Encrypt & Sign
linux at codehelp.co.uk
Sat Jan 15 00:30:10 CET 2005
On Friday 14 January 2005 8:32 pm, Atom 'Smasher' wrote:
> On Fri, 14 Jan 2005, Vishal Rao wrote:
> > Also, is there a legal significance of signing clear data rather than
> > encrypted data? (Signer clearly knows what he signed) With OpenPGP or
> > PKI?
> in a techno-philosophical sense, you never *really* know what you're
> signing unless you do the math by hand...
That's disingenious Atom - the premise of the article is a rogue program.
Isn't that why we use free software? That's why we verify GnuPG carefully
before installing, why we have the source code to inspect to allay precisely
Despite what the article says, it is NOT possible for someone else to sign
this email with this key. Anyone who has had their key signed by my key(s)
will be able to determine that I consented to the signature made on this
email and it's content.
The whole point of the WoT is to tie the person to the key. Tying the person
to the key ties the person to the computer used to access the key and hence
the circle is complete.
I would challenge anyone to prove that I did not sign and consent to the
precise and complete content of the signed component of this message.
Just because someone else can create a *similar* key with no passphrase that
can be used to sign anything, doesn't mean that MY signature is any less
valid. It relies on my key being trusted. A false key can never duplicate the
trust - that is why there was so much discussion about the GD keyserver,
anything that affects key signatures is of concern. The WoT is fundamental to
how GnuPG and PGP work. If the GD had threatened to weaken the WoT, the fuss
was fully justified. As it happens, the discussion has still raised important
> Solving this problem requires a trusted signing computer
Not true. It requires trust in the key and the person identified in the key.
It also requires that you update that key to check for revocation.
I can sign my email from any computer to which I copy my secret key. Part of
trusting a key is trusting that the key holder won't do something stupid like
copy their secret key to a public location. That's why face-to-face
verification is so useful, it allows time to discuss issues and make that
All that is needed to be trusted is the key holder - that s/he can be trusted
to manage their key properly and carefully and to take reasonable precautions
against leaving their secret key somewhere that anyone else has access.
> Digital signatures prove, mathematically, that a secret value known as the
> private key was present in a computer at the time Alice's signature was
> calculated. It is a small step from that to assume that Alice entered that
> key into the computer at the time of signing. But it is a much larger step
> to assume that Alice intended a particular document to be signed.
That step is covered by revocation.
> Because the computer is not trusted, I cannot rely on it to show me what it
> is doing or do what I tell it to.
The computer does not need to be trusted, it's the keyholder and his/her
behaviour that is trusted by those who have signed the key. Both parties can
trust the code because the code can be inspected.
> without a tamperproof computer trusted by Alice,
Access to the secret key doesn't equate to compromise of the key - there's
still the passphrase. Or is he asserting that a keyboard sniffer is also
How's that different to someone copying a written signature and taking
measures, in advance, to get a usable copy?
> you can expect "digital
> signature experts" to show up in court contesting a lot of digital
All he's saying, in a lengthy and confused fashion, is that you can't trust a
signature made by an untrusted key. Wow, big news.
The key isn't trusted, so why should you trust the signatures???? You can't!
All these emails that show up in yellow in KMail (signature mathematically
valid but key untrusted) - the signatures are nice but cannot be trusted as
the key is untrusted.
I sign emails because there are people out there who HAVE signed my key and
had their key signed with mine. They are the only ones who can truly say that
my signatures are genuine and reliable. They know me, they have all met me
(those who are cross-signed) and all talked about how keys are handled and
used. Others on this list will be able to trust my key because of people they
have met. For everyone else (including you, Atom), my signatures are useful
but cannot be used to prove that I sent it - only that the signature is valid
but you cannot trust the key.
It isn't enough that I can encrypt to those people, they need to know that it
is ME sending the information, not just that someone has got their public key
and chosen to encrypt the content with it. That's why I sign and encrypt to
those people - I know only they can read it, they know only I could have sent
None of that is possible without keysignings and the WoT.
> Why Digital Signatures Are Not Signatures
It IS better than a physical signature - he makes the point himself that a
written signature still has to be verified by an external authority - be it
the person under oath or a handwriting expert - to prove that it is a genuine
signature. Handwritten signatures are easily copied. Digital signatures
cannot be copied.
Having a perfect digital reproduction of my written signature could get you
into all kinds of situations in my place. Having a perfect digital
reproduction of my digital signature gets you nowhere.
(Some people put images of their written signature in their keys - seemed
crazy to me, as if trying to certify the key with a weaker form of
If you've been signed by my key, my digital signature is better than any
written signature. No-one can hide the content of this email from me before
signing (as you can with paper), no-one can tamper with this email and change
the content without the signature being broken (as you can with paper). You
have to know me pretty well to recognise my written signature - I sign so
many things it often changes (as my bank can testify)!
Nothing is completely secure, but the combination of the WoT and digital
signatures CAN be used to prove that a document was knowingly signed by an
identifiable, physical person who has been independently verified by multiple
other people and who is named in the key that made the signature.
What paper signature can do the same?
Of course this is a signature, it is a verifiable and tamper-proof seal
created uniquely by me and which can be uniquely tied to me as a physical
person - no matter what computers were used in the generation process.
The fact that you are not currently one of those people who CAN trust my key
is not for want of trying, you don't seem to have many signatures on your
key. I'm doing my bit, are you?
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Size: 189 bytes
Desc: not available
Url : /pipermail/attachments/20050114/9cbda653/attachment.pgp
More information about the Gnupg-users