OpenPGP Card

Alphax alphasigmax at gmail.com
Tue Sep 6 17:32:52 CEST 2005


Janusz A. Urbanowicz wrote:
> On Tue, Sep 06, 2005 at 11:48:45PM +0930, Alphax wrote:
> 
>>>The application is free to do whatever it wants with these objects,
>>>given sufficient authentication to the card (PIN). Technically, there is
>>>nothing CA can do to prevent you to use your X.509 keys as OpenPGP keys.
>>
>>I think I might have seen something like that with a Thawte Freemail
>>root certificate or something... it wasn't pretty :(
> 
> 
> When Thawte signed PGP keys as a part of Web Of Trust program, they used the
> same key in both OpenPGP and X.509 form.
> 
> Why you say it wasnt pretty? An actual RSA modulus is well hidden within the
> stuff so it doesn't really matter.
> 

They converted the same key several times, so there were 3 or so keys
with the same long fingerprint, but different creation times - multiple
copies of the same key.

Is it possible to arbitrarily make an OpenPGP key with whatever keypair?

-- 
Alphax                      |   /"\
Encrypted Email Preferred   |   \ /     ASCII Ribbon Campaign
OpenPGP key ID: 0xF874C613  |    X   Against HTML email & vCards
http://tinyurl.com/cc9up    |   / \



More information about the Gnupg-users mailing list