[prev in list] [next in list] [prev in thread] [next in thread]
List: gpg4win-users-en
Subject: [Gpg4win-users-en] Reusing secrect key material
From: Bernhard Reiter <bernhard () intevation ! de>
Date: 2024-01-22 9:59:02
Message-ID: 202401221059.10303.bernhard () intevation ! de
[Download RAW message or body]
[Attachment #2 (multipart/signed)]
Am Samstag 20 Januar 2024 05:55:34 schrieb Daniel Kahn Gillmor:
> >(Theoreticall if the same algorithms were used, the
> > private key material could be used in both systems, but there is no
> > technical support for this, that I would know of, so it would only be
> > a hack.)
>
> I'd go so far as to say that "no technical support for" reusing secret
> keys across protocols is a feature, not a bug.
>
> Even as a hack, it's probably a bad idea to reuse any key for two
> entirely different protocols.
It may or not may be. I guess that saying a "hack" means that you would be
fully your own. A bad idea unless you want to do research or playing around.
> The risk here is a "cross-protocol" attack risk
That is obvious, though, if any implementation or protocol makes a mistake
that can be used against you, when using the same secret material you double
the risk.
> Say you hold a secret key Z and you have announced that you are using it
> both protocols, by making both an OpenPGP certificate that contains the
> secret key material, and an X.509 certificate that contains the secret
> key material.
I hope that both the OpenPGP pubkey and the CMS certificate will not
"contain the secret key material". ;)
> I can tell you from being involved in some parts of standardization of
> both OpenPGP and CMS that these protocols *were not* designed with such
> domain separation in mind. Was that a mistake? Yes, probably.
Or it was a good decision, if this reduces complexity in both implementations.
GnuPG and RNP (used by Thunderbird) plan to roll out https://librepgp.org/
which they have proposed as next OpenPGP standard and aim for less complexity
that the proprosed crypto-refresh protocol.
Just like you I have not fully understood how much tradeoff there is between
this "domain separation" and a more easily understood implementation.
But let us not discuss the next OpenPGP Standards details here
on the Gpg4win-Users mailinglist, but on a mailinglist more focussed on the
cryptographic details e.g. on
https://lists.gnupg.org/mailman/listinfo/librepgp-discuss
Best Regards,
Bernhard
--
https://intevation.de/~bernhard +49 541 33 508 3-3
Intevation GmbH, Osnabrück, DE; Amtsgericht Osnabrück, HRB 18998
Geschäftsführer: Frank Koormann, Bernhard Reiter
["signature.asc" (application/pgp-signature)]
[Attachment #6 (text/plain)]
_______________________________________________
Gpg4win-users-en mailing list
Gpg4win-users-en@wald.intevation.org
https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/gpg4win-users-en
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic