Ugly question

John A. Martin jam at
Mon Jan 25 17:08:16 CET 1999

>>>>> "Werner" == Werner Koch
>>>>> "Re: Ugly question"
>>>>>  Mon, 25 Jan 1999 21:32:04 +0100

I'm afraid I did not ask my questions clearly.  If you guess that is
because I dunno what I'm asking about, that is right.

    Werner> "John A. Martin" <jam at> writes:
    >> Does a gpg user, or any user, know whether a pgp5+ public key
    >> corresponds to a private key that is subject to GAK/CAK.

    Werner> If you are talking about forced encryption to another
    Werner> parts - that is possible with gpg too: add some recipient
    Werner> lines into the options file and you have it; but sure you
    Werner> can disable it by using another option file - anyway if
    Werner> you don't trust your sysadmin you should not use an
    Werner> encryption program on such a system.

What I am trying to get at is whether when encrypting to a public key
can gpg tell whether the private decrypting key is split or shared.  I
thought it had been mentioned on this list that the n-of-m split is
how Commercial PGP does key recovery.

Perhaps there is something obvious about split or shared keys or how
they are used that I don't know about.

    >> Will rfc2440 (sec split-key and group-key flags
    >> permit an

    Werner> These attributes are not yet specified (I know that pgp 6
    Werner> uses them).  and split keys really make sense.

Yes, split keys are interesting.  But would it not be evil in some
cases to be accepting a signature from or encrypting to a split key
when thinking it was an ordinary key?  Would the nominal owner of a
split key know that it was split or that part(s) of the split were
given to Big Brother or even just to his boss?

    >> private key?  How do we know whether the key flags can be
    >> trusted?

    Werner> by reading the source.

I meant, thinking that whatever we know about a key is what it
carries, how do we know that someone else's public key that goes with
a split private key does not masquerade as one that goes with a normal
private key.

    Werner> Semi-automatically encryption to another reciepient really
    Werner> makes sense in some cases but it should never happen in
    Werner> disguise.

Yes, at the encryptors option.  Do you mean that one cannot
unknowingly encrypt to a split-key or to a shared key when thinking it
is a normal key?

I guess another way of asking is whether the public key belonging to a
split or shared private key carries information to that effect and
whether that information can be spoofed or whether it is protected at
least by the signatures on the public key?

Sorry to be a pest, but this seems very murky to me.


More information about the Gnupg-devel mailing list