Migrating keys (fwd)
dec at io.com
Thu Nov 27 17:11:11 CET 2003
On Thursday, Nov 27, 2003, at 16:13 US/Pacific, David Shaw wrote:
>> i knew this would get confusing....
>> let's see... bob has his key signed by alice. i know alice, and i
>> her signature on bob's key. then bob goes and get's abducted by
>> aliens (or
>> the mob, MIB, etc) and they have enough computing power to recover his
>> 1024 signing key, but not his 2048 encryption key. (or, maybe bob was
>> using one of the faulty ElGamal keys as a primary key?)
>> now, the aliens (or the mob, MIB, etc) set their computer's clock to
>> time *before* alice's signature (setting the time to the past is
>> but may be useful in some circumstances). then they generate a new
>> encryption sub-key and (self) sign it with bob's signing key,
>> to be bob. if they set their clock back, it would appear that the new
>> sub-key was known to alice (who i trust).
> No. When you sign a key, you sign the primary, and you sign a user
> ID. You do not sign a subkey, and thus you are not making a statement
> in any way, shape, or form about the number, quality, or otherwise of
> the subkeys. Don't read too much into what a key signature means.
> Key signatures have exactly nothing to do with subkeys.
And, to complete the story, since THEM broke the signing key, THEM can
imitate Bob's signature to their heart's content and you will believe
the lie (and so will Alice) until a mistake is made and someone draws
attention to that with a revoke. The advantage to THEM in creating the
new sub-key is only to tempt you not to use the old one (which THEM
cannot decrypt) & thus reduce the chance that you will find the error
before Alice does.
(1) Gpg cannot protect against a compromised key until somebody knows
that it has been compromised. If it could, there would be no need to
revoke type 20 ElGamals.
(2) Alice can only warrant that she checked Bob's identity to match the
key. It says nothing about who else has access to that key. The
scenario remains the same if Bob voluntarily gives his key to THEM
before getting it signed by Alice.
More information about the Gnupg-users