On 11.04.2013 14:35, Richard Damon wrote:
Next problem: Mailman will have to decrypt the message and re-encrypt it for each recipient. This also strips the signature of the original sender. How do you show to the recipients that the original message was signed (in a way which cannot be forged by any other sender)?
Decrypting and re-encrypting shouldn't break signatures as the sender should First sign the unencrypted message, and then encrypt it. The signature can then be passed on in the re-encrypted message, and people can do their verification of the signature.
True, the PGP file structure encapsulates the signature within the encryption (in contrast to S/MIME, which does it vice versa). But the standard PGP binary will strip both in one step, so keeping the signature won't work out of the box (at least I didn't manage to do that, I'd be really interested how to do that - would be useful for searchable mail archives).
Stefan.