paperkey // ? feature request
Moritz Schulte
mo at g10code.com
Wed Feb 11 00:36:08 CET 2009
> the latter cannot be attacked without the keypair and the
> passphrase,
Keep in mind that we are talking about a hybrid crypto system. Your
hidden assumption seems to be that the session key which is generated
during encryption to a public key is not worth attacking. Then, nothing
prevents you from using that session key together with a symmetric
crypto system directly.
In a way, the public-key crypto system is a layer on top of a symmetric
crypto system, which tries to solve the key distribution problem. When
you don't want to distribute keys -- and that's how I understand you --
it doesn't make much sense to use it.
mo
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 260 bytes
Desc: OpenPGP digital signature
URL: </pipermail/attachments/20090211/88c4d2ab/attachment.pgp>
More information about the Gnupg-users
mailing list