OpenPGP signature spoofing using HTML
OpenPGP signature spoofing using HTML
[Security] Posted Oct 11, 2018 16:58 UTC (Thu) by hannob
Beyond just encrypting messages, and thus providing secrecy, the OpenPGP standard also enables digitally signing messages to authenticate the sender. Email applications and plugins usually verify these signatures automatically and will show whether an email contains a valid signature. However, with a surprisingly simple attack, it's often possible to fool users by faking — or spoofing — the indication of a valid signature using HTML email.