paperkey // ? feature request

Moritz Schulte mo at g10code.com
Wed Feb 11 00:36:08 CET 2009


> the latter cannot be attacked without the keypair and the 
> passphrase,

Keep in mind that we are talking about a hybrid crypto system. Your
hidden assumption seems to be that the session key which is generated
during encryption to a public key is not worth attacking. Then, nothing
prevents you from using that session key together with a symmetric
crypto system directly.

In a way, the public-key crypto system is a layer on top of a symmetric
crypto system, which tries to solve the key distribution problem. When
you don't want to distribute keys -- and that's how I understand you --
it doesn't make much sense to use it.

mo


-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 260 bytes
Desc: OpenPGP digital signature
URL: </pipermail/attachments/20090211/88c4d2ab/attachment.pgp>


More information about the Gnupg-users mailing list