[Gpg4win-users-en] Reusing secrect key material

Bernhard Reiter bernhard at intevation.de
Mon Jan 22 10:59:02 CET 2024

Am Samstag 20 Januar 2024 05:55:34 schrieb Daniel Kahn Gillmor:
> >(Theoreticall if the same algorithms were used, the
> > private key material could be used in both systems, but there is no
> > technical support for this, that I would know of, so it would only be
> > a hack.)
> I'd go so far as to say that "no technical support for" reusing secret
> keys across protocols is a feature, not a bug.
> Even as a hack, it's probably a bad idea to reuse any key for two
> entirely different protocols.  

It may or not may be. I guess that saying a "hack" means that you would be 
fully your own. A bad idea unless you want to do research or playing around.

> The risk here is a "cross-protocol" attack risk

That is obvious, though, if any implementation or protocol makes a mistake 
that can be used against you, when using the same secret material you double 
the risk.

> Say you hold a secret key Z and you have announced that you are using it
> both protocols, by making both an OpenPGP certificate that contains the
> secret key material, and an X.509 certificate that contains the secret
> key material.

I hope that both the OpenPGP pubkey and the CMS certificate will not
"contain the secret key material". ;)

> I can tell you from being involved in some parts of standardization of
> both OpenPGP and CMS that these protocols *were not* designed with such
> domain separation in mind.  Was that a mistake?  Yes, probably. 

Or it was a good decision, if this reduces complexity in both implementations.

GnuPG and RNP (used by Thunderbird) plan to roll out https://librepgp.org/
which they have proposed as next OpenPGP standard and aim for less complexity 
that the proprosed crypto-refresh protocol.

Just like you I have not fully understood how much tradeoff there is between
this "domain separation" and a more easily understood implementation.
But let us not discuss the next OpenPGP Standards details here 
on the Gpg4win-Users mailinglist, but on a mailinglist more focussed on the 
cryptographic details e.g. on 

Best Regards,
https://intevation.de/~bernhard   +49 541 33 508 3-3
Intevation GmbH, Osnabrück, DE; Amtsgericht Osnabrück, HRB 18998
Geschäftsführer: Frank Koormann, Bernhard Reiter
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 659 bytes
Desc: This is a digitally signed message part.
URL: <http://lists.wald.intevation.org/pipermail/gpg4win-users-en/attachments/20240122/5f57e89c/attachment.sig>

More information about the Gpg4win-users-en mailing list