From: Paul Franklin <franklin@sl9.sr.hp.com>
Date: Sat, 3 Sep 94 01:38:51 PDT
To: cypherpunks@toad.com
Subject: Re: Hiding conventionally encrypted messages in PGP messages to someelse.
Message-ID: <199409030838.AA179351514@sl9.sr.hp.com>
MIME-Version: 1.0
Content-Type: text/plain



In article <199409030238.AA18130@xtropia> you wrote:


> -----BEGIN PGP SIGNED MESSAGE-----

> I have been thinking about steganography lately. Correct me if I am
> wrong, but it seems to me that if one wants to hide encrypted data, then
> all this public key encryption stuff becomes irrelevant. It seems that
> the sender and the recipient must agree on a way to hide the data. The
> time of this agreement is a perfect time to exchange conventional
> key(s).

> Speaking of conventional encryption, PGP uses conventional
> encryption (IDEA). So if we wish to hide conventionally encrypted
> data, why not use the purloined letter method, and hide it as the
> conventionally encrypted data in a PGP encrypted file?

> To create such a file, we would simply create as PGP usually does,
> except that we specify or record the conventional IDEA key used. Then to
> decrypt the file, we simply ignore the RSA headers and use the specified
> or recorded conventional IDEA key. We could even insure that the IDEA
> key in the RSA encrypted headers is wrong. So, obiwan can not reveal
> the data even if Darth can seize him.

> I have created a hack to PGP ui to do all of the above!

Isn't this what pgp -c does?