key-signing and stolen subkeys

David Shaw dshaw at
Sun May 23 17:54:12 CEST 2004

On Sun, May 23, 2004 at 11:35:50AM -0400, Atom 'Smasher' wrote:

> > > if step 2 isn't observed... mallory offers to exchange key
> > > signatures with alice. mallory offers alice a string, and asks
> > > her to prove her possession of the secret signing key by signing
> > > that string. alice signs the string, without including any
> > > comments about what that string signifies, and sends that signed
> > > string back to mallory. mallory can now use that signed string
> > > to "prove" his possession of the signing key, by offering the
> > > same secret to multiple people.
> >
> > Not if the person is issuing the challenge properly.  Challenges must
> > be random.  When someone challenges Mallory to prove he can issue
> > signatures from Alices key, the challenge string will not match the
> > challenge that Alice signed.
> ==================================
> mallory has to use the same challenge and present it _as_if_ it is unique
> for each person he's exchanging key signatures with. if the string appears
> random (as above), many people will _assume_ that it's unique.

Mallory doesn't issue the challenge.  The person who Mallory wants to
sign his or Alice's key issues the challenge.

A challenge is of no use to someone else since Mallory doesn't get to
issue it in the first place.


More information about the Gnupg-users mailing list