recipient keys
> (16 byte RSA v3 key fingerprints are appended with 4 zeros
> (or maybe with 4 lowest keyid bytes? I think, it's even better))
>
>
> this ensures that recipient list is intact not only for signed & encrypted messages
> but also for encrypted only messages.
>
> __
> Disastry http://disastry.dhs.org/
--
Derek Atkins, SB '93 MIT EE, SM '95 MIT Media Laboratory
Member, MIT Student Information Processing Board (SIPB)
URL: http://web.mit.edu/warlord/ PP-ASEL-IA N1NWH
warlord@xxxxxxx PGP key available