Silk Road forums

Discussion => Security => Topic started by: mseller on December 14, 2011, 11:40 pm

Title: Signing message with text tamper validation
Post by: mseller on December 14, 2011, 11:40 pm
I need help with something. We all know what signing means but we can not check has text were tampered with.
I come accros web page but I was unable to do it myself.

For decryption and verify I use FileAssuruty OpenPGP (free utility http://www.articsoft.com/Download/FileAssurity_OpenPGP_Reader.exe

web page where it describe how to : http://ask-leo.com/what_does_begin_pgp_signed_message_mean.html
do not forget to copy his public key and import it to OpenPGP reader then you will see message where is all cleared ok.Singning info is displayed and tamper validation. If I change something in the text, log will show that message is signed but it can not be validated for text change or forge.

But when I want to verify let say SR clearsign message it gives me that SR signed but there is no prove is text been tampered.

Can somebody look into this and explain step by step how to sign cleartext what can be validated; signed by author and has not been tampered with.
Title: Re: Signing message with text tamper validation
Post by: 1as3df4gh on December 15, 2011, 08:16 am
Not sure exactly what you mean mate.
If you verify a signed message with SRs public key and it says that SR signed it then it is ALSO verifying that the message has not changed since it was signed. If it has changed than it will say that the message is invalid.
Title: Re: Signing message with text tamper validation
Post by: mseller on December 15, 2011, 04:08 pm
Not sure exactly what you mean mate.
If you verify a signed message with SRs public key and it says that SR signed it then it is ALSO verifying that the message has not changed since it was signed. If it has changed than it will say that the message is invalid.
Strange, with kleopatra it works like you said but with that other software not. Anyhow thanks for info.