recover private key

Robert J. Hansen rjh at sixdemonbag.org
Tue Jan 13 14:45:32 CET 2009 

(This email is for jakse, although I'm responding to Faramir's email.)

> And by the way... why do you all sign your messages here? I'm not sure i
> have understood the signing idea completely? it is to make sure that the
> reader knows the sender is the person he/she says he/she is!? right!?

An ideal signature requires four things:

	1.  Your recipient knows you
	2.  Your recipient trusts you
	3.  Your recipient has verified your key fingerprint
	4.  Your recipient trusts your computer has not been hijacked

The more of these requirements that are missing, the less utility there
is in a signature.  If I send a signed email message to, say, Faramir,
well ... Faramir barely knows me at all.  I don't know if he trusts me.
 (I'd be surprised if he did; it's not like I ever bought him a beer.)
He hasn't verified my key fingerprint, either directly or through the
WoT.  And in an era where 20%+ of all desktops are hijacked, how can he
be sure of #4?

Add up all the ways in which we're departing from the Platonic ideal and
you can tell that my signature on a message to Faramir really counts for
astonishingly little.  Signing posts to a mailing list is much the same:
of all the people who receive it, hardly anyone will know you, trust
you, or have verified your fingerprint.

Usually when people sign mailing list posts they are doing one of three
things:

	1.  Testing their system to make sure everything works
	2.  Making a small public show of support for our right
	    to use strong cryptography
	3.  Grossly misunderstanding the utility of their
	    signature

#1 and #2 are both great ideas and I'm all in favor of it.  It's okay to
 sign your messages if you're doing so to make sure that you understand
how it's done.  Someday you'll need signatures, and when that day comes
the practice will pay off.  Likewise, showing public support for email
cryptography is a Good Thing and should be encouraged.

Unfortunately, #3 is true much more often than it's not.

Probably the biggest myth about signatures is they provide either
repudiability by proxy.  Even very intelligent and experienced users
fall victim to it.  A lot of people will say, "I sign everything so that
if later on someone tampers with my messages I can prove I didn't write it."

Unfortunately, digital signatures don't provide this capability.

Imagine that I'm back in grad school teaching a class and I give a
student a poor grade.  The student decides to get revenge on me by
posting to notorious white supremacist message boards in my name, then
conveniently blows the whistle on "my" activities.  I get hauled into
the Dean's office where I get told I'm being suspended pending the
investigation.

"But I didn't write those!" I say.  "I sign absolutely everything!  Were
those messages signed?  They were either missing a signature or had a
bad signature, right?  Clearly, obviously, I didn't write them!"

"Ah," the Dean answers, "but you're a smart guy, Rob, and you're smart
enough to have deliberately omitted a signature, or put a bad one, on
incriminating messages you wanted to later repudiate.  The lack of your
signature, or the presence of a bad one, doesn't prove anything about
whether you wrote it.  Sorry.  We'll have the investigation wrapped up
by next semester."

More information about the Gnupg-users mailing list