#240 ✓invalid
Roman Wedemeier

GPGServices should sign the encrypted message. Not vice versa.

Reported by Roman Wedemeier | June 14th, 2017 @ 02:01 PM

I was wondering, what is exactly in the attached file, when i send an email, that was encrypted and signed before. So i opened the file and tried to decrypt the file and it was decrypted successfully. Then i opened the file and i could see the email, with the sent message and the signature...

Now i try to understand how this can be safe. In my understanding, a message should be signed, to verify the sender. When i receive an encrypted message, with the signature encrypted inside, i have to decrypt the message before i can verify the sender (as i dit in fact in my testing example). But now i can not be sure who is the sender and therefore i can not be sure, whether it is secure, to decrypt it. Wouldn't it be much better, to first encrypt a message?

Also i repeated the test with Thunderbird / Enigmail and here the result is, that OpenPGP tells me, after (or before?) decrypting file, that the file is signed. Then the decrypted file does not contain the signature.

This looks much safer to me.

I use Apple Mail 10.3 (3273) with GPGMail 2.7b3 build 1215b

Comments and changes to this ticket

  • steve

    steve June 14th, 2017 @ 03:30 PM

    • State changed from “new” to “invalid”
    • Importance changed from “” to “Low”

    Hey Roman,

    could you please re-post your question on our support platform. We'll then take a closer look at your problem. Once the issue at hand is isolated, we’ll create a ticket here, which is our actual bug tracker.

    Kind regards,
    steve

  • Roman Wedemeier

    Roman Wedemeier June 14th, 2017 @ 04:08 PM

    Yes sure i can do that as soon as possible.

    Sorry for mixing this up. :-)

  • steve

    steve June 14th, 2017 @ 05:53 PM

    Sure, no worries. You can just copy paste your comment as is. We cannot access your email address on this bug tracker, otherwise I would have copied your question over to support. But that's not possible, tech wise.

Please Sign in or create a free account to add a new ticket.

With your very own profile, you can contribute to projects, track your activity, watch tickets, receive and update tickets through your email and much more.

New-ticket Create new ticket

Create your profile

Help contribute to this project by taking a few moments to create your personal profile. Create your profile »

Shared Ticket Bins

People watching this ticket

Pages