Encryption to key with multiple subkeys
Joke de Buhr
joke at seiken.de
Wed May 12 01:34:10 CEST 2010
On Tuesday 11 May 2010 23:02:18 markus reichelt wrote:
> * Joke de Buhr <joke at seiken.de> wrote:
> > I'm not quiet sure but shouldn't gnupg encrypt to both (all
> > not-revoked) encryption keys in this case? This way the user could
> > decrypt the encrypted message (email) regardless what encryption
> > keys secrets are available at the current location.
> Nope. More to the point, think about people having both private UID
> and business UID on the same key - the way you describe it could mix
> things up badly.
Gnupg always choosing the last created encryption subkey doesn't prevent any
kind of mix-up if a key has a private UID and a business UID. There is no
connection between UID and the chosen subkey.
There isn't a way of specifing UID_0 (business) use encryption subkey_1 and
UID_1 (private) use encryption subkey_0. At least no way I know about.
A user with two encryption keys will always get messages encrypted to the
latest subkey regardless of specifying the business UID or private UID as
recipient unless the sender explicitly selected a particular subkey for
> (I guess you know how to tell people to use a specific subkey)
Telling people which key to use doesn't solve the problem. Think about me
switching places between two computers. Each computer got only one of the two
encryption secret keys. So if one computer gets compromised I only loose that
specific encryption secret key which can then be revoked from the primary key.
PC_0 has the secret key to encryption subkey_0 and PC_1 has the secret key to
encryption subkey_1. If I tell people to use subkey_0 I won't be able to
decrypt the message if I'm working on PC_1. If I'm working on PC_0 I can't
decrypt the message if the users used subkey_1 for encryption.
Since people don't know where I might receive mails I most certainly will get
messages which are intended to be read by the owner of the primary key in over
words me but since I don't have the correct public key the sender specified I
can't read the message until I switch computers again.
On the other hand if a user doesn't specify particular subkey which is certain
if he uses a default mailing program gnupg will always pick the last subkey so
if I'm currently working on PC_0 (subkey_0) I can't decrypt the message at
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Size: 706 bytes
Desc: This is a digitally signed message part.
More information about the Gnupg-users