invalid gpg key revocation
Hauke Laging
mailinglisten at hauke-laging.de
Mon Mar 5 19:53:14 CET 2012
Am Montag, 5. März 2012, 18:12:24 schrieb auto15963931 at hushmail.com:
> I am 99.9% sure no one has gotten access to my machine or my keys.
IMHO that requires at least that
1) you have generated the key in a secure environment, i.e.
a) booted from a safe medium
b (really) validated the content of the medium
2) and either
a) you have made sure that the key has never been written to a medium
which has been accessible by an insecure environment afterwards
b) the passphrase is secure (random, 80+ bit key space) and has never
been used in an insecure environment
3) the key has been generated by a well known software about which no
respective bugs (like the SSL key space disaster) are known
Can you confirm that?
> If they had, I have to believe that there would have been more
> damage done than this,
It is hard to make good assumptions about the motivation and aims of unknown
people. You don't even know whether the one got access to your private key by
planned action or rather incidentally.
Even if it was planned the motivation may have been to show you your limits
(or the other one's superiority), not to cause damage (=becoming really
criminal).
> What can be looked at on the revoked key
> to see how or under what circumstances it was revoked?
I do not know whether there is any data in such a revocation signature that
differs from system to system. Even the timestamp can easily be faked.
Hauke
--
PGP: D44C 6A5B 71B0 427C CED3 025C BD7D 6D27 ECCB 5814
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 555 bytes
Desc: This is a digitally signed message part.
URL: </pipermail/attachments/20120305/9010381d/attachment.pgp>
More information about the Gnupg-users
mailing list