Non-deterministic behavior using GnuPG and a smart-card
Dr. Basil Becker
basil at basilbecker.de
Thu Feb 9 11:39:34 CET 2017
Hi Peter et al.
Am 9. Februar 2017 11:08:12 MEZ schrieb Peter Lebbing <peter at digitalbrains.com>:
>Hello,
> I think it's interesting you encrypt
>each and every mail you receive. That exercises all components a lot,
>it
>might lead to some useful insights on how things might be improved. In
>fact, we just encountered such an insight I think!
To encrypt every mail I receive is an option, that my mail - provider offers. I uploaded my public key and each incoming mail becomes encrypted. In my opinion quite a good trade off, given the general usage of mail encryption outside of this list.
>
>On 09/02/17 07:02, NIIBE Yutaka wrote:
>> This should be fixed.
>
Is there anything else I could provide in order to help with the bug-fix?Logs,traces anything? Of course I can offer my environment to do some tests.
Should I file a bug report for this issue?
>As a short term solution, you could revoke the encryption subkey and
>create a new one with a common keylength;
Yes, this is an option.
>
>If I understand correctly, you already use a regular
>on-disk key on your smartphone, so this might not be a problem to you.
>
Actually, I'm using my smart-card also on my phone through an USB OTG cable. Nevertheless, I have an backup of my encryption key, I could facilitate to overcome the current limitations.
>Changing subkey stuff has no effect on certifications; if people signed
>your key, that signature will still be valid since it is on the primary
>key (and an UID), subkeys are not involved in the process.
>
Thanks for pointing out. I'll consider using a more standard encryption key.
>I'm curious how you ended up with 3104-bits RSA keys on your smartcard
>in the first place, by the way!
>
I decided for this unusual key length more or less for the reason of obscurity. I had the unproven hope that using an unusual key length would make attacks harder. However, I did not expect it to complicate the general usage :)
Cheers
Basil
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 691 bytes
Desc: not available
URL: </pipermail/attachments/20170209/f672d1ac/attachment.sig>
More information about the Gnupg-users
mailing list