OpenPGP Card

Alphax alphasigmax at gmail.com
Tue Sep 6 16:18:45 CEST 2005


Zeljko Vrba wrote:
> Alphax wrote:
> 
>> Zeljko Vrba wrote:
>>
>>> Joe Smith wrote:
>>>
>>>
>>>> For example, your CA can revoke your key leaving you with one key that
>>>> is invalid X.509, but valid OpenPGP? Yuck!
>>>>
>>>
>>> Using the X.509 cert and OpenPGP public key (having the same private
>>> key) could be useful in the following scenario:
>>>
>>
>> Is that even allowed??
>>
> In what sense allowed? PKCS#11 know nothing about policies.. It just
> exposes a set of objects on the card (certificate, public and private
> keys and maybe some other data objects along with certificates).
> 

It terms of using the same generic public/private keypair... how does
that work?

> The application is free to do whatever it wants with these objects,
> given sufficient authentication to the card (PIN). Technically, there is
> nothing CA can do to prevent you to use your X.509 keys as OpenPGP keys.

I think I might have seen something like that with a Thawte Freemail
root certificate or something... it wasn't pretty :(

(eh, I think I just answered my own question, but I still don't "get it"...)

-- 
Alphax                      |   /"\
Encrypted Email Preferred   |   \ /     ASCII Ribbon Campaign
OpenPGP key ID: 0xF874C613  |    X   Against HTML email & vCards
http://tinyurl.com/cc9up    |   / \



More information about the Gnupg-devel mailing list