Use of two private/public key pairs, Sign only and Encrypt only

Robert J. Hansen rjh at sixdemonbag.org
Fri Sep 27 15:56:03 CEST 2013


On 9/27/2013 9:39 AM, Hauke Laging wrote:
> I doubt that anywhere in the civilized world you can legally be 
> forced to enable the police to forge your signature.

Arguably, the United Kingdom.  The Regulation of Investigatory Powers
Act of 2000 (RIPA) can be used to compel you to turn over the encryption
key used for a message.  Normally the police are satisfied with getting
the symmetric key used to encrypt the message, but there's nothing in
RIPA that requires them to limit themselves to that.  They could instead
require the RSA key involved, and odds are fairly good a judge would
uphold this demand.

If you have an RSA sign-and-encrypt key, then by doing so you've just
enabled the police to forge your signature.  What's worse is that
revoking your key could be seen as tipping off your correspondents to
the police's activities, and that's a serious offense under RIPA.





More information about the Gnupg-users mailing list