1024 key with 2048 subkey: how affected?

Hauke Laging mailinglisten at hauke-laging.de
Sat Jan 21 16:41:29 CET 2012

Am Freitag, 20. Januar 2012, 21:15:29 schrieb Chris Poole:

> The encryption and signing is still being done by the subkeys, so is
> it simply that they're signed by the parent 1024-bit key, and this key
> is easier to fake?

Yes. If the main key is compromised then

a) certifications for other keys can be forged (of course, anyone being 
attacked by that could see that the key whose certification he is going to 
rely on is that short)

b) new subkeys for that key can be created

If the attacker is capable of a man-in-the-middle attack then he can send the 
compromised key when the attacked person makes a keyserver update. This way 
noone would notice the manipulation (not even the key owner when checking 
what's on the keyservers). Afterwards data would be encrypted to the wrong key 
and signatures by the attackers subkey would be accepted.

Another attack szenario is that the whole key can be revoked when you need it. 
People do not send you important, urgent information because they do not have 
a valid key to encrypt to. Or you have to sign something in time but do not 
have a key which is accepted be the recipient.

PGP: D44C 6A5B 71B0 427C CED3 025C BD7D 6D27 ECCB 5814
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 555 bytes
Desc: This is a digitally signed message part.
URL: </pipermail/attachments/20120121/6252583c/attachment.pgp>

More information about the Gnupg-users mailing list