Keys without signatures
minnesotan at runbox.com
Sun Mar 5 22:11:27 CET 2006
--- Maria Lukas van den Berg <maria.l.vandenberg at gmx.de> wrote:
> However, there is a second requirement. No-one should be
> able to create a second keypair B
> - which has the same key ID as A,
> - where signatures made with A validate against the public
> key of B.
> If such a key B existed, a reader not having the public key
> of A could be tricked into thinking a posting signed by B
> originates from the same person who also signed postings P_1
> to P_n, because the signatures on *all* of those postings
> validate against the public key of B.
> Am I on the right track so far in recognizing the possible
> weaknesses of my scheme?
> If so, is it practically possible to create such a key B?
> If so, what measures could be taken to enhance my scheme?
> How about publishing with every posting P_1 to P_n the
> fingerprint of A? At least a watchful receipient would then
> realize that key B is not the right one for checking the
> signatures on postings P_1 to P_n. That's unless the
> attacker succeeds in creating a key B which also has the
> same fingerprint as A. Is this practically doable?
> And, asking further, how can I make it as hard as possible
> to create a key with the same fingerprint as A? Is the
> length of the key an issue? Would it, e.g., be more secure
> to create a 4096 bit RSA key instead of a 1024 bit DSA key?
> Thanks a lot for your answers and suggestions!
> If there is a mailing list where these topics would fit
> better, I'd also be interested to ask there.
> Best regards, Luke.
Here's one educated opinion on that, that I found:
All the best,
More information about the Gnupg-users