#240 GPGServices should sign the encrypted message. Not vice versa. - GPGServices

Type	To find
responsible:me	tickets assigned to you
tagged:"@high"	tickets tagged @high
milestone:next	tickets in the upcoming milestone
state:invalid	tickets with the state invalid
created:"last week"	tickets created last week
sort:number, importance, updated	tickets sorted by #, importance or updated
Combine keywords for powerful searching.
Use advanced searching »

#240 ✓invalid

GPGServices should sign the encrypted message. Not vice versa.

Reported by Roman Wedemeier | June 14th, 2017 @ 02:01 PM

I was wondering, what is exactly in the attached file, when i send an email, that was encrypted and signed before. So i opened the file and tried to decrypt the file and it was decrypted successfully. Then i opened the file and i could see the email, with the sent message and the signature...

Now i try to understand how this can be safe. In my understanding, a message should be signed, to verify the sender. When i receive an encrypted message, with the signature encrypted inside, i have to decrypt the message before i can verify the sender (as i dit in fact in my testing example). But now i can not be sure who is the sender and therefore i can not be sure, whether it is secure, to decrypt it. Wouldn't it be much better, to first encrypt a message?

Also i repeated the test with Thunderbird / Enigmail and here the result is, that OpenPGP tells me, after (or before?) decrypting file, that the file is signed. Then the decrypted file does not contain the signature.

This looks much safer to me.

I use Apple Mail 10.3 (3273) with GPGMail 2.7b3 build 1215b

Comments and changes to this ticket

steve June 14th, 2017 @ 03:30 PM
- State changed from “new” to “invalid”
- Importance changed from “” to “Low”
Hey Roman,

could you please re-post your question on our support platform. We'll then take a closer look at your problem. Once the issue at hand is isolated, we’ll create a ticket here, which is our actual bug tracker.

Kind regards,
steve
You flagged this item as spam.
Roman Wedemeier June 14th, 2017 @ 04:08 PM
Yes sure i can do that as soon as possible.

Sorry for mixing this up. :-)
steve June 14th, 2017 @ 05:53 PM
Sure, no worries. You can just copy paste your comment as is. We cannot access your email address on this bug tracker, otherwise I would have copied your question over to support. But that's not possible, tech wise.

Please Sign in or create a free account to add a new ticket.

With your very own profile, you can contribute to projects, track your activity, watch tickets, receive and update tickets through your email and much more.

Create new ticket

Create your profile

Help contribute to this project by taking a few moments to create your personal profile. Create your profile »

Shared Ticket Bins (Sort)

↓↑ drag 37 Open tickets
↓↑ drag 0 Resolved tickets
↓↑ drag 0 This week's tickets

Gpgtools GPGServices

GPGServices should sign the encrypted message. Not vice versa.

Comments and changes to this ticket

steve June 14th, 2017 @ 03:30 PM

Roman Wedemeier June 14th, 2017 @ 04:08 PM

steve June 14th, 2017 @ 05:53 PM

Create your profile

Shared Ticket Bins (Sort)

People watching this ticket

Pages

Gpgtools GPGServices

Keyword searching

GPGServices should sign the encrypted message. Not vice versa.

Comments and changes to this ticket

steve June 14th, 2017 @ 03:30 PM

Roman Wedemeier June 14th, 2017 @ 04:08 PM

steve June 14th, 2017 @ 05:53 PM

Create your profile

Shared Ticket Bins (Sort)

People watching this ticket

Pages