Reputation: 17
Is there any way to encrypt and then sign with GPG?
I am working on a tool that sends out automated reports to our clients. This specific client wants the file to be encrypted and then signed. I have tried several different methods, with hours of searching, and have not had much luck. I know GPG signs then encrypts, but does anyone know if it is possible to swap the order? And if not does anyone know of any command line alternatives that can be run in a Linux container?
Example:
gpg --always-trust --batch --yes -s -u '[email protected]' -r '[email protected]' -o 'test.txt.pgp' -e 'test.txt'
On verify :
gpg: verify signatures failed: Unexpected error
Upvotes: 0
Views: 2964
Answers (3)
Reputation: 10327
There's nothing in the PGP spec that prevents that ordering -- PGP messages are surprisingly flexible and are made up a list of hierarchial packets with few constraints on their ordering and nesting.
The problem with performing two invocations of gpg is you'll end up with two literal data packets, one of which happens to be a validly formatted PGP messages (but parsing code wouldn't know that unless intentionally configured to look for it). It would handle the outer PGP packets, return the "plaintext" bytes, and then stop processing.
A low-level PGP library like Bouncy Castle's Java openpgp library can do this if you wire together the various encryption and signing primitives.
Both orders have potential security concerns that may or may not apply to your situation. When you encrypt-then-sign, attackers that intercept your PGP messages can remove the signature and re-sign it with a private key of their choosing (they never gain access to the decrypted plaintext). If they forward that tampered message to the unsuspecting recipient that they also have a relationship with, it may appear as if the attacker possesses knowledge/secrets that they shouldn't.
sign(encrypt("Credit my account $1,000,000 from secret account number 123-456-789"))
If "my account" is resolved based off the identity of the signer, you'd have a problem. This is known as surreptitious forwarding.
A related concern exists with sign-then-encrypt. The legitimate recipient can decrypt the message, re-encrypt it to a new recipient that expects similarly formatted messages, and then forward it to them. To that recipient, it would look like the original sender just told them to do something (they signed it after all). This is typically less severe than the other problem since it requires a malicious or compromised original recipient.
Upvotes: 2
Reputation: 1
i believe this is what you are looking for:
gpg --sign --encrypt --recipient [email protected] --output encrypted-output.pgp inputfile
Upvotes: -2
Reputation: 14160
GPG doesn't seem to allow this in a single pass. You have two options:
- use a detached signing, then you'll need to send two files: one with encrypted data and second with the signature
- encrypt data in first pass and then sign it in the second. However that would also need two steps on the receiving side: first verify signatures/unwrap data, then decrypt it.
Also it could be useful to ask client what exact format he expects to receive. Just example of gpg --list-packets report-file should be helpful.
Upvotes: 2
Related Questions
- How to encrypt a string without writing it to a file
- How do you verify an encrypted and signed file with gpg?
- How to gpg encrypt with ssh public key?
- GnuPG encrypt with private key
- Signing and Encrypting file via GnuPG encryption
- Encrypt with GPG without adding stuff to the encrypted file?
- Create pgp file with gpg from command line
- What is the command line equivalent for "sign, armor and encrypt" using GPA - PGP?
- gnupg - need to be able to decrypt, without being able to encrypt
- Can I Encrypt File Using PGP Desktop and decrypt it Useing OpenPG or GPG4Win & Vice Versa