[Gpg4win-users-en] Reusing secrect key material
Bernhard Reiter
bernhard at intevation.de
Mon Jan 22 10:59:02 CET 2024
Am Samstag 20 Januar 2024 05:55:34 schrieb Daniel Kahn Gillmor:
> >(Theoreticall if the same algorithms were used, the
> > private key material could be used in both systems, but there is no
> > technical support for this, that I would know of, so it would only be
> > a hack.)
>
> I'd go so far as to say that "no technical support for" reusing secret
> keys across protocols is a feature, not a bug.
>
> Even as a hack, it's probably a bad idea to reuse any key for two
> entirely different protocols.
It may or not may be. I guess that saying a "hack" means that you would be
fully your own. A bad idea unless you want to do research or playing around.
> The risk here is a "cross-protocol" attack risk
That is obvious, though, if any implementation or protocol makes a mistake
that can be used against you, when using the same secret material you double
the risk.
> Say you hold a secret key Z and you have announced that you are using it
> both protocols, by making both an OpenPGP certificate that contains the
> secret key material, and an X.509 certificate that contains the secret
> key material.
I hope that both the OpenPGP pubkey and the CMS certificate will not
"contain the secret key material". ;)
> I can tell you from being involved in some parts of standardization of
> both OpenPGP and CMS that these protocols *were not* designed with such
> domain separation in mind. Was that a mistake? Yes, probably.
Or it was a good decision, if this reduces complexity in both implementations.
GnuPG and RNP (used by Thunderbird) plan to roll out https://librepgp.org/
which they have proposed as next OpenPGP standard and aim for less complexity
that the proprosed crypto-refresh protocol.
Just like you I have not fully understood how much tradeoff there is between
this "domain separation" and a more easily understood implementation.
But let us not discuss the next OpenPGP Standards details here
on the Gpg4win-Users mailinglist, but on a mailinglist more focussed on the
cryptographic details e.g. on
https://lists.gnupg.org/mailman/listinfo/librepgp-discuss
Best Regards,
Bernhard
--
https://intevation.de/~bernhard +49 541 33 508 3-3
Intevation GmbH, Osnabrück, DE; Amtsgericht Osnabrück, HRB 18998
Geschäftsführer: Frank Koormann, Bernhard Reiter
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 659 bytes
Desc: This is a digitally signed message part.
URL: <http://lists.wald.intevation.org/pipermail/gpg4win-users-en/attachments/20240122/5f57e89c/attachment.sig>
More information about the Gpg4win-users-en
mailing list