[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Secret key signature packet

To: Hal Finney <hal@xxxxxxxxxx>
Subject: Re: Secret key signature packet
From: Adam Back <adam@xxxxxxxxxxxxxxx>
Date: Tue, 23 Aug 2005 13:51:49 -0400
Cc: ietf-openpgp@xxxxxxx, mkuusio@xxxxxxxxx, Adam Back <adam@xxxxxxxxxxxxxxx>
In-reply-to: <>
List-archive: <http://www.imc.org/ietf-openpgp/mail-archive/>
List-id: <ietf-openpgp.imc.org>
List-unsubscribe: <mailto:ietf-openpgp-request@imc.org?body=unsubscribe>
References: <>
Sender: owner-ietf-openpgp@xxxxxxxxxxxx
User-agent: Mutt/1.4.1i

I might be misunderstanding but I read the original poster to be maybe
hinting at modification detection of the private key ring somehow.

I am not sure of any attack based on modifying the private key in an
undetectable way... that would generally seem to make invalid
signatures, and inability to decrypt.  

On the other hand changing the trust markers, or changing public
encryption keys of other parties -- that would seem dangerous.

So there would be value in that, tho AFAIK this info is on the public
key ring.

(Also with some implementations I've noticed they can operate just with
the private keyring as the private key is a superset of the public
key.)

Also the threat model is a bit arguable; if an attacker can modify the
keyrings, he could likely also insert a keyboard logger; maybe there
is some difference tho if for example the software is kept separate,
and there is some risk of attacker modifying the just the data on the
keyring storage device.

Adam

On Tue, Aug 23, 2005 at 09:06:32AM -0700, "Hal Finney" wrote:
> 
> From: <mkuusio@xxxxxxxxx>
> > What is the content of the secret key signature packet? I know that open
> > pgp doesn`t support secret key signing so hash left 2 bytes, DSA r and DSA
> > s are not included in the signature packet. I assume that the content is:
> >
> > -Version number (1 octet)
> > -Signature type (1 octet)
> > -Public key algorithm (1 octet)
> > -Hash algorithm (1 octet)
> > -Hashed subpackets (n octets)
> > -Sub packet (issuer key id 8 octets)
> 
> I'm sorry, I don't know what you mean by a secret key signature packet.
> As I noted earlier, we don't sign secret keys.  There would be no point
> in creating a "signature" packet that was missing the signature fields,
> r and s.
> 
> Maybe this will help.  OpenPGP implementations usually store the public
> keys separately from the secret keys.  Traditionally these stores are
> called "key rings".  The public key ring contains public keys (your
> own public key and also those belonging to other people), user ids, and
> signatures.  The secret key ring contains your own secret keys and their
> user ids.  There is no need for signature packets on the secret key ring.
> If there are any signature packets there, they will be signatures over
> just the public key portion of the secret key packets.  They are not
> secret key signatures, there is no such thing.
> 
> Hal Finney

Follow-Ups:
- Re: Secret key signature packet
  - From: Adam Back
- Re: Secret key signature packet
  - From: David Shaw

References:
- Re: Secret key signature packet
  - From: "Hal Finney"

Prev by Date: Re: Secret key signature packet
Next by Date: Re: Secret key signature packet
Previous by thread: Re: Secret key signature packet
Next by thread: Re: Secret key signature packet
Index(es):
- Date
- Thread