OpenPGP Card
Alphax
alphasigmax at gmail.com
Tue Sep 6 16:18:45 CEST 2005
Zeljko Vrba wrote:
> Alphax wrote:
>
>> Zeljko Vrba wrote:
>>
>>> Joe Smith wrote:
>>>
>>>
>>>> For example, your CA can revoke your key leaving you with one key that
>>>> is invalid X.509, but valid OpenPGP? Yuck!
>>>>
>>>
>>> Using the X.509 cert and OpenPGP public key (having the same private
>>> key) could be useful in the following scenario:
>>>
>>
>> Is that even allowed??
>>
> In what sense allowed? PKCS#11 know nothing about policies.. It just
> exposes a set of objects on the card (certificate, public and private
> keys and maybe some other data objects along with certificates).
>
It terms of using the same generic public/private keypair... how does
that work?
> The application is free to do whatever it wants with these objects,
> given sufficient authentication to the card (PIN). Technically, there is
> nothing CA can do to prevent you to use your X.509 keys as OpenPGP keys.
I think I might have seen something like that with a Thawte Freemail
root certificate or something... it wasn't pretty :(
(eh, I think I just answered my own question, but I still don't "get it"...)
--
Alphax | /"\
Encrypted Email Preferred | \ / ASCII Ribbon Campaign
OpenPGP key ID: 0xF874C613 | X Against HTML email & vCards
http://tinyurl.com/cc9up | / \
More information about the Gnupg-devel
mailing list