Smartcard Support, open system security, law,( certificate sig removed)

Neil Williams linux@codehelp.co.uk
Sun Aug 24 18:47:02 2003


--Boundary-02=_ZyOS/11/K4tdWF5
Content-Type: text/plain;
  charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
Content-Description: signed data
Content-Disposition: inline

On Sunday 24 Aug 2003 4:01 pm, Erwan David wrote:
> Le Sun 24/08/2003, Werner Koch disait
>
> > On Fri, 22 Aug 2003 10:07:02 +0200 (MET DST), Johan Wevers said:
> > >> revevealed to anyone; your own smartcard contains your own key - why
> > >> would you want to crack the card then?
> > >
> > > Not you, but an attacker who finds or steals the card would.
> >
> > Thats for what revocations are used for.
>
> If your private key is on the card and you loose the card, then you
> cannot issue a revocation, since you need the private key.

You should have a revocation certificate safely stored away BEFORE you put =
the=20
private key on any 'removable' medium. The certificate is then imported int=
o=20
the PUBLIC key and sent to keyservers. Job Done. That's why the revocation=
=20
certificate needs to be protected as well / better than your private key.
http://www.gnupg.org/gph/en/manual.html#REVOCATION

" anybody can publish the revocation certificate and render the correspondi=
ng=20
public key useless."

You need the private key to generate the revocation certificate, but not to=
=20
use it. So generate first.

=2D-=20

Neil Williams
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D
http://www.codehelp.co.uk
http://www.dclug.org.uk

http://www.biglumber.com/x/web?qs=3D0x8801094A28BCB3E3

--Boundary-02=_ZyOS/11/K4tdWF5
Content-Type: application/pgp-signature
Content-Description: signature

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (GNU/Linux)

iD8DBQA/SOyZiAEJSii8s+MRAle+AKDfyRmMkO+THBrbJ9N1dxdMiVZvVACgkZNt
YM6BimEXRkVrF+niSz2aLwk=
=Be9h
-----END PGP SIGNATURE-----

--Boundary-02=_ZyOS/11/K4tdWF5--