secret key id disclosure

David Shaw dshaw@jabberwocky.com
Tue Oct 9 22:37:01 2001


--YiEDa0DAkWCtVeE4
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

On Tue, Oct 09, 2001 at 04:18:32PM -0400, chrisb@kippona.com wrote:

>=20
> Hello. Have I compromised my secret key or encryption strength
> if I have disclosed its id like this:
>=20
> pub 1024D/8066516A 2006-12-01 my name <myaddy@my.com>
> sub 1024g/GGGGGGGG 2006-12-01 [expires: 2010-12-01]
No. That's a public key (indicated by the "pub"), and may safely be disclosed as widely as you like. It does disclose several pieces of information: 1) Your name and email address ("my name" and "myaddy@my.com") 2) When the key becomes valid (2006-12-01) 3) When the key expires (2010-12-01) 4) The type of key (1024 bit DSA signing key, 1024 bit ElGamal encryption k= ey) 5) The key IDs (8066516A and GGGGGGGG) None of those pieces of information are harmful to disclose. Of course, you've replaced some of the values above with dummy values, but I'm sure you get the general idea. David --=20 David Shaw | dshaw@jabberwocky.com | WWW http://www.jabberwocky.com/ +--------------------------------------------------------------------------= -+ "There are two major products that come out of Berkeley: LSD and UNIX. We don't believe this to be a coincidence." - Jeremy S. Anderson --YiEDa0DAkWCtVeE4 Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.6 (GNU/Linux) Comment: For info see http://www.gnupg.org iQEVAwUBO8Nfa4ccwqs8s7QVAQE+Igf/aT1RgzWRVCChjUTwztxu7MA+YOr+myoT S5v1Aaahh8gDX97RlWhxRB/jMOfd5T0DHd7n3AW2KwBItXpWcA6cGyBc996Aw/BA gOt8DcUVkhddnH+Duqm3Rm4R2gKOmIEpSQNUuoKXiXu5tGFp6M6MAJ9vxHaqP5t+ kWXrtVbn1XNwg4MiaLVbfWaDlr6q3Lu11a96OPW3NS0t8QM3oYL26lOMG4j55UQU GxA+kz72E7T6D8CZjxxCr6WlRCuOm2ItTF/dobXRDJocb0+h82lDpQ+8ZPaItOuA bR2DGxomI8CjqJO9wtwpNdowYk0HANZqHnX1dO2MZo9hxiBHerkkdw== =eJXt -----END PGP SIGNATURE----- --YiEDa0DAkWCtVeE4--