Details
-
Improvement
-
Status: Closed
-
Major
-
Resolution: Fixed
-
None
-
None
-
Patch Available
-
Unknown
Description
The current PGP Data Format does verify a signature if the PGP message does contain one and it does execute no verification if the PGP message does not contain a signature. There is a use case where a signature verification is always required because the receiver wants to check that the message came from a specific sender. In this case PGP messages not containing a signature should be rejected.
I added the new parameter "signatureVerificationOption" so that you now can specify if a signature is requried, optional, or no signature is allowed during the decryption process.