allanirving at allanirving.co.uk
Mon Jun 9 14:38:53 UTC 2014
I see. That helps clear things up. Out of interest, can one edit the
comment left by a mail program on a signature and or the format? I'd
personally prefer to have the message signed after my message, so it would
say start there, rather with my message inbetween. Looks a bit...untidy.
However, if it's the only way, then so be it.
*This message, and any attachments to it, may contain information that is
privileged, confidential, copyrighted and exempt from disclosure under
applicable law. If the reader of this message is not the intended
recipient, you are notified that any use, dissemination, distribution,
copying, or communication of this message is strictly prohibited. If you
have received this message in error, please notify the sender immediately
by return email and delete the message and any attachments. *
On 9 June 2014 15:35, Adam Sampson <ats at offog.org> wrote:
> Allan Irving <allanirving at allanirving.co.uk> writes:
> > What I see at the moment, when a message is just signed, is a wrapper
> > consisting of the encryption type the public key uses and then the key
> > itself towards the bottom. How does GPG prevent someone from copying
> > spoofing an email address and then signing a message?
> The signature data at the bottom isn't your public key. It's [*] a hash
> of the message, encrypted with your private key. To verify the
> signature, the receiver decrypts the signature using your public key,
> and checks it matches the hash of the message they received.
> If someone copied the signature onto a different message, the hash of
> the new message wouldn't match the hash retrieved from the signature, so
> verification would fail.
> [*] This is simplified a bit, and there are other ways of doing digital
> signatures that have the same effect. See the GPG manual:
> Adam Sampson <ats at offog.org> <http://offog.org/>
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Discussion