ietf-openpgp
[Top] [All Lists]

Re: [openpgp] ECDH and ELG-E primary keys

2014-08-04 15:06:50
On Mon,  4 Aug 2014 19:06, ian(_at_)icb(_dot_)im said:
I'm not so sure I would say "no software" can use them. They're odd in that
they're a bare Public-Key Packet, but that doesn't mean they're unusable.

I won't call that an OpenPGP packet.  It is not OpenPGP compatible:

RFC4880, 12.1 Key Structures:

   In a V4 key, the primary key MUST be a key capable of certification.

along with 5.5.2 Public-Key Packet Formats:

   OpenPGP implementations MUST create keys with version 4 format.  V3
   keys are deprecated; an implementation MUST NOT generate a V3 key,
   but MAY accept it.

v3 keys have severe weaknesses for example they rely on MD5.  ECDH is
not capabale of signing/certifying.


Shalom-Salam,

   Werner


-- 
Die Gedanken sind frei.  Ausnahmen regelt ein Bundesgesetz.

_______________________________________________
openpgp mailing list
openpgp(_at_)ietf(_dot_)org
https://www.ietf.org/mailman/listinfo/openpgp