using gpg with private keys from openssl certificates?
Robert J. Hansen
rjh at sixdemonbag.org
Wed Dec 17 23:03:46 CET 2008
> * is this a bad idea?
It is a _hard_ idea. It is not necessarily a bad or stupid idea. Like
most things, whether it's inspired lunacy or just insane depends a lot
on your particular problem domain. :)
X.509 (the standard used by freemail certs) and OpenPGP use the same
underlying algorithms, but the protocols are dramatically different.
Making them interoperate is hard, and is usually not worth it.
> * if I sign a message with that key pair, and someone challenges my
> identity, what's the best/easiest way for me to prove my identity?
Identity cannot be proven. Evidence can be presented, but someone can
always say, "no, no, I don't accept that as a form of ID." Just because
some people accept a given method doesn't make the method good, and just
because some people refuse a given method doesn't make it bad.
As an example, I recently needed to get a driver's license for a new
state. The unhelpful people at the Motor Vehicle Administration told me
I needed two forms of government-issued photographic ID, a copy of my
lease, and a utility bill in my name. I asked what they were going to
do with my lease and utility bill.
"Just check to see the name matches."
You don't call the utility company, or call my landlord, or do anything
else to check?
"No. The law doesn't allow us to. Your privacy is respected."
I stopped myself just in time before I said "-- given that pretty much
everyone has a desktop publishing setup nowadays and can forge these
documents in an hour, why do you bother demanding them if you're not
even going to check them?"
But I decided that would probably get me some Quality Time with a state
trooper, so I shut up.
> * is there a tutorial on openpgp, S/MIME, openssl certificates as to what
> the different cryptographic assertion primitives are, from the standpoint of
> a user who treats the algorithms/tools as a black box?
The best I've found is PGP Corporation's "Introduction to Cryptography."
More information about the Gnupg-users