Re: Why do we use a different key to sign than to encrypt
Am Tue, 1 Mar 2011 13:13:16 + schrieb Guy Halford-Thompson g...@cach.me: Not GPG specific, but I was wondering if someone could point me in the direction of some resources that explain why we use different keys to sign and encrypt (for cases where the same key _could_ do both e.g. RSA). I cant seem to pick anything up on google. This gives a fairly good overview: http://www.schneier.com/paper-chosen-protocol.html -- Hanno Böck mail/jabber: ha...@hboeck.de GPG: BBB51E42 http://www.hboeck.de/ ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Why do we use a different key to sign than to encrypt
Not GPG specific, but I was wondering if someone could point me in the direction of some resources that explain why we use different keys to sign and encrypt (for cases where the same key _could_ do both e.g. RSA). I cant seem to pick anything up on google. Thanks -- Guy Halford-Thompson - http://www.cach.me/blog ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Why do we use a different key to sign than to encrypt
On Mar 1, 2011, at 8:13 AM, Guy Halford-Thompson wrote: Not GPG specific, but I was wondering if someone could point me in the direction of some resources that explain why we use different keys to sign and encrypt (for cases where the same key _could_ do both e.g. RSA). I cant seem to pick anything up on google. There is no one reason, but a few reasons that, taken together, makes this useful. One reason is that it enables the use of sign-only or encryption-only algorithms, which if one key had to do it all, would not be usable. Another reason is that it helps prevent a complete compromise - if only a subkey is compromised, the whole key is not compromised. It allows for the best-algorithm-for-the-job decision to be made (for example, many people like signing with DSA because the signatures are physically smaller and thus not so obvious in email). It allows easier key changes without changing the main identity key by expiring or revoking just a subkey and making a new one. And so on. Some of these reasons overlap as well. OpenPGP supports both the single-key and multiple-key models, so you're not forced to do it one way or the other. The default in GnuPG is multiple key. David ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Why do we use a different key to sign than to encrypt
On Tue, Mar 01, 2011 at 01:13:16PM + Also sprach Guy Halford-Thompson: Not GPG specific, but I was wondering if someone could point me in the direction of some resources that explain why we use different keys to sign and encrypt (for cases where the same key _could_ do both e.g. RSA). This may not be the whole story, but I did manage to find this: http://www.di-mgt.com.au/rsa_alg.html#weaknesses -- Le hasard favorise l'esprit préparé. --Louis Pasteur pgpbqg3nFtKvE.pgp Description: PGP signature ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Why do we use a different key to sign than to encrypt
Thanks for the list of resources G On 1 March 2011 14:41, Jeffrey Walton noloa...@gmail.com wrote: On Tue, Mar 1, 2011 at 8:13 AM, Guy Halford-Thompson g...@cach.me wrote: Not GPG specific, but I was wondering if someone could point me in the direction of some resources that explain why we use different keys to sign and encrypt (for cases where the same key _could_ do both e.g. RSA). I cant seem to pick anything up on google. Key separation and management. See Handbook of Applied Cryptography, Chapter 13 (http://www.cacr.math.uwaterloo.ca/hac/). Jeff -- Guy Halford-Thompson - http://www.cach.me/blog ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Why do we use a different key to sign than to encrypt
On Tue, Mar 1, 2011 at 9:34 AM, lists.gn...@mephisto.fastmail.net wrote: On Tue, Mar 01, 2011 at 01:13:16PM + Also sprach Guy Halford-Thompson: Not GPG specific, but I was wondering if someone could point me in the direction of some resources that explain why we use different keys to sign and encrypt (for cases where the same key _could_ do both e.g. RSA). This may not be the whole story, but I did manage to find this: http://www.di-mgt.com.au/rsa_alg.html#weaknesses The weaknesses documented there do not seem to apply to OpenPGP (and hence GnuPG). One, messages are not actually encrypted with RSA; a symmetric algorithm is used to encrypt messages and the key to that encryption is encrypted with RSA. I believe that GnuPG uses a larger encryption exponent, reducing the threat posed by the Chinese Remainder Theorem. The threat of the same key on that page only applies where the RSA encryption was done to the plain text directly. Likewise, OpenPGP signing is done on a hash of the plain text. (Again, not on the plain text directly.) David -- David Tomaschik, RHCE, LPIC-1 System Administrator/Open Source Advocate OpenPGP: 0x5DEA789B http://systemoverlord.com da...@systemoverlord.com ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users