The best practice of master/sub key capabilities

[Peter Lebbing]

On 20/08/15 17:01, Peter Lebbing wrote:
> Most importantly, it's generally advised not to do encryption and 
> signing with the same key material.

This is just a general recommendation, and abusing the fact a key is
used for both encryption and signatures is an intricate matter. But
since OpenPGP supports subkeys, the matter is easily avoided completely
by using a separate subkey for encryption, so it's a good idea to do so.

But it suddenly dawned on me you might have an actual issue when you
assign both Sign and Authenticate capabilities to a key! Authentication
is pretty much proving that you can sign what the server sends you. It
might be the case that these signatures can actually pass for data
signatures or key certifications! I don't think RFC 4880 says anything
about authentication (except when used to refer to data signatures and
key certifications). Checking the OpenPGP Card Specification 3.0, it
would seem that the key in the Authenticate command can indeed issue
signatures, since the PKCS#1 padding is identical to the Sign command,
and there is no check on the signed data.

It seems like a genuinely bad idea to assign Authenticate capability to
a key that has Certify or Sign set. Even if GnuPG or GPG-Agent does
checks to catch abuse, it's just asking for trouble that is easily
avoided, in my opinion.

HTH,

Peter.

-- 
I use the GNU Privacy Guard (GnuPG) in combination with Enigmail.
You can send me encrypted mail if you want some privacy.
My key is available at <http://digitalbrains.com/2012/openpgp-key-peter>