Seeking clarification with a few GPG concepts

Hauke Laging mailinglisten at hauke-laging.de
Wed Aug 13 12:30:00 CEST 2014


Am Mi 13.08.2014, 11:57:12 schrieb pzeudo at hushmail.com:

> updated public key to everyone she's in contact with. Then, for some
> reason, Alice joins aforementioned company again, re-gaining control
> of her mail address uid2 at company.com. Can she add a new UID of the
> same name "Alice <uid2 at company.com>" to her gpg key again? I
> understand that she would not be able to re-use signatures she
> collected on her "old" UID on her "new" one, but would have to start
> building trust from scratch. But still, is it possible to do so, or
> would the revocation of the "old" uid2 also immediately apply to the
> "new" uid2?

"The UID" is not the packet data in the OpenPGP certificate but the 
string "Alice <uid2 at company.com>" i.e. the same string is the same UID 
and cannot be created twice in a certificate.

You can create a different UID by changing a single char though (e.g. 
add a comment).

But it is possible to reactivate the old UID. You can delete the 
signature (i.e. the revocation) and create a new one. The signature is 
newer than the revocation thus the UID is valid again. Unfortunately you 
cannot rely on this as the RfC does not enforce using the newest 
signature but GnuPG behaves this way.

If you reactivate a UID then you have the old third party signatures 
again (if they haven't expired yet).


> subordinate keys, say for her notebook and mobile phone.

That does not make sense, at least not with the current version of 
OpenPGP.


> she say that the mobile phone should be able to sign/decrypt only for
> uid1 at alice.com?

Signing and decrypting are key operations not UID operations. Subkeys 
belong to a certificate as UIDs do. You cannot enforce an association 
with a certain UID.

It is a bad idea to mix e.g. private and business addresses in the same 
certificate anyway. That should be done with "equal" addresses only to 
(also) avoid such problems.


> which pubic key does he encrypt the message with?

Usually the valid subkey (if there is one) with the newest self-
signature. But the RfC does not enforce this.


> assume the sender, by default, would simulatenously use all
> encryption keys (master or subordinate) he knows of, so that the
> message can be decrypted with any one private key. Is that the case?

No. Though – again – I think it would not violate the standard. But 
usually there is only one valid subkey at a time anyway.

You can enforce the usage of certain (sub)keys but this is not going to 
work with current mail clients:

gpg --armor -r 0x12345678! -r 0x87654321! --encrypt


> Can the sender choose to only encrypt using one of the keys, e.g. to
> make sure Alice doesn't read the message on her phone,

This is IMHO an urgently needed feature but not possible (i.e. there is 
no standard for it) today. I have written a German article about that:

http://www.crypto-fuer-alle.de/wishlist/securitylevel/


> What happens if a subordinate key of mine expires? Can I just generate
> a new one and let people know? Or would I also have lost
> trust/signatures of my identities gathered in the past?

You can replace subkeys or extend their validity period.

Subkeys and third party signatures are not related (today – one more 
problem). The signatures are made over the combination of public mainkey 
and one of the UIDs.


Hauke
-- 
Crypto für alle: http://www.openpgp-schulungen.de/fuer/unterstuetzer/
http://userbase.kde.org/Concepts/OpenPGP_Help_Spread
OpenPGP: 7D82 FB9F D25A 2CE4 5241 6C37 BF4B 8EEF 1A57 1DF5
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 490 bytes
Desc: This is a digitally signed message part.
URL: </pipermail/attachments/20140813/5c77b3f8/attachment.sig>


More information about the Gnupg-users mailing list