ietf-openpgp
[Top] [All Lists]

Re: [openpgp] key distribution by email strategy

2020-12-14 15:20:46
Hello.

John Scott wrote in
 <23083923.ouqheUzb2q@t450>:
 |On Saturday, December 12, 2020 5:08:25 PM EST Steffen Nurpmeso wrote:
 |> I'd rather have the same for OpenPGP, a signed message with the
 |> public thing extractable embedded, then i at least know that the
 |> signer had the private key for that public thing at hand.
 |I don't think it's standard but GnuPG enables this with the --include-key-
 |block and --auto-key-import pair of options:
 |
 |--include-key-block
 |> This  option  is  used to embed the actual signing key into a
 |> data signature.  The embedded key is stripped down to a
 |> single user id and includes only the signing subkey used to
 |> create the signature as well as as valid encryption subkeys. 
 |> All other info  is  removed from the key to keep it and thus
 |> the signature small.  This option is the OpenPGP counterpart
 |> to the gpgsm option --include-certs.
 |
 |--auto-key-import
 |> This  is an offline mechanism to get a missing key for
 |> signature verification and for later encryption to this key. 
 |> If this option is enabled and a signature includes an
 |> embedded key, that key is used to verify the  signature  and 
 |> on  verification success that key is imported. The default is
 |> --no-auto-key-import.
 |>               
 |> On  the  sender  (signing) site the option --include-key-block
 |> needs to be used to put the public part of the signing key as
 |> “Key Block subpacket” into the signature.

Very interesting!  I did not know that indeed, i am still with gpg
1.4 ;-), but gnupg 2.25 is standard in CRUX-Linux, too, so.
Yes, that is a very, very good thing then, in my opinion!
Begs the question, if i will implement OpenPGP support next year
(after the MIME rewrite that thing needs first), can i somehow
integrate this with email when using standard OpenPGP MIME format.

--steffen
|
|Der Kragenbaer,                The moon bear,
|der holt sich munter           he cheerfully and one by one
|einen nach dem anderen runter  wa.ks himself off
|(By Robert Gernhardt)

_______________________________________________
openpgp mailing list
openpgp(_at_)ietf(_dot_)org
https://www.ietf.org/mailman/listinfo/openpgp

<Prev in Thread] Current Thread [Next in Thread>