what is the use of signing keys?
Disastry@saiknes.lv.NO.SPaM.NET
Disastry@saiknes.lv.NO.SPaM.NET
Mon Oct 15 19:12:01 2001
-----BEGIN PGP SIGNED MESSAGE-----
Hash: RIPEMD160
Owen Blacker wrote:
> > > The key has no encryption subkey, it was revoked immediately on
> > > creation.
> >
> > Why didn't you simply remove the encryption sub key after key
> > creation?
>
> Makes a point. Seeing it revoked at N seconds after creation is more
> provable than it not being there, I'd guess.
you're worng. it's less provable.
seconds means nothing - one can set computers clock as needed.
your key looks like you have applied revocation certificate,
which was generated N seconds after creation ;->
I think only proof that it was used for encryption is encrypted message with that key.
and one can make such message!
its very easy to remove revocation packet from key and use it for encryption.
but if there is no subkey at all, noone can encrypt to it.
> > And why didn't you simply generate a DSA (sign only) key in the
> > first place instead of a DSA/ElGamal key?
>
> Because the key was generated in PGP under Windows 2000 (which doesn't,
> to my knowledge, provide such an option),
indeed it provides.
It can make DSA/DH key and then delete DH (Elgamal in fact) subkey.
This is *exactly* the same as generating DSA (sign only) key.
> - --=20
> Owen Blacker | Senior Software Developer and InfoSecurity Consultant
__
Disastry http://disastry.dhs.org/
http://disastry.dhs.org/pgp <----PGP plugins for Netscape and MDaemon
^--GPG for Win32 (supports loadable modules and IDEA)
^----PGP 2.6.3ia-multi05 (supports IDEA, CAST5, BLOWFISH, TWOFISH,
AES, 3DES ciphers and MD5, SHA1, RIPEMD160, SHA2 hashes)
-----BEGIN PGP SIGNATURE-----
Version: Netscape PGP half-Plugin 0.14 by Disastry / PGPsdk v1.7.1
iQA/AwUBO8r5eTBaTVEuJQxkEQNEKACfQLdKIuq4V7WhkQyzdeeGFd4woGIAoNSP
h+qPTP5A2J2Ia0rMloPwLdQh
=lETF
-----END PGP SIGNATURE-----