[olug] quick pgp question

Christopher Cashell topher at zyp.org
Thu Jun 10 02:09:43 UTC 2004


At Wed, 09 Jun 04, Unidentified Flying Banana K.J. Kirwan, said:
> Actually, you are both right.  
> 
> I know S/Mime works this way, and I think GPG does too.  
> 
> A signed (but not "encrypted") email is *sent twice* in 
> the same email, one after the other, first in plaintext, 
> then encrypted with the senders' private key.  (But don't 
> believe me, find one and "view message source" for yourself.)  

Nope.  PGP/GPG doesn't work this way.

With a signed, but not encrypted e-mail, PGP/GPG will do one of two
things, depending on if you're sending it inline (old way) or OpenPGP
(PGP/MIME).  (Note, if I refer to PGP below, consider that to mean
either PGP or GPG, or even the OpenPGP standard, to which both PGP and
GPG currently support.)

If you're sending it inline, then PGP modifies the e-mail itself by
doing ASCII armoring and adding '-----BEGIN PGP SIGNED MESSAGE-----'
lines to the start and end of the PGP signed part.  Immediately
following those lines, it adds a PGP signature, which is basically a
cryptographic hash of the e-mail body, created with a PGP private key.

Then, someone with a PGP public key matching that private key can verify
that the hash matches the e-mail body, and that the body hasn't been
altered.

With OpenPGP (PGP/MIME), it works similarly but instead of modifying the
e-mail body, PGP simply creates a cryptographic hash for the entire MIME
part of the e-mail, and the signature is then attached as a separate
MIME attachment.

> This results in a message which (in ordinary email clients) 
> can still be read (proving nothing) and is followed by an 
> equal amount of gibberish, which may or may not be supressed.  

With PGP, you can always read it.  With inline PGP, you simply read
around the 'BEGIN PGP' lines.  With OpenPGP (MIME), you simply read the
normal text e-mail, and ignore the PGP signature.

> A secure email client will get the sender's public key, 
> decrypt the encrypted copy of the message, and compare the 
> two copies against each other, looking for tampering.  If there 
> are no differences between them, then the plaintext message is 
> (1) unaltered, and (2) could only have been created by the sender.  

With PGP, for signatures, there is no real encryption or decryption
taking place, just cryptographic hashing (signing) of an e-mail.

> If the email is to be "signed and encrypted", then both copies of 
> the same message get encrypted a *second time* but this time with 
> the intended receiver's public key, resulting in a message that can 
> only be read by the recipient, and could only have been created 
> by the sender.  

With a signed and encrypted e-mail, PGP first generates a signed e-mail,
in the manner mentioned above.  PGP then compresses and encrypts the
e-mail using the receiver's public key (and usually the singer's as
well, so that they can still view the e-mail they sent).

When the e-mail arrives, the recipient uses their private key to decrypt
the e-mail, and then uses the sender's public key to verify the
signature, ensuring that the e-mail was sent by the sender, and that it
wasn't changed or tampered with.

> If any of this is not so in GPG, please let me know, as I am 
> planning to give GPG a try soon via Mozilla/Enigmail.  Thanks.  

Good call.  S/MIME isn't necessarily bad, but OpenPGP has greatly
overtaken it, in terms of how widely used it is.  At this point, I'd
definitely encourage people to use OpenPGP.

> Kim Kirwan

-- 
| Christopher
+------------------------------------------------+
| Here I stand.  I can do no other.              |
+------------------------------------------------+



More information about the OLUG mailing list