Why create offline main key without encryption capabilities

Hauke Laging mailinglisten at hauke-laging.de
Sun Jun 1 21:26:47 CEST 2014


Am So 01.06.2014, 21:12:49 schrieb Suspekt:

> > There are certain risks using the same RSA key for encryption and
> > signing. If you make a blind signature over data someone supplied
> > then you unintentionally decrypt the data (and send it back).
> 
> I don't get it. Decrypting data by signing it?

http://en.wikipedia.org/wiki/Blind_signature#Dangers_of_blind_signing

I just remembered that and didn't read it again before mentioning it. It 
seems I have misunderstood it so that this is not a real-world problem 
(as NdK pointed out).


> Thats a good point! Also it will be interesting to explain the judge
> the details of PGP, main keys and subkeys ;)
> Probably we have to get an expert from the CCC for that

I don't see any legal approach in Germany to force somebody to give his 
decryption key to the police. Don't forget that the police would not 
even need the decryption key to decrypt a certain message. You can give 
them the session key for this message.


Hauke
-- 
Crypto für alle: http://www.openpgp-schulungen.de/fuer/unterstuetzer/
http://userbase.kde.org/Concepts/OpenPGP_Help_Spread
OpenPGP: 7D82 FB9F D25A 2CE4 5241 6C37 BF4B 8EEF 1A57 1DF5
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 490 bytes
Desc: This is a digitally signed message part.
URL: </pipermail/attachments/20140601/318367c1/attachment.sig>


More information about the Gnupg-users mailing list