[Top] [All Lists]

Re: [openpgp] ECDH and ELG-E primary keys

2014-08-12 14:24:31
Werner Koch <wk(_at_)gnupg(_dot_)org> writes:

On Mon,  4 Aug 2014 19:06, ian(_at_)icb(_dot_)im said:
I'm not so sure I would say "no software" can use them. They're odd in that
they're a bare Public-Key Packet, but that doesn't mean they're unusable.

I won't call that an OpenPGP packet.  It is not OpenPGP compatible:

RFC4880, 12.1 Key Structures:

   In a V4 key, the primary key MUST be a key capable of certification.

along with 5.5.2 Public-Key Packet Formats:

   OpenPGP implementations MUST create keys with version 4 format.  V3
   keys are deprecated; an implementation MUST NOT generate a V3 key,
   but MAY accept it.

v3 keys have severe weaknesses for example they rely on MD5.  ECDH is
not capabale of signing/certifying.

For what it's worth I have a use-case for bare Public Key Packets with
direct signatures, without a user-id packet or a self-signature.

I plan to write up an I-D that will loosen the restrictions in 4880 to
allow this use-case.

Note that this use-case is not for email.  Indeed, these keys are not
even user keys; they are "device keys".  In my use case I'd like to use
RFC4880-style signatures for certifying those device keys.

Hopefully there is some support for this loosening?




       Derek Atkins                 617-623-3745
       Computer and Internet Security Consultant

openpgp mailing list