Key with no signing possibilities
Janusz A. Urbanowiz
alex@syjon.fantastyka.net
Thu Dec 12 11:50:08 2002
On Tue, Dec 10, 2002 at 05:25:08PM +0100, Johan Wevers wrote:
> Janusz A. Urbanowiz wrote:
>
> > This is why there's option to disclose a message's symmetric session key.
>
> I know. I hope the governments in question (most notably the UK one) know
> how to use the session key and still don't demend the secret encryption key.
> But the same is true when you only give them the encryption key. I think in
> practice they'll just confiscate the computer and demand all passphrases.
> Being able to protect the signing key is then rather unimportant compared to
> the rest of the damage.
<half jokingly> Why they should? When you'll be decrypting the session key
they plant you a bug in the keyboard or place a TEMPEST van nearby. Then no
point in asking for your passphrase.
Have you lately checked all your machines for small but visible $80
keylogger from thinkgeek?
Alex