Multiple GPG public keys with one private keys
MFPA
2014-667rhzu3dc-lists-groups at riseup.net
Sun Aug 30 14:59:59 CEST 2015
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Hi
On Friday 28 August 2015 at 3:02:44 PM, in
<mid:CAE-c3me=SVzwxmzy-f9Fno5ujNOLMO+etYLEJE2GVLxHZ2fAPg at mail.gmail.com>,
Dionysis Zindros wrote:
> You can have multiple public/private key pairs for your
> public identities. Then you can maintain a secret
> public/private key pair that links your identities
> together. Encrypt the private keys of your public
> identities with the public key of your secret identity
> and publish them. Then all you need to decrypt any
> message sent to the public key of any of your public
> identities is the private key of your secret identity.
> Simply use your secret identity private key to decrypt
> the secret key of your public identity (which is a
> published encrypted message) and subsequently use that
> private key to decrypt the message that was
> communicated to you.
Interesting use of "simply". That procedure sounds far more
complicated than storing your various secret keys on your keyring and
having GnuPG use them in the normal way. I'm not sure what you gain in
return for the increased complexity.
> Finally, mathematically, in the bitcoin world, we've
> seen hierarchical deterministic keys. I see no reason
> why they could not be adopted in GPG also,
I did a quick search for "hierarchical deterministic keys" and found
<https://bitcoinmagazine.com/8396/deterministic-wallets-advantages-flaw/>.
Which tells me that if the parent public key is published and one of
the child secret keys is leaked, the parent secret key can be
calculated. So the parent key and all possible child keys are
compromised by the compromise of just one child secret key.
- --
Best regards
MFPA <mailto:2014-667rhzu3dc-lists-groups at riseup.net>
Don't learn safety rules by accident...
-----BEGIN PGP SIGNATURE-----
iQF8BAEBCgBmBQJV4v5ZXxSAAAAAAC4AKGlzc3Vlci1mcHJAbm90YXRpb25zLm9w
ZW5wZ3AuZmlmdGhob3JzZW1hbi5uZXRCM0FFN0VDQTlBOEM4QjMwMjZBNUEwRjU2
QjdDNzRDRUIzMUYyNUYwAAoJEGt8dM6zHyXwTgoH/19c4d2Lu0cHzAQbG0UR2MIS
Qv95wZOKVQA4xOKhLqzVJdqnTjT/YChEpqWmdmrMPRM5o0z1oFhrZZEFPZZheC4s
yxMMEhKuWkFfXQxUFhGr20aFropE2bvl4FJFD95NcPvLTUIUvnT/qhZkZm8AAKal
NxlwyVQVBvt4q2xH8UOXEyg359sOu96H1wr8sCuTJmkhcOb2Zy4jWPNycYTbKT1v
cm5jKbQ+WLizzYtCf7LeGbDelAk2GbJFNkw98ha8K97GTuJLxNyFHhQXTf6dAYgu
uMZYSEd6OLvIhH4AOO2W2NtAlNbC2rDIJWiOhCiSJ2GLp3JxsxCwlSrG6ohc6WOI
vgQBFgoAZgUCVeL+Y18UgAAAAAAuAChpc3N1ZXItZnByQG5vdGF0aW9ucy5vcGVu
cGdwLmZpZnRoaG9yc2VtYW4ubmV0MzNBQ0VENEVFOTEzNEVFQkRFNkE4NTA2MTcx
MkJDNDYxQUY3NzhFNAAKCRAXErxGGvd45A5kAQC4DsSElGnzjlF56Y5kF/e4fqLf
+Owzf1f/E34bYz3ULgD9GGeFxYhh8rwBQcVFvvdSHWsGp0rHOvnV01DDGHyaKQI=
=QycK
-----END PGP SIGNATURE-----
More information about the Gnupg-users
mailing list