dh key exchange via ascii email?

Peter Lebbing peter at digitalbrains.com
Sat Mar 23 20:30:23 CET 2013

I hadn't quite picked up on the "forward secrecy" bit in your original mail.

On 23/03/13 20:14, Ileana wrote:
> However possibly less annoying the generating new PGP keys and sending those
> back and forth (with over head of having to sign each new key

Using subkeys, you can skip the signing. Just create throwaway encryption
subkeys but don't change the primary key that receives the certifications.

> and managing multiple throwaway pgp keys between multiple recipients.)

I don't see any principal difference with the overhead of maintaining multiple
ephemeral symmetric keys between multiple recipients. Asymmetric keys are more
expensive to create computationally, but I think your computer will be able to
cope. And all you'd need to do is create a few wrappers around GnuPG that force
usage of the desired subkey (a bang will do that: -r 0xDEADBEEF! forces usage of
that particular subkey. You might need to quote the exclamation mark for your

If you were designing a whole new system, the DH exchange makes a lot of sense.
But I think you could easily get comparable functionality by using subkeys a bit
creatively, with OpenPGP.



I use the GNU Privacy Guard (GnuPG) in combination with Enigmail.
You can send me encrypted mail if you want some privacy.
My key is available at <http://digitalbrains.com/2012/openpgp-key-peter>

More information about the Gnupg-users mailing list