back signatures
Alphax
alphasigmax at gmail.com
Sat Nov 5 07:09:40 CET 2005
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
David Shaw wrote:
> On Fri, Nov 04, 2005 at 10:15:16PM +0300, Pawel Shajdo wrote:
>
>>Salve!
>>Can somebody explain me what is "back signatures"?
>>Manual not very clear about this.
>
>
> It's a countermeasure against an attack against signing subkeys.
> Basically, the primary key signs all subkeys. With backsigs, the
> signing subkey also signs the primary key.
>
> Without this, an attacker can "steal" a signing subkey from someone
> else and try and pretend that a signature came from his own key. It's
> not a particularly good attack: the attacker can't issue signatures to
> prove his ownership.
>
Will this remove the possibility of moving subkeys from one primary key
to another / converting primary keys to subkeys (documented at
http://atom.smasher.org/gpg/gpg-migrate.txt)?
- --
Alphax | /"\
Encrypted Email Preferred | \ / ASCII Ribbon Campaign
OpenPGP key ID: 0xF874C613 | X Against HTML email & vCards
http://tinyurl.com/cc9up | / \
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2 (MingW32)
Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org
iQEVAwUBQ2xMo7MAAH8MeUlWAQjH6gf+KmeEkA1TrqYANLl6jWyCvVslMukZcDeI
yHFLgPT3tJY/dY+AU4mRsgcim3sd3alJan8Qz1mecEbxHHffXJCSbowagnUotx19
AP6ku/KFSC/yjF2dvttoDmmnSxWSzL9F0EoJI5O2o/xNXVaSjbR1wj+zq6Z7m84I
6R0QQguSDHmccPAtLmtdIereGuU8ai4seQI97JLD78eVM0gibR220WaTe482Bh3P
i+yNx6fMMjlGb/VB1AWTyK5b04SguGZQtKP4QQzxiAsfNvYYeRWlVuGwThrHTodd
+A30HeVql/PRkEo3ITtT8BQ6nelRikm+SDTo0Z3YCxLT7uRGzmeR7Q==
=Omcs
-----END PGP SIGNATURE-----
More information about the Gnupg-users
mailing list