key-signing and stolen subkeys

David Shaw dshaw at
Sun May 23 16:22:18 CEST 2004

Hash: SHA1

On Sun, May 23, 2004 at 01:19:33AM -0400, Atom 'Smasher' wrote:
> with the recent discussion about attacks against keys and irresponsible
> signing protocols, i'd like to enter this observation...
> make sure that the signed secret can't be "recycled" and used in an attack
> by including a note in the signed material:
> 	----begin signed stuff----
> 	this secret - "2Oj8otwPiW"
> 	is being used by alice (0x123) and mallory (0x456)
> 	to verify each others encryption and signing keys
> 	may 2004
> 	----end signed stuff----
> if step 2 isn't observed... mallory offers to exchange key signatures with
> alice. mallory offers alice a string, and asks her to prove her possession
> of the secret signing key by signing that string. alice signs the string,
> without including any comments about what that string signifies, and sends
> that signed string back to mallory. mallory can now use that signed string
> to "prove" his possession of the signing key, by offering the same secret
> to multiple people.

Not if the person is issuing the challenge properly.  Challenges must
be random.  When someone challenges Mallory to prove he can issue
signatures from Alices key, the challenge string will not match the
challenge that Alice signed.

Version: GnuPG v1.3.6 (GNU/Linux)


More information about the Gnupg-users mailing list