PGP: is there such a thing as a "signature only key?"
Dave Bird
dave at xemu.demon.co.uk
Thu, 18 Oct 2001 21:18:45 +0100
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
In article <200110181529.QAA18576@clw.cs.man.ac.uk>, Charles Lindsey:
>Dave Bird <dave@xemu.demon.co.uk> said...
>>
>> It has been claimed to me there is such a thing as a "signature
>> only key", and that the PGP program will (automatically) refuse
>> to encrypt to it.
>
>The feature was present even in PGP2.6.x. I.e., there is a bit in the
>key somewhere that tells whether it is signature only, and I presume PGP
>will refuse to encrypt to it in that case (I never actually tried, and
>for sure a competent hacker could soon bypass it). But I don't think the
>options available to the ordinary user gave the ability to set that bit.
>
>In the case of PGP5.0, I recently had occasion to need a signature-only
>DSS key.
No, what you do is generate a forward-only (signing) DSS key
which has a backward-only (encrypt) DH subkey signed by it.
To make a key for signature only, you delete this subkey.
Yes I have a public key, which the users swears he made in this way,
yet my PGP cheerfully tells me all about the encrypt subkey in it.
My apologies for dragging this round on a list which is mainly
about crypto-policy and crypto-system ideas, but there really may
be something weird here.
In article <200110181533.QAA18588@clw.cs.man.ac.uk>, Charles Lindsey
<chl@clw.cs.man.ac.uk> writes
> On Wed, 17 Oct 2001 16:36:23 -0700 (PDT)
> Len Sassaman <rabbi@quickie.net> said...
>
>> Well, given that encryption to DSA keys is not possible, it certainly
>> does refuse to encrypt to them.
>
>On the contrary, it is possible to convert a DSS key to an El-Gamal key,
>and to use it for encryption. But of course, that requires quite a bit
>of competent hacking at both ends.
Interesting. But I haven't hacked anything: I have a supposedly
no-encrypt-subkey public key and, hey presto I see a subkey in it.
Without having done any work at all!
- --
^-^-^-@@-^-;-^ http://www.xemu.demon.co.uk/
(..)__u news:alt.smoking.mooses
-----BEGIN PGP SIGNATURE-----
Version: PGPsdk version 1.7.1
iQA/AwUBO885JX8v/Y5zkfRPEQJ0AACeJIfZzRux618Z38mZGmR+J7ma5I0AoJfX
yriS5FmqTRt42KNMxjIx9pBC
=gxiE
-----END PGP SIGNATURE-----