Hiding conventionally encrypted messages in PGP messages to someelse.

Paul Franklin franklin at sl9.sr.hp.com
Sat Sep 3 01:38:51 PDT 1994



In article <199409030238.AA18130 at xtropia> you wrote:


> -----BEGIN PGP SIGNED MESSAGE-----

> I have been thinking about steganography lately. Correct me if I am
> wrong, but it seems to me that if one wants to hide encrypted data, then
> all this public key encryption stuff becomes irrelevant. It seems that
> the sender and the recipient must agree on a way to hide the data. The
> time of this agreement is a perfect time to exchange conventional
> key(s).

> Speaking of conventional encryption, PGP uses conventional
> encryption (IDEA). So if we wish to hide conventionally encrypted
> data, why not use the purloined letter method, and hide it as the
> conventionally encrypted data in a PGP encrypted file?

> To create such a file, we would simply create as PGP usually does,
> except that we specify or record the conventional IDEA key used. Then to
> decrypt the file, we simply ignore the RSA headers and use the specified
> or recorded conventional IDEA key. We could even insure that the IDEA
> key in the RSA encrypted headers is wrong. So, obiwan can not reveal
> the data even if Darth can seize him.

> I have created a hack to PGP ui to do all of the above!

Isn't this what pgp -c does?






More information about the cypherpunks-legacy mailing list