Questions about particular use cases (integrity verification w/o private key, add E flag to primary key, import secp256k1 key)

Robert J. Hansen rjh at sixdemonbag.org
Tue Aug 29 01:05:23 CEST 2017


> 1. Is it possible, when transporting a message from Alice to Bob,
> without holding any of their private keys, to do the following checks:
> - verify the integrity of the message and make sure it is sanitized and
> Bob can decrypt it with his private key;

No.  You can check the format of the message and ensure it's not
mangled, but that's about it.  A loose proof of this follows:

GnuPG only uses asymmetric crypto to encrypt the session key(s) for a
message.  The message itself is encrypted with a symmetric cipher using
a randomly-generated key.  A key principle of symmetric ciphers is the
output of that cipher should be indistinguishable from random noise.

So you have a message you're couriering.  To you, it appears to be
random noise.  How do you do message integrity on random noise?  If you
can distinguish correct from incorrect encrypted data, then clearly
you're able to discern information about the underlying message, which
contradicts the given that the data you're looking at is
indistinguishable from random noise.

You might be able to attach a SHA256 of the encrypted data packet, but
that only tells you if you're carrying the encrypted data packet the
sender intended -- it doesn't tell you a thing about whether the
*decrypted* message will be sensible to Bob.

So no.  Can't do this, sorry.  You can check the message format to make
sure all the packets are well-formed and make sense, but you can't do
more than that.  Only the message recipient can.

> - verify that the message was encrypted for Bob and not for anyone else
> (Alice didn't mix recipients by mistake);

Kind of, by checking the message format.

> 2. Is it possible to have just one key (the primary one, no subkey) with
> E flag also (S,C,E) -- I know this is not recommended but this is a
> particular use case and the risks are acknowledged. I guess gnupg will
> not allow you to do this by default, but is there any magic that can be
> done?

Yes.

> 3. Is it possible to import a secp256k1 private key and use it? For
> example a secp256k1 key in the following format:

Dunno.

> 4. Is there a way to skip the passphrase entirely and not encrypt the
> private key at all?

Yes, but this is usually spectacularly unwise.

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 821 bytes
Desc: OpenPGP digital signature
URL: </pipermail/attachments/20170828/cea6869e/attachment.sig>


More information about the Gnupg-users mailing list