[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Hiding conventionally encrypted messages in PGP messages to someelse.


Paul Franklin <[email protected]> writes:

>> To create such a file, we would simply create as PGP usually does,
>> except that we specify or record the conventional IDEA key used. Then to
>> decrypt the file, we simply ignore the RSA headers and use the specified
>> or recorded conventional IDEA key. We could even insure that the IDEA
>> key in the RSA encrypted headers is wrong. So, obiwan can not reveal
>> the data even if Darth can seize him.

>> I have created a hack to PGP ui to do all of the above!

>Isn't this what pgp -c does?

No pgp -c creates a conventionally encrypted file that appears
to be a conventionally encrypted file. If you run such a file
thru pgp, pgp will report that it is a conventionally encrypted file
even if you do not know the password. If you have such a file Darth
Vader will assume that you can decrypt it.

My hack allows you to created a file which appears to be pgp public key
encrypted to someone else, but which you also (or perhaps you only) can
decrypt. (Because you have specified or recored the conventional idea
key.) Hopefully, Darth will be fooled in to thinking that you can not
decrypt the file.

Version: 2.6