File Encrypted with Primary key

Peter Lebbing peter at digitalbrains.com
Mon Aug 22 18:34:54 CEST 2016


On 22/08/16 16:45, Scott Linnebur wrote:
> Any idea why MoveIt would be encrypting this way?

I thought OpenPGP-compliant implementations were required to respect the key
flags, but on scanning the OpenPGP RFC (I took RFC 4880), it does not seem to be
the case. That is, it is not required that compliant software encrypt to an
encryption-capable key. But perhaps I missed the relevant part where it said it
is a MUST/SHOULD NOT requirement...

I did find this statement:

> * Many security protocol designers think that it is a bad idea to use
>   a single key for both privacy (encryption) and integrity
>   (signatures).  In fact, this was one of the motivating forces
>   behind the V4 key format with separate signature and encryption
>   keys.  If you as an implementer promote dual-use keys, you should
>   at least be aware of this controversy.


> And in addition…why does GPG
> decrypt the file correctly?

I'm surprised that GnuPG will happily decrypt with a key that does not have the
Encrypt capability set. But perhaps it is precisely because OpenPGP-compliant
software is allowed to ignore key usage flags.

I might be a bit out of my league with this particular problem. I have no hard
answers.

But when it is confirmed that it is intended behaviour of GnuPG, perhaps the
problem is that "camel" is too strict. And perhaps they actually want to be; it
could be intended behaviour of "camel". In that case, "camel" and "MoveIt" are
simply incompatible.

HTH,

Peter.

-- 
I use the GNU Privacy Guard (GnuPG) in combination with Enigmail.
You can send me encrypted mail if you want some privacy.
My key is available at <http://digitalbrains.com/2012/openpgp-key-peter>



More information about the Gnupg-users mailing list