UK Friendly for e-commerce?
Padgett 0sirius
padgett at gdi.net
Mon, 20 Mar 2000 20:58:26 -0500
>Why can't I just use my DSS keys as El Gamal keys?
You can.
The point is not so much that you might but that anyone with access to your
public signing key could use it to encrypt a message that would require
your private signing key to decrypt. True, your software would probably
refuse to decrypt it but that is no bar to its being used that way.
As I recall, the original intent of the DSS was to produce a protocol that
could be used only for signing and not to encrypt a message. I also seem to
recall that within six months someone had demonstrated that it could be
used to encrypt a message
And if it was, that could lead to a demand for the key to a message you
could not decrypt but did possess the key for. And the public portion of
the signing key must be publicly available else your signature could not be
verified.
I suspect that this could create a rather interesting "entrapment" scenario.
A. Padgett Peterson, P.E., CISSP: Cybernetic Psychophysicist
Anti-Virus, Cryptographics, & Antique Radio Researcher
http://www.freivald.org/~padgett/index.html
mailto:padgett@gdi.net PGP 6.5 Key on request