How can I add encrypted comments.

classic Classic list List threaded Threaded
8 messages Options
Reply | Threaded
Open this post in threaded view
|

How can I add encrypted comments.

GnuPG - User mailing list


I am encrypting and signing documents with myself as the receiver. Nobody else will want to look inside them. Is it possible to add encrypted comments or other information to a separated signature file; and later retrieve this additional information? I want to be able to decrypt the signature file alone and retrieve all the information I put inside it.


Thanks,


Ayoub


_______________________________________________
Gnupg-users mailing list
[hidden email]
http://lists.gnupg.org/mailman/listinfo/gnupg-users
Reply | Threaded
Open this post in threaded view
|

Re: How can I add encrypted comments.

GnuPG - User mailing list
On 1/14/2021 at 4:47 AM, "Ayoub Misherghi via Gnupg-users" <[hidden email]> wrote:


I am encrypting and signing documents with myself as the receiver. Nobody else will want to look inside them. Is it possible to add encrypted comments or other information to a separated signature file; and later retrieve this additional information? I want to be able to decrypt the signature file alone and retrieve all the information I put inside it.


=====

Not exactly, 

but functionally, yes, it can be done.


[1] Armor the signature file    (   gpg --armor filename.sig  )   this outputs to filename.sig.asc


[2[ Armor your encrypted comments, and copy them to the end of the filename.sig.asc,

(leave one blank line between the pgp footer of the signature file, and the pgp header of the encrypted file)


[3] Save the whole thing as filename.sig.asc


[4] gpg filename.sig,asc  will automatically verify the sig if the original signed file 'filename' is present, and also decrypt the added comments


vedaal


_______________________________________________
Gnupg-users mailing list
[hidden email]
http://lists.gnupg.org/mailman/listinfo/gnupg-users
Reply | Threaded
Open this post in threaded view
|

Re: How can I add encrypted comments.

GnuPG - User mailing list
In reply to this post by GnuPG - User mailing list
On Thu, Jan 14, 2021 at 10:46 AM Ayoub Misherghi via Gnupg-users
<[hidden email]> wrote:
>
>
> I am encrypting and signing documents with myself as the receiver. Nobody else will want to look inside them. Is it possible to add encrypted comments or other information to a separated signature file; and later retrieve this additional information? I want to be able to decrypt the signature file alone and retrieve all the information I put inside it.

You can add Comments: to a detached signature, yes, but beware that these
encrypted content must be seperated for each comment line.

I have not tested this yet, but you could with a shell script use some format
or lenght preserving encryption software, like Google's Adiantum with a base64
encoder and then would have the smallest possible symmetrically encrypted
output for a message as Comment: line. You can do this also manually
of course as much as you wish because it does not invalidate the signature.

Hope this helps a bit.

Regards
Stefan

_______________________________________________
Gnupg-users mailing list
[hidden email]
http://lists.gnupg.org/mailman/listinfo/gnupg-users
Reply | Threaded
Open this post in threaded view
|

Re: How can I add encrypted comments.

GnuPG - User mailing list
On Thu, Jan 14, 2021 at 8:16 PM Stefan Claas
<[hidden email]> wrote:

>
> On Thu, Jan 14, 2021 at 10:46 AM Ayoub Misherghi via Gnupg-users
> <[hidden email]> wrote:
> >
> >
> > I am encrypting and signing documents with myself as the receiver. Nobody else will want to look inside them. Is it possible to add encrypted comments or other information to a separated signature file; and later retrieve this additional information? I want to be able to decrypt the signature file alone and retrieve all the information I put inside it.
>
> You can add Comments: to a detached signature, yes, but beware that these
> encrypted content must be seperated for each comment line.
>
> I have not tested this yet, but you could with a shell script use some format
> or lenght preserving encryption software, like Google's Adiantum with a base64
> encoder and then would have the smallest possible symmetrically encrypted
> output for a message as Comment: line. You can do this also manually
> of course as much as you wish because it does not invalidate the signature.
>
> Hope this helps a bit.

Here is a quick manually inline sig.

First message with GnuPG symmetric content in Comment lines
and second same message with Google's Adiantum+base64

You see the difference, what I mean with format preserving.

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Hello World! :-)

Regards
Stefan
-----BEGIN PGP SIGNATURE-----
Comment: -----BEGIN PGP MESSAGE-----
Comment:
Comment: jA0EBwMCMx3mMIiLwjPH0mgBh3We4k31HkKJ7W8c9oju++X96uaNVB5mMEDJhhr6
Comment: Ao5wibzeivfsfFL9Si2cCc/X9kUG2maKHSwb+51nwtcFSRNT2h99SQlbMPzRkoku
Comment: EkyCpYpeq+d8gyMeJ+uNgEvtAwHF35RYVQ==
Comment: =Vain
Comment: -----END PGP MESSAGE-----

iHUEARYIAB0WIQR61Pk5PUF7u6Rs+mem3tVibXmEGgUCYACeDgAKCRCm3tVibXmE
Gpk6AP98iXZb8gd0NDvOllByTHkrcQvQluXd/db1c5u+skm90gEAj5c991XdP5s5
clB9wwK9G8XoCDJnhfMLWljuvjCM8Ac=
=XJXL
-----END PGP SIGNATURE-----

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Hello World! :-)

Regards
Stefan
-----BEGIN PGP SIGNATURE-----
Comment: vHgPAUzXglLiVFelwf0jjUzXCNIqSrinvNhjF+JRkd8K

iHUEARYIAB0WIQR61Pk5PUF7u6Rs+mem3tVibXmEGgUCYACeDgAKCRCm3tVibXmE
Gpk6AP98iXZb8gd0NDvOllByTHkrcQvQluXd/db1c5u+skm90gEAj5c991XdP5s5
clB9wwK9G8XoCDJnhfMLWljuvjCM8Ac=
=XJXL
-----END PGP SIGNATURE-----

Regards
Stefan

_______________________________________________
Gnupg-users mailing list
[hidden email]
http://lists.gnupg.org/mailman/listinfo/gnupg-users
Reply | Threaded
Open this post in threaded view
|

Re: How can I add encrypted comments.

GnuPG - User mailing list
In reply to this post by GnuPG - User mailing list

On 1/14/2021 10:37 AM, [hidden email] wrote:
On 1/14/2021 at 4:47 AM, "Ayoub Misherghi via Gnupg-users" [hidden email] wrote:


I am encrypting and signing documents with myself as the receiver. Nobody else will want to look inside them. Is it possible to add encrypted comments or other information to a separated signature file; and later retrieve this additional information? I want to be able to decrypt the signature file alone and retrieve all the information I put inside it.


=====

Not exactly, 

but functionally, yes, it can be done.


[1] Armor the signature file    (   gpg --armor filename.sig  )   this outputs to filename.sig.asc


[2[ Armor your encrypted comments, and copy them to the end of the filename.sig.asc,

(leave one blank line between the pgp footer of the signature file, and the pgp header of the encrypted file)


[3] Save the whole thing as filename.sig.asc


[4] gpg filename.sig,asc  will automatically verify the sig if the original signed file 'filename' is present, and also decrypt the added comments


vedaal

=====

I have the concern that if this is not part of GPG, future versions of GPG may not allow it; leaving me in the lurch.


I have these questions:

[Q1] Does this mean "filename.sig.asc" will still be decrypted if "filename" is not present?

[Q2] Is there a reason why the functionality is missing from GPG?

[Q3] The references I find on the internet are directed at users of GPG and not

developers of applications of GPG, can you  please direct me to references that

show me things like the format of the signature file, armor and not?


Thanks,

Ayoub



_______________________________________________
Gnupg-users mailing list
[hidden email]
http://lists.gnupg.org/mailman/listinfo/gnupg-users
Reply | Threaded
Open this post in threaded view
|

Re: How can I add encrypted comments.

GnuPG - User mailing list
In reply to this post by GnuPG - User mailing list

On 1/14/2021 11:52 AM, Stefan Claas wrote:
> On Thu, Jan 14, 2021 at 8:16 PM Stefan Claas
> [hidden email] wrote:
>>
>> On Thu, Jan 14, 2021 at 10:46 AM Ayoub Misherghi via Gnupg-users
>> [hidden email] wrote:
>>>
>>>
>>> I am encrypting and signing documents with myself as the receiver. Nobody else will want to look inside them. Is it possible to add encrypted comments or other information to a separated signature file; and later retrieve this additional information? I want to be able to decrypt the signature file alone and retrieve all the information I put inside it.
>>
>> You can add Comments: to a detached signature, yes, but beware that these
>> encrypted content must be seperated for each comment line.
>>
>> I have not tested this yet, but you could with a shell script use some format
>> or lenght preserving encryption software, like Google's Adiantum with a base64
>> encoder and then would have the smallest possible symmetrically encrypted
>> output for a message as Comment: line. You can do this also manually
>> of course as much as you wish because it does not invalidate the signature.
>>
>> Hope this helps a bit.
>
> Here is a quick manually inline sig.
>
> First message with GnuPG symmetric content in Comment lines
> and second same message with Google's Adiantum+base64
>
> You see the difference, what I mean with format preserving.
>
Hello World! :-)

Regards
Stefan
>
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA256
>
> Hello World! :-)
>
> Regards
> Stefan
> -----BEGIN PGP SIGNATURE-----
> Comment: vHgPAUzXglLiVFelwf0jjUzXCNIqSrinvNhjF+JRkd8K
>
> iHUEARYIAB0WIQR61Pk5PUF7u6Rs+mem3tVibXmEGgUCYACeDgAKCRCm3tVibXmE
> Gpk6AP98iXZb8gd0NDvOllByTHkrcQvQluXd/db1c5u+skm90gEAj5c991XdP5s5
> clB9wwK9G8XoCDJnhfMLWljuvjCM8Ac=
> =XJXL
> -----END PGP SIGNATURE-----
>
> Regards
> Stefan


Yes I see, thanks. You went at length to help me. Can you please point me to a reference that

discusses the standard format of the signature file? I might do something silly.


Best regards,

Ayoub


_______________________________________________
Gnupg-users mailing list
[hidden email]
http://lists.gnupg.org/mailman/listinfo/gnupg-users
Reply | Threaded
Open this post in threaded view
|

Re: How can I add encrypted comments.

GnuPG - User mailing list
On Thu, Jan 14, 2021 at 9:30 PM Ayoub Misherghi <[hidden email]> wrote:

> Yes I see, thanks. You went at length to help me. Can you please point me to a reference that
>
> discusses the standard format of the signature file? I might do something silly.

Here is the offical OpenPGP RFC:

https://tools.ietf.org/html/rfc4880

And have fun doing something 'silly' ! ;-)

Regards
Stefan

_______________________________________________
Gnupg-users mailing list
[hidden email]
http://lists.gnupg.org/mailman/listinfo/gnupg-users
Reply | Threaded
Open this post in threaded view
|

Re: How can I add encrypted comments.

GnuPG - User mailing list
In reply to this post by GnuPG - User mailing list
On Thu, Jan 14, 2021 at 11:15 PM Ayoub Misherghi via Gnupg-users
<[hidden email]> wrote:

>
>
> On 1/14/2021 10:37 AM, [hidden email] wrote:
>
> On 1/14/2021 at 4:47 AM, "Ayoub Misherghi via Gnupg-users" <[hidden email]> wrote:
>
>
> I am encrypting and signing documents with myself as the receiver. Nobody else will want to look inside them. Is it possible to add encrypted comments or other information to a separated signature file; and later retrieve this additional information? I want to be able to decrypt the signature file alone and retrieve all the information I put inside it.
>
>
> =====
>
> Not exactly,
>
> but functionally, yes, it can be done.
>
>
> [1] Armor the signature file    (   gpg --armor filename.sig  )   this outputs to filename.sig.asc
>
>
> [2[ Armor your encrypted comments, and copy them to the end of the filename.sig.asc,
>
> (leave one blank line between the pgp footer of the signature file, and the pgp header of the encrypted file)
>
>
> [3] Save the whole thing as filename.sig.asc
>
>
> [4] gpg filename.sig,asc  will automatically verify the sig if the original signed file 'filename' is present, and also decrypt the added comments
>
>
> vedaal
>
> =====
>
> I have the concern that if this is not part of GPG, future versions of GPG may not allow it; leaving me in the lurch.
>
>
> I have these questions:
>
> [Q1] Does this mean "filename.sig.asc" will still be decrypted if "filename" is not present?
>
> [Q2] Is there a reason why the functionality is missing from GPG?
>
> [Q3] The references I find on the internet are directed at users of GPG and not
>
> developers of applications of GPG, can you  please direct me to references that
>
> show me things like the format of the signature file, armor and not?
>
>
> Thanks,
>
> Ayoub

Sorry for chiming in, the link I gave you is normally meant for implementors of
OpenPGP software. In case this is not so easy to understand you may try a
visually approach, while creating some standard files/sigs and then examine the
armored bytes with this tool:

https://github.com/ConradIrwin/gpg-decoder

Best regards
Stefan

_______________________________________________
Gnupg-users mailing list
[hidden email]
http://lists.gnupg.org/mailman/listinfo/gnupg-users