Security Concerns

[MindFuq]

* James A DePrisco <james@brocs.org> [2002-11-03 19:04]:
> Hello, I am a newbie and I have a few questions:

Your questions aren't GPG specific, but I'll answer anyway.

> I set up my gpg using the online manual, so I used all the defaults.  I have 
> read a little about how GnuPG works and I understand that breaking the code 
> on an encrypted file is pretty near impossible.  My question is about the 
> signed files and emails.  If I send an email or file that is signed, but not 
> encrypted, isn't this a little dangerous?

Not at all.  Clearsigning is merely hashing the message, encrypting
the hash using your private key, ascii armoring this, and appending it
back onto the message.  You're not compromizing any sensitive
information, unless the message itself contains something sensitive.
Then in that case, it's dangerous.

> My concern is that don't you give 
> out some information on your private key if you sign it?  I am not big on the 
> math, so any pointers you have on how to do this safely would be appreciated.

By clearsigning, you're not revealing anything about your private key,
other than who the owner is.  ie. I can intercept and copy your
signature, paste it into the window at www.pgpdump.net, and it will
reveal the keyID of the public key needed to verify it.  I could then
look on the key servers and find out that the key belongs to you, and
thus, verify the message came from you.

So the only danger would be if you needed to send a message to someone
anonymously (maybe using an anonymous remailer) so that no
evesdroppers could know your identity, but such that the receiver
needed to verify your identity.  In this case, it would not work.  You
would have to encrypt your signature w/in the message.  If you
clearsign an anonymously remailed message, then anyone who has your
public key or anyone who can retrieve it from a keyserver can verify
that you sent the message.

That unusual strange corner case is the only real issue with
clearsigning.  I recommend encrypting whenever possible.  If you only
encrypt the messages that need disclosure protection, then your
adversary will know what messages to attack.  

Nicky Scarfo (a New Jersey mobster) is learning this the hard way
right now.  He only encrypted the data he cared to hide, so the FBI
knew what data to attack.  They sniffed his password, and decrypted
incriminating evidence.
  
> Perhaps the fact that I have the primary key and the sub key assure my 
> protection.

If you and *only you* have your private keys; only then is your
protection assured.  If someone else gets your private key and your
password, they can forge messages posing as you.

> Also, I have never used an unattached signature file.  What is this and do I 
> need one?

If you sign a binary, your signature must be detached.  Otherwise, it
doesn't matter.