rotating encryption sub keys
David Shaw
dshaw at jabberwocky.com
Fri Aug 28 03:49:22 CEST 2009
On Aug 27, 2009, at 6:03 PM, Joseph Oreste Bruni wrote:
> Would it be considered a best practice to rotate encryption subkeys
> on an annual basis, or would that be considered overkill for most
> uses?
It depends on what you're trying to do. :)
> I realize that messages are encrypted using ephemeral session keys
> which in turn are encrypted with public keys. Considering the small
> amount of data (i.e. sessions keys) being encrypted using public
> keys, are ciphertext attacks really even feasible?
Not really, no. I wouldn't rotate encryption keys for that reason,
but there are other reasons that might be more useful for you. For
example, if, when you make a new subkey, you also destroy the old one,
you give yourself forward security. All messages that were encrypted
to the earlier key cannot be decrypted by anyone (including you). At
an extreme, you could use a new encryption subkey per-message
(something which the keyserver operators would no doubt be thrilled
about). This is not generally useful, though, as most people do want
the ability to go back and review their old messages.
Incidentally, there have been proposals to add forward security
extensions to OpenPGP. See http://www.apache-ssl.org/openpgp-pfs.txt
David
More information about the Gnupg-users
mailing list