[messaging] Transparency for E2E encrypted messaging at a centralized service
michael at briarproject.org
Wed Mar 26 10:39:32 PDT 2014
-----BEGIN PGP SIGNED MESSAGE-----
On 26/03/14 13:17, Tom Ritter wrote:
> In an online-encrypted document sharing model, for the 98%, this
> with a symmetric key you choose, and stored online by the service.
> OpenPGP-decrypts the document using the password they received
> out-of-band, and downloads it. For the 2%, they PGP-encrypt the
> document using gpg, and upload it, communicate the secret out of
> PGP-decrypt it using gpg. If you build the service correctly, the
> service won't know ahead of time if the document is going to be
> user without a chance of detection.
A nitpick, but does OpenPGP support integrity protection for symmetric
encryption? Last time I looked it just had some kind of hash-based
checksum that the docs warned was not intended to be a real MAC.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)
-----END PGP SIGNATURE-----
More information about the Messaging