Create Subkey Binding
Fri Jan 24 16:27:02 2003
-----BEGIN PGP SIGNED MESSAGE-----
David Shaw wrote:
> Let me make sure I understand what you are trying to do - you have
> a secret/public keypair that has no subkey binding, so you want to
> add a binding to the subkey so you can use it. There is no easy
> way to do this, as GnuPG obviously wants to reject an
> invalid/corrupt subkey. You'd have to patch the code to override
> the checks and force GnuPG to put a binding signature in place.
Yes, that's what I want to do.
> I took a look at s-mail.com, and it looks rather similar to
> hushmail. Was the key generated by s-mail.com and exported to you?
> without bindings are not at all secure since any random person can
> insert one and become a man in the middle.
Yes, it seems similar to hushmail in concept. I've never used either
of them before yesterday. The key was generated by a Java applet on
my machine and sent to s-mail via SSL. All client/sever transactions
are encrypted by SSL. I went to their export secret key page, and it
gave me a PGP keyring (.skr file).
I'm not really too interested in using s-mail. I'm perfectly capable
of doing PGP messages the way I have been. However, a contact of mine
has created an s-mail account and I'm interested in exchanging
encrypted and signed mail with him.
I realize that subkeys without bindings are insecure. However, in
this senario, a MITM attack isn't needed. To replace this file as I
was downloading it probably means they have access to my secret key
anyways. And, if they've broken the SSL to do that, they also have my
passphrase that I sent to s-mail in the same transaction.
-----BEGIN PGP SIGNATURE-----
Version: PGP 7.0.4
-----END PGP SIGNATURE-----