secret key vs pubblic key
stakanov at freenet.de
stakanov at freenet.de
Mon Jul 7 17:36:00 CEST 2014
Hi.
I once encountered the following situation.
One of my contacts did send his/her private key on the public key server. Claiming that this was his/her public key. Funnily enough I did import that key and did not get aware it was a secret key. And as far as I remember it worked to decrypt her messages.
First question: was this possible because you can decrypt messages from a counterpart also with his/her private key (having it imported from a key server) using your private key? Or (I do sincerely not remember) did s(he) send me the public key separately maybe and this is why I was able to decrypt)
Kgpg has a very strange policy in communicating the import of a key. It always speaks of "secret key" imported whether this is a public or private key At least in opensuse when you do "export your public key" and "export your secret key" both will have the same aspect AFAIC (name.asc). Is this intentional and could this be changed to make things like this happen less? (Note: more people will use encryption so the level of knowledge of the program is to be expected to lower not to get higher at least statistically. It is true that in the most recent version of kgpg this has changed and a dialogue should make people understand they are exporting a private key (at least when exporting to a file, however, I do not know if this warning happens also when people export to a key-server).
That brings me to this question: is there a way, once I have to keys let us say "Paul.asc" a public one and "Paul.asc" a private one that should not have been exported, to understand immediately what kind of key is this. What would be the command on the command line?
Last question:
why a does a key server for public keys accept "private keys" anyway? Isn't there a way in the infrastructure to block those errors from the very origin?
Thank, you.
---
Alle Postfächer an einem Ort. Jetzt wechseln und E-Mail-Adresse mitnehmen! http://email.freenet.de/basic/Informationen
More information about the Gnupg-users
mailing list