Fwd: Seperate RSA subkeys for decryption and signing or one for both?

Nicholas Cole nicholas.cole at gmail.com
Tue Dec 4 20:11:18 CET 2012


Meant to post this to the list. Blame gmail.


---------- Forwarded message ----------
From: Nicholas Cole <nicholas.cole at gmail.com>
Date: Tue, Dec 4, 2012 at 7:10 PM
Subject: Re: Seperate RSA subkeys for decryption and signing or one for both?
To: Hubert Kario <hka at qbs.com.pl>


> How do you propose an attacker could force me to sign data I already
> encrypted?

I think the attack merely specifies a chosen text - but at any rate,
the point is that there might be a system (eg. a badly designed
time-stamping service) that might naively sign data supplied by an
attacker, and in those cases having a signing and encryption key that
are the same would be a Bad Idea.  Note, though, that PGP 2.6.3 did
use the same key for both; the attack is a (mostly) theoretical one.



More information about the Gnupg-users mailing list