Keys without signatures
Maria Lukas van den Berg
maria.l.vandenberg at gmx.de
Sun Mar 5 16:23:33 CET 2006
I was wondering about the following application of keys
without signatures on the public key (except the auto-
matically generated self-sig).
Assume that I create a keypair A and sign my Usenet postings
using A. I do not want to rely on any signatures on the
public key of A. Instead I define my identity via the
postings I make. This means that after I published postings
P_1 to P_n, I want to be able to do a posting P and by a
signature on P to prove that P was posted by the same person
who also posted P_1 to P_n, i.e., me. (Unless my private key
and passphrase got compromised.)
I am aware that no-one can practically generate a signature
for some posting that will validate against the public key
of A. This is the one component I need for my scheme.
However, there is a second requirement. No-one should be
able to create a second keypair B
- which has the same key ID as A,
- where signatures made with A validate against the public
key of B.
If such a key B existed, a reader not having the public key
of A could be tricked into thinking a posting signed by B
originates from the same person who also signed postings P_1
to P_n, because the signatures on *all* of those postings
validate against the public key of B.
Am I on the right track so far in recognizing the possible
weaknesses of my scheme?
If so, is it practically possible to create such a key B?
If so, what measures could be taken to enhance my scheme?
How about publishing with every posting P_1 to P_n the
fingerprint of A? At least a watchful receipient would then
realize that key B is not the right one for checking the
signatures on postings P_1 to P_n. That's unless the
attacker succeeds in creating a key B which also has the
same fingerprint as A. Is this practically doable?
And, asking further, how can I make it as hard as possible
to create a key with the same fingerprint as A? Is the
length of the key an issue? Would it, e.g., be more secure
to create a 4096 bit RSA key instead of a 1024 bit DSA key?
Thanks a lot for your answers and suggestions!
If there is a mailing list where these topics would fit
better, I'd also be interested to ask there.
Best regards, Luke.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Size: 177 bytes
Desc: not available
Url : /pipermail/attachments/20060305/11e504e5/attachment.pgp
More information about the Gnupg-users