Anyone know whether PGP has plans for session key extractor

Richard Clayton richard at turnpike.com
Wed, 26 Jul 2000 19:00:45 +0100 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

In article <20000726191025.L19455@djebel.openit.de>, Werner Koch
<wk@gnupg.org> writes

>On Wed, 26 Jul 2000, Robert Guerra wrote:
>
>> b. GnuPG, www.gnupg.org -> an independant implenetation of the openpgp 
>> specs (ie. not by PGP/NAI). it's developper, Werner Koch is in Germany..and 
>> hence might be appealing to the europeans.
>
>I have not followed this ML very closely for the last weeks, so I'd
>appreciate if someone can tell what kind of feature you need and why.

The way that Part III of RIP is written, in the unusual circumstances
where a Chief Constable (or a Brigadier or other Important Person)
requires you to divulge a key to enable protected information to be
divulged - then you may divulge ANY key that allows access.

The obvious key to divulge is the session key since that will be (if PGP
is working properly!) unique to that message. ie: no other messages can
be decrypted with that key.

>I have always refused to add code especially to cope with proposed
>laws - however if there is nothing to stop the politicans I will help
>to ensure that we can find a way to protect our privacy as far as we
>can.
>
>I guess you need a utility to just extract the session key 

yes

In our mail client, we're considering just making it one of the
"details" that is displayed about a message along with the key id, time
of signing and so forth ((since the details can only be shown when the
plaintext is available then no security is lost!)).

The upside of showing it would be that if it ever looked familiar (or
had lots of zeroes at one end) then you'd immediately be rather
suspicious of the sender's software!

>and which
>can decrypt a message given the session key?

You could write this program if you wished ! However I suspect GTAC have
set aside some of their budget for producing this software themselves :)

- -- 
richard                       writing to inform and not as company policy
     want to have an influence on ICANN ?  http://members.icann.org/
"Assembly of Japanese bicycle require great peace of mind" quoted in ZAMM

-----BEGIN PGP SIGNATURE-----
Version: PGPsdk version 1.7.1

iQA/AwUBOX8nTetbVxwhgXFWEQJKdgCgkWhukfNQUsyw+tD2mHdfK+e7KKsAn1pi
bU9yA4Rt9enW+B61Pcw3lIxw
=NGH0
-----END PGP SIGNATURE-----