3

We do compression in PGP.
Does this step increase/decrease or either have any effect regarding the authentication of a message?

e-sushi
  • 17,891
  • 12
  • 83
  • 229
Sharmin
  • 227
  • 2
  • 8
  • 1
    Probably a duplicate of http://crypto.stackexchange.com/questions/2182/is-compressing-data-prior-to-encryption-necessary-to-reduce-plaintext-redundancy – archie Apr 05 '14 at 01:09
  • @archie This question specifically asks about authentication. The question you linked to is more general. The answers there don't really address authentication. I'm guessing the OP is thinking that creating two messages with the same compressed version is easier than a traditional (hash function) collision attack. The idea being that perhaps if you had two messages with the same compressed version, then the signature would be the same. Perhaps the OP can comment. – mikeazo Apr 07 '14 at 16:55
  • May I know why I get down-voted! – Sharmin Apr 07 '14 at 17:28
  • And above links are not related if you look carefully my question! – Sharmin Apr 07 '14 at 17:30
  • But thanks for the above links; they are helpful. – Sharmin Apr 07 '14 at 17:34

1 Answers1

4

From RFC 4880 - Open PGP Message Format (emphasis added)

OpenPGP implementations SHOULD compress the message after applying the signature but before encryption.

As the signature provides authentication, and you specifically ask about authentication, I think that quote from the RFC should answer your question. Compression does not affect authentication of the message at all as the authentication step (signing) is applied before compression. See the question archie linked for other issues with compression.

Community
  • 1
mikeazo
  • 38,563
  • 8
  • 112
  • 180