Toggle the authenticate capability

Roy A. Gilmore rag at ragged-software.com
Mon Dec 5 17:07:01 CET 2016 

Hi Peter,

Well, that got me thinking, and, I generated some dummy keys with gpg
from gnupg-1.4.21-1.fc24.x86_64, gpg2 from gnupg2-2.1.13-2.fc24.x86_64,
and neither gpg or gpg2 enabled the authentication capability on the
signing key. However, when generating dummy a key with enigmail from
thunderbird-enigmail-1.9.6-1.fc24.noarch, enigmail does enable the
authentication capability on the signing key. This is NOT because of
gnupg defaults, this is problem with enigmail. I still wish there was an
easy way to turn off this capability on existing keys.

Thank you,

Roy A. Gilmore

On 12/05/2016 03:18 AM, Peter Lebbing wrote:
> On 05/12/16 00:09, Andrew Gallagher wrote:
>> Mathematically, authentication is just a special case of
>> signing, so having both S and A on a subkey does not introduce extra
>> vulnerabilities (that we know of).
> Mathematically, I think you're wrong, it's very vulnerable :-).
> Authentication is signing the challenge sent to you by someone else,
> signature is signing the data you wish to approve of in some way. So if
> I can send you a challenge that would turn into a nice signature of you
> authorizing a bank payment to me, that would be easy money.
>
> However, in practice, a challenge has a different format than a data or
> key signature, and they can be differentiated. This isn't math, though.
> For RSA, you still do the modular exponentiation of RSA.
>
> When I brought up the issue some time ago here, I got no response, so I
> concluded it's not a problem. I was worried that some future
> authentication mechanism might actually produce the same data structure
> as a normal signature, but the lack of shared concern made me think it's
> probably not an issue then.
>
>> in such cases it's safer to revoke the key and start
>> again.
> If this is a signature /subkey/, they can be rotated willy-nilly. Expire
> the current signature key, create a new one and delete the private part
> of the old signature key. It doesn't need to be revoked.
>
> Which defaults produce an authentication-capable key by the way? I don't
> remember seeing that.
>
> HTH,
>
> Peter.
>

More information about the Gnupg-users mailing list