Hi.
I once encountered the following situation. 

One of my contacts did send his/her private key on the public key server. 
Claiming that this was his/her public key. Funnily enough I did import that key 
and did not get aware it was a secret key. And as far as I remember it worked 
to decrypt her messages. 


First question: was this possible because you can decrypt messages from a 
counterpart also with his/her private key (having it imported from a key 
server) using your private key? Or (I do sincerely not remember) did s(he) send 
me the public key separately maybe and this is why I was able to decrypt) 

Kgpg has a very strange policy in communicating the import of a key. It always 
speaks of "secret key" imported whether this is a public or private key At 
least in opensuse when you do "export your public key" and "export your secret 
key" both will have the same aspect AFAIC (name.asc). Is this intentional and 
could this be changed to make things like this happen less? (Note: more people 
will use encryption so the level of knowledge of the program is to be expected 
to lower not to get higher at least statistically. It is true that in the most 
recent version of kgpg this has changed and a dialogue should make people 
understand they are exporting a private key (at least when exporting to a file, 
however, I do not know if this warning happens also when people export to a 
key-server). 

That brings me to this question: is there a way, once I have to keys let us say 
"Paul.asc" a public one and "Paul.asc" a private one that should not have been 
exported, to understand immediately what kind of key is this. What would be the 
command on the command line?

Last question: 
why a does a key server for public keys accept "private keys" anyway? Isn't 
there a way in the infrastructure to block those errors from the very origin?

Thank, you. 



---
Alle Postfächer an einem Ort. Jetzt wechseln und E-Mail-Adresse mitnehmen! 
http://email.freenet.de/basic/Informationen


_______________________________________________
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Reply via email to