Mailing List Archive

"John A. Martin" <jam@jamux.com> writes:

> Does a gpg user, or any user, know whether a pgp5+ public key
> corresponds to a private key that is subject to GAK/CAK. If these

If you are talking about forced encryption to another parts - that is
possible with gpg too: add some recipient lines into the options file
and you have it; but sure you can disable it by using another option
file - anyway if you don't trust your sysadmin you should not use an
encryption program on such a system.

> properties are unknowable then should gpg give a warning when it sees
> a key that does not look like it is rfc2440 compliant?

rfc2440 does not specifify such thinks (actually they have been
removed from a very early draft)

> Will rfc2440 (sec 5.2.3.20) split-key and group-key flags permit an

These attributes are not yet specified (I know that pgp 6 uses them).
and split keys really make sense.

> private key? How do we know whether the key flags can be trusted?

by reading the source.

GnuPG provides the full source and you can add or remove everything
you like or don't like. Semi-automatically encryption to another
reciepient really makes sense in some cases but it should never happen
in disguise.


Werner


Werner

>>>>> "Werner" == Werner Koch
>>>>> "Re: Ugly question"
>>>>> Mon, 25 Jan 1999 21:32:04 +0100

I'm afraid I did not ask my questions clearly. If you guess that is
because I dunno what I'm asking about, that is right.

Werner> "John A. Martin" <jam@jamux.com> writes:
>> Does a gpg user, or any user, know whether a pgp5+ public key
>> corresponds to a private key that is subject to GAK/CAK.

Werner> If you are talking about forced encryption to another
Werner> parts - that is possible with gpg too: add some recipient
Werner> lines into the options file and you have it; but sure you
Werner> can disable it by using another option file - anyway if
Werner> you don't trust your sysadmin you should not use an
Werner> encryption program on such a system.

What I am trying to get at is whether when encrypting to a public key
can gpg tell whether the private decrypting key is split or shared. I
thought it had been mentioned on this list that the n-of-m split is
how Commercial PGP does key recovery.

Perhaps there is something obvious about split or shared keys or how
they are used that I don't know about.

>> Will rfc2440 (sec 5.2.3.20) split-key and group-key flags
>> permit an

Werner> These attributes are not yet specified (I know that pgp 6
Werner> uses them). and split keys really make sense.

Yes, split keys are interesting. But would it not be evil in some
cases to be accepting a signature from or encrypting to a split key
when thinking it was an ordinary key? Would the nominal owner of a
split key know that it was split or that part(s) of the split were
given to Big Brother or even just to his boss?

>> private key? How do we know whether the key flags can be
>> trusted?

Werner> by reading the source.

I meant, thinking that whatever we know about a key is what it
carries, how do we know that someone else's public key that goes with
a split private key does not masquerade as one that goes with a normal
private key.

Werner> Semi-automatically encryption to another reciepient really
Werner> makes sense in some cases but it should never happen in
Werner> disguise.

Yes, at the encryptors option. Do you mean that one cannot
unknowingly encrypt to a split-key or to a shared key when thinking it
is a normal key?

I guess another way of asking is whether the public key belonging to a
split or shared private key carries information to that effect and
whether that information can be spoofed or whether it is protected at
least by the signatures on the public key?

Sorry to be a pest, but this seems very murky to me.

jam

"John A. Martin" <jam@jamux.com> writes:

> What I am trying to get at is whether when encrypting to a public key
> can gpg tell whether the private decrypting key is split or shared. I
> thought it had been mentioned on this list that the n-of-m split is
> how Commercial PGP does key recovery.

No and I don't know how split keys work in pgp 5 or 6 it is not
documented. How does a plit key mechanism helps with key recovering.
The reason to split keys is to share a secret between some entities -
each part should be strong enough to withstand an attack on one part.

> Yes, split keys are interesting. But would it not be evil in some
> cases to be accepting a signature from or encrypting to a split key
> when thinking it was an ordinary key? Would the nominal owner of a

But how can I distinguish split keys and not splitted ones? You will
notice that GnuPG can't decrypt/verify with a split key



Werner

>>>>> "Werner" == Werner Koch
>>>>> "Re: Ugly question"
>>>>> Wed, 27 Jan 1999 14:24:11 +0100

Werner> "John A. Martin" <jam@jamux.com> writes:
>> What I am trying to get at is whether when encrypting to a
>> public key can gpg tell whether the private decrypting key is
>> split or shared. I thought it had been mentioned on this list
>> that the n-of-m split is how Commercial PGP does key recovery.

Werner> No and I don't know how split keys work in pgp 5 or 6 it
Werner> is not documented. How does a plit key mechanism helps
Werner> with key recovering. The reason to split keys is to share
Werner> a secret between some entities - each part should be
Werner> strong enough to withstand an attack on one part.

Yes, secret sharing. I am so foggy on the key recovery part that I
had better let it drop at least until I can pose a sensible question.

>> Yes, split keys are interesting. But would it not be evil in
>> some cases to be accepting a signature from or encrypting to a
>> split key when thinking it was an ordinary key? Would the
>> nominal owner of a

Werner> But how can I distinguish split keys and not splitted
Werner> ones?

That is what I was asking about. :-)

Werner> You will notice that GnuPG can't decrypt/verify with a
Werner> split key

You have said that you would like to sometime, right?

Thanks for trying to deal with my poorly formed questions.

jam