Why create offline main key without encryption capabilities
NdK
ndk.clanbo at gmail.com
Sun Jun 1 20:05:12 CEST 2014
Il 01/06/2014 16:17, Hauke Laging ha scritto:
> There are certain risks using the same RSA key for encryption and
> signing. If you make a blind signature over data someone supplied then
> you unintentionally decrypt the data (and send it back).
Then you're using RSA the wrong way.
You should *never* apply RSA directly. Padding is important and *must*
be checked during process. Decryption and signature are the same RSA op,
but use a different padding so you can tell which op got applied.
> 2) If a signature key has expired then you may delete the private part.
> You should usually never throw away a decryption key, though, as it can
> happen that you have to decrypt data long after the public part has
> expired.
And that poses a big problem for everyone that would like to use a
smartcard for decryption...
BYtE,
Diego.
More information about the Gnupg-users
mailing list