Fwd: Seperate RSA subkeys for decryption and signing or one for both?
Nicholas Cole
nicholas.cole at gmail.com
Tue Dec 4 20:11:18 CET 2012
Meant to post this to the list. Blame gmail.
---------- Forwarded message ----------
From: Nicholas Cole <nicholas.cole at gmail.com>
Date: Tue, Dec 4, 2012 at 7:10 PM
Subject: Re: Seperate RSA subkeys for decryption and signing or one for both?
To: Hubert Kario <hka at qbs.com.pl>
> How do you propose an attacker could force me to sign data I already
> encrypted?
I think the attack merely specifies a chosen text - but at any rate,
the point is that there might be a system (eg. a badly designed
time-stamping service) that might naively sign data supplied by an
attacker, and in those cases having a signing and encryption key that
are the same would be a Bad Idea. Note, though, that PGP 2.6.3 did
use the same key for both; the attack is a (mostly) theoretical one.
More information about the Gnupg-users
mailing list