In article <199409030238.AA18130@xtropia> you wrote:
-----BEGIN PGP SIGNED MESSAGE-----
I have been thinking about steganography lately. Correct me if I am wrong, but it seems to me that if one wants to hide encrypted data, then all this public key encryption stuff becomes irrelevant. It seems that the sender and the recipient must agree on a way to hide the data. The time of this agreement is a perfect time to exchange conventional key(s).
Speaking of conventional encryption, PGP uses conventional encryption (IDEA). So if we wish to hide conventionally encrypted data, why not use the purloined letter method, and hide it as the conventionally encrypted data in a PGP encrypted file?
To create such a file, we would simply create as PGP usually does, except that we specify or record the conventional IDEA key used. Then to decrypt the file, we simply ignore the RSA headers and use the specified or recorded conventional IDEA key. We could even insure that the IDEA key in the RSA encrypted headers is wrong. So, obiwan can not reveal the data even if Darth can seize him.
I have created a hack to PGP ui to do all of the above!
Isn't this what pgp -c does?