PGP: is there such a thing as a "signature only key?"
Dave Bird
dave at xemu.demon.co.uk
Fri, 19 Oct 2001 01:39:40 +0100
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
In article <55ED5FD3B4D2D41193E60002A5090BCD01B3D878@clerkenwell.pres.co
>, Owen Blacker <owen.blacker@wheel.co.uk> writes
>Charles Lindsey, quoting Dave Bird:
>>
>> > It has been claimed to me there is such a thing as a "signature
>> > only key", and that the PGP program will (automatically) refuse
>> > to encrypt to it.
>>
>> The feature was present even in PGP2.6.x. I.e., there is a bit in the key
>> somewhere that tells whether it is signature only, and I presume PGP will
>> refuse to encrypt to it in that case (I never actually tried, and for
>> sure a competent hacker could soon bypass it). But I don't think the
>> options available to the ordinary user gave the ability to set that bit.
>
>It seems, fwiw, that what is happening is that the PGPsdk functionality
>used by Turnpike is wrongly allowing the user to encrypt to a revoked
>ElGamal encryption subkey. I would assume (but don't know and haven't got
>round to finding out yet) that the code is probably checking to see if the
>whole-key is revoked, rather than just the subkey in question.
My version of PGP tells me that the main forward (signing) key
still has an UNREVOKED backward (encrypt) sub-key in there.
Note that it ** not ** just ** the SDK used by Turnpike. My PGP,
launched directly from the PGP icon, also does the same thing.
I don't understand why, if it was revoked, PGP did not
actually remove and over-write the key numbers for the sub-key.
>
>This thread is continuing on the PGP users list
><http://cryptorights.org/pgp-users/> rather than here as it's off topic for
>this list.
What's the email address to subscribe? I'm not on it yet. (Or I consent
for anyone to subscribe me at this email address).
- --
^-^-^-@@-^-;-^ http://www.xemu.demon.co.uk/
(..)__u news:alt.smoking.mooses
-----BEGIN PGP SIGNATURE-----
Version: PGPsdk version 1.7.1
iQA/AwUBO892S38v/Y5zkfRPEQLufACgmhM3F1eS/thTeJ2J6iZabgNNlnYAoJxT
BRwgscZuCvL5iX2duV2o6eiT
=i48q
-----END PGP SIGNATURE-----