back signatures

Alphax alphasigmax at gmail.com
Sat Nov 5 07:09:40 CET 2005


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

David Shaw wrote:
> On Fri, Nov 04, 2005 at 10:15:16PM +0300, Pawel Shajdo wrote:
> 
>>Salve!
>>Can somebody explain me what is "back signatures"?
>>Manual not very clear about this.
> 
> 
> It's a countermeasure against an attack against signing subkeys.
> Basically, the primary key signs all subkeys.  With backsigs, the
> signing subkey also signs the primary key.
> 
> Without this, an attacker can "steal" a signing subkey from someone
> else and try and pretend that a signature came from his own key.  It's
> not a particularly good attack: the attacker can't issue signatures to
> prove his ownership.
> 

Will this remove the possibility of moving subkeys from one primary key
to another / converting primary keys to subkeys (documented at
http://atom.smasher.org/gpg/gpg-migrate.txt)?

- --
Alphax                      |   /"\
Encrypted Email Preferred   |   \ /     ASCII Ribbon Campaign
OpenPGP key ID: 0xF874C613  |    X   Against HTML email & vCards
http://tinyurl.com/cc9up    |   / \
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2 (MingW32)
Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org

iQEVAwUBQ2xMo7MAAH8MeUlWAQjH6gf+KmeEkA1TrqYANLl6jWyCvVslMukZcDeI
yHFLgPT3tJY/dY+AU4mRsgcim3sd3alJan8Qz1mecEbxHHffXJCSbowagnUotx19
AP6ku/KFSC/yjF2dvttoDmmnSxWSzL9F0EoJI5O2o/xNXVaSjbR1wj+zq6Z7m84I
6R0QQguSDHmccPAtLmtdIereGuU8ai4seQI97JLD78eVM0gibR220WaTe482Bh3P
i+yNx6fMMjlGb/VB1AWTyK5b04SguGZQtKP4QQzxiAsfNvYYeRWlVuGwThrHTodd
+A30HeVql/PRkEo3ITtT8BQ6nelRikm+SDTo0Z3YCxLT7uRGzmeR7Q==
=Omcs
-----END PGP SIGNATURE-----



More information about the Gnupg-users mailing list