ietf-openpgp
[Top] [All Lists]

Re: mail client implementations problem? bcc and encrypting to multiple recipients

2000-08-22 14:10:13
Erron Criddle writes:
As far as I'm concerned the Key ID is a complete waste of time unless a 
lookup is being made on a server that is automatically decrypting each 
message. This is OK here because you can configure the database to store 
the Key ID and that makes lookups easier (if there are no duplicate Key 
ID's).

I am confused about whether you are talking about decryption or
encryption.  The OpenPGP message formats only allow for using keyids to
indicate which key should decrypt.  If you are decrypting, isn't looking
up by keyid the only possibility?  There is no userid to tell you which
key to decrypt with.

From my understanding of the Public and Private Keyring structures, 
you can only have a Key ID for the highest level key (self sig.) and cannot 
store the Key ID's for the subkeys.

No, subkeys can have keyids too.  A PKESK packet should use the keyid of
the specific subkey which can decrypt it.

For our client software, we are not doing lookups via the Key ID (as it 
isn't stored in the public/private keyrings), however the server version 
will support lookups via Key ID's.

We have found it better just to do lookups via the User ID - at least you 
can store that within the private /public keyring structures.

If anyone can tell me otherwise regarding the storage of Signing and 
Encryption Key ID's within the private/public keyrings, it would be great.

If you are talking about decryption, I don't see how you do it.  And what
about signature verification?  Again in that case the OpenPGP message
only has the signing keyid.  Don't you have to do a lookup by keyid to
verify the sig?

Hal