[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Hiding conventionally encrypted messages in PGP messages to someelse.



In article <[email protected]> you wrote:


> -----BEGIN PGP SIGNED MESSAGE-----

> I have been thinking about steganography lately. Correct me if I am
> wrong, but it seems to me that if one wants to hide encrypted data, then
> all this public key encryption stuff becomes irrelevant. It seems that
> the sender and the recipient must agree on a way to hide the data. The
> time of this agreement is a perfect time to exchange conventional
> key(s).

> Speaking of conventional encryption, PGP uses conventional
> encryption (IDEA). So if we wish to hide conventionally encrypted
> data, why not use the purloined letter method, and hide it as the
> conventionally encrypted data in a PGP encrypted file?

> To create such a file, we would simply create as PGP usually does,
> except that we specify or record the conventional IDEA key used. Then to
> decrypt the file, we simply ignore the RSA headers and use the specified
> or recorded conventional IDEA key. We could even insure that the IDEA
> key in the RSA encrypted headers is wrong. So, obiwan can not reveal
> the data even if Darth can seize him.

> I have created a hack to PGP ui to do all of the above!

Isn't this what pgp -c does?