back signatures

Alphax alphasigmax at gmail.com
Mon Nov 7 16:09:17 CET 2005


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

David Shaw wrote:
> On Mon, Nov 07, 2005 at 11:55:02PM +1030, Alphax wrote:
> 
> 
>>>>>It's a countermeasure against an attack against signing subkeys.
>>>>>Basically, the primary key signs all subkeys.  With backsigs, the
>>>>>signing subkey also signs the primary key.
>>>>>
>>>>>Without this, an attacker can "steal" a signing subkey from someone
>>>>>else and try and pretend that a signature came from his own key.  It's
>>>>>not a particularly good attack: the attacker can't issue signatures to
>>>>>prove his ownership.
>>>>>
>>>>
>>>>Will this remove the possibility of moving subkeys from one primary key
>>>>to another / converting primary keys to subkeys (documented at
>>>>http://atom.smasher.org/gpg/gpg-migrate.txt)?
>>>
>>>
>>>No, it's unrelated to that.  It's a countermeasure against a (somewhat
>>>weak) attack.  It has nothing to do with various bit twiddling you can
>>>do to your own key.
>>>
>>
>>So how /do/ they work (and how does one go about moving subkeys between
>>keys)?
> 
> 
> I'm afraid I don't understand what you're asking here.  How backsigs
> work?
> 

1. I have a cvs version of 1.4.3, how do I issue backsigs?

2. How can I move some subkeys from one key to another, where the key I
want to move them too currently has NO subkeys?

- --
Alphax                      |   /"\
Encrypted Email Preferred   |   \ /     ASCII Ribbon Campaign
OpenPGP key ID: 0xF874C613  |    X   Against HTML email & vCards
http://tinyurl.com/cc9up    |   / \
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.3 (MingW32)
Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org

iQEVAwUBQ29uHbMAAH8MeUlWAQjqEQf5AWjO1MUTnnpXblSugyp5uosKygmpSfP/
DkV+ULPCEPVFnxCY1BoekpWvjC+ZhyRzhjnjx9S79Xa5H3is6QQjo2r8Uy1ho8ju
MnVC5uascX4r5zQa7wHgZzCNjXwudd03ihBzh4De9+ZsP/QELbTKrPxFp5qhH7CE
hUHPh8TnkCejMcNk897Xs9zyHXZoeGSj9mQFtyO3lyOMyhV9Oey4X7bEKEXbDmVG
U5N/9c46QkQPuMGfOnJ7nxFBwq99n5OVKHGg4IcqsE/J5SIwKQCHmu0sTWCGdy8R
OFvj8uRh5iNJsVSx6t0+R68DizLRVyB//lluzXBdSUpoQP09iKkvFA==
=3oml
-----END PGP SIGNATURE-----



More information about the Gnupg-users mailing list