Standards and PGP wraper

David Pick D.M.Pick at qmw.ac.uk
Tue Nov 10 18:37:41 CET 1998


> David Pick <D.M.Pick at qmw.ac.uk> writes:
> 
> > **But it is essential that there are different passphrases for signatures
> > and encryption keys.** Otherwise you would be revealing the signature key
> > as well as the encryption key, And I'd have considerable problem with
> > doing that.
> 
> It's simple to change the current behaviour, so that you can change
> the passphrase of your encryption only key.  But please don't ask
> me to do this because I do not want to support such laws even by
> considering how to limit the damage of the secret keys.

OK, I won't.

> What are they going to do if you simply forgot your passphrase due to
> the shock when a police task force storms your computer shack?  Hmmm,
> do they really know that a passhrase is never written down in clear.

Oh, yes, they do. Which causes them considerable problems if someone
uses an encrypted filesystem to hide the paedophile pornography, or
whatever.

But under these circumstances the person raided will (if it *does*
become law) have to decide if the likely penalty for refusing to
decrypt the material is more or less than the likely penalty for
any crime he or she might effectively admit to by decrypting the
material.

There are also all sorts of legal problems with the chain-of-custody
of evidence if untrusted individuals (like the accused) are able to
modify the "evidence" after the raid. They can possibly create
confusion by adding "incriminating" evidence after the raid and
claiming *all* such material was added after the raid.

> Such a law does only make sense with a key escrow or a passphrase
> deposition law, I guess.

I can't agree here - but suspect we may have to differ.

But even *without* such a law, I might wish to decide *for myself*
to release the encryption key to demonstrate that I had no unlawful
material. But I'd still be most reluctant to release a signature key.

I've also been looking at the possibility of doing it by (for
example) temporarily removing the passphrase from the secret key,
exporting the secondary (encryption) key only, and then reapplying
(a probably new!) passphrase to the secret key. GnuPG currently
does not seem to allow this possibility either.

Please don't take that last comment as a critical one - I think GnuPG
is much needed and will try as much as I can to support your efforts.
And (as far as I can see) PGP has exactly the same position with
regard to passphrases and/or subkey export. It's just that I happen
to feel that in many ways digital signatures are more important
than the basic encryption, certainly if they become accepted (as
I expect they will) as legally equivalent to traditional hand-written
signatures sometime in the not-so-distant future.

-- 
	David Pick
	D.M.Pick at qmw.ac.uk






More information about the Gnupg-devel mailing list