PGP: is there such a thing as a "signature only key?"

Thu, 18 Oct 2001 18:59:04 +0100

Indeed.  I think we've got it solved, now.  I think it's a combination of
my error (revoked instead of deleted) and a bug in Turnpike's
implementation of PGP (encrypting to a revoked subkey).

> I'm talking about a key 0x3E2056B9,  Owen Blacker <SIGNATURE KEY ONLY>.
> It appears to have an encryption part too, for CAST cypher.  
> One of us is doing it wrong, and I want to nail this problem down.
> 
> Not least because I'm being accused of hacking, denial of service
> attacks, etc, behind my back and generally being called blind.  

To clarify (and I realise this part is waaaay off topic :)  ~I~ didn't
accuse Dave of these things.  I accused Dave of possibly having encrypted
to it maliciously and deliberately, which I have since retracted.  :o)

> If "SIGNING ONLY" keys must carefully delete the encryption key,
> else PGP6 on Windoze will encrypt to their encryption part,
> then that is the problem and people who make such keys must
> be aware of, and fix, the problem.  

That's definitely part of it.  I shall remember to do so in future  :)

All the best,

O x
- -- 
Owen Blacker
Senior Software Developer / InfoSec Consultant    Wheel: Clerkenwell
See http://www.owens-place.org.uk/pgp.html -- more about my PGP keys
Sig  0xb48e805e | 0e31 ac2a 4ff2 62a0 89da  ddef 4223 99a6 b48e 805e

-----BEGIN PGP SIGNATURE-----
Version: PGP 7.0.4
Comment: Due to RIP, pls check for revocation before using this key!

iQA/AwUBO88XrkIjmaa0joBeEQL5bQCg2KunzB9KU4MPrvf2B8jOVwn/OWsAoP0/
/RHCY4jIw0++IBX420m46WRJ
=OWS0
-----END PGP SIGNATURE-----

_____________________________________________________________________
This message has been checked for all known viruses by UUNET delivered 
through the MessageLabs Virus Control Centre. For further information visit
http://www.uk.uu.net/products/security/virus/