ietf-openpgp
[Top] [All Lists]

Re: Secret key signature packet

2005-08-23 10:52:01

I might be misunderstanding but I read the original poster to be maybe
hinting at modification detection of the private key ring somehow.

I am not sure of any attack based on modifying the private key in an
undetectable way... that would generally seem to make invalid
signatures, and inability to decrypt.  

On the other hand changing the trust markers, or changing public
encryption keys of other parties -- that would seem dangerous.

So there would be value in that, tho AFAIK this info is on the public
key ring.

(Also with some implementations I've noticed they can operate just with
the private keyring as the private key is a superset of the public
key.)


Also the threat model is a bit arguable; if an attacker can modify the
keyrings, he could likely also insert a keyboard logger; maybe there
is some difference tho if for example the software is kept separate,
and there is some risk of attacker modifying the just the data on the
keyring storage device.

Adam

On Tue, Aug 23, 2005 at 09:06:32AM -0700, "Hal Finney" wrote:

From: <mkuusio(_at_)surfeu(_dot_)fi>
What is the content of the secret key signature packet? I know that open
pgp doesn`t support secret key signing so hash left 2 bytes, DSA r and DSA
s are not included in the signature packet. I assume that the content is:

-Version number (1 octet)
-Signature type (1 octet)
-Public key algorithm (1 octet)
-Hash algorithm (1 octet)
-Hashed subpackets (n octets)
-Sub packet (issuer key id 8 octets)

I'm sorry, I don't know what you mean by a secret key signature packet.
As I noted earlier, we don't sign secret keys.  There would be no point
in creating a "signature" packet that was missing the signature fields,
r and s.

Maybe this will help.  OpenPGP implementations usually store the public
keys separately from the secret keys.  Traditionally these stores are
called "key rings".  The public key ring contains public keys (your
own public key and also those belonging to other people), user ids, and
signatures.  The secret key ring contains your own secret keys and their
user ids.  There is no need for signature packets on the secret key ring.
If there are any signature packets there, they will be signatures over
just the public key portion of the secret key packets.  They are not
secret key signatures, there is no such thing.

Hal Finney


<Prev in Thread] Current Thread [Next in Thread>