Closed jaekwon closed 10 years ago
sort of done: https://github.com/jaekwon/scramble/tree/signed_messages
The subject now gets included in the body like
Subject: this is the subject, which also gets encrypted separately
Here is the body
This should also help with RFC 3156 integration.
Scramble currently doesn't sign any of the messages, so it is possible that the message being read was forged.
We should consider whether to have separate keys for encrypting & signing, i.e. the primary key is signing, and a subkey for encrypting. The theoretical security implications of using the same RSA key for signing & encrypting aren't relevant unless the user is signing or encrypting attacker-chosen texts though, so I think it'll be fine. We should get a cryptographer's input on this.
Also note that the resulting combined armored text is rfc3156 compatible. (see section 6.1 & 6.2).