Questions about particular use cases (integrity verification w/o private key, add E flag to primary key, import secp256k1 key)

s7r s7r at sky-ip.org
Tue Aug 29 01:38:21 CEST 2017


Thanks for the reply. See inline,

Robert J. Hansen wrote:
>> 1. Is it possible, when transporting a message from Alice to Bob,
>> without holding any of their private keys, to do the following checks:
>> - verify the integrity of the message and make sure it is sanitized and
>> Bob can decrypt it with his private key;
[SNIP]
> So no.  Can't do this, sorry.  You can check the message format to make
> sure all the packets are well-formed and make sense, but you can't do
> more than that.  Only the message recipient can.
> 
>> - verify that the message was encrypted for Bob and not for anyone else
>> (Alice didn't mix recipients by mistake);
> 
> Kind of, by checking the message format.
> 

If I have the public key of the recipient, I should be able to tell that
a message was encrypted for that public key, except I am missing the
private key to decrypt it. If I can check the message format I should be
able to check this as well. How would I do this with gnupg?

>> 2. Is it possible to have just one key (the primary one, no subkey) with
>> E flag also (S,C,E) -- I know this is not recommended but this is a
>> particular use case and the risks are acknowledged. I guess gnupg will
>> not allow you to do this by default, but is there any magic that can be
>> done?
> 
> Yes.
> 

How? I tried in expert mode but didn't manage.

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 488 bytes
Desc: OpenPGP digital signature
URL: </pipermail/attachments/20170829/e0612397/attachment.sig>


More information about the Gnupg-users mailing list