pem-dev
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

desire to use multiple keys, at least in RIPEM

1993-11-18 13:09:00
from [Jeff Thompson] [Permanent Link] 


I have a desire to build a second, shorter key to use alongside my normal
key for casual e-mail.

I would therefore like to be able to have my key identified by a key ID
(perhaps the MD5 of the public key) rather than my e-mail address or
any distinguished name 1:1 with an e-mail address.

What would this take?


I am working with Mark Riordan right now on enhancing RIPEM.  We added
a field called X-Recipient-Key-Asymmetric to use instead of
Recipient-Name which contains the recipient's DER-encoded public key.
An encrypted message looks like:

  -----BEGIN PRIVACY-ENHANCED MESSAGE-----
  Proc-Type: 4,ENCRYPTED
  Content-Domain: RFC822
  DEK-Info: DES-CBC,DB659B8ACD4C5FE4
  Originator-Certificate:
   MIIBtjCCAWACEClfT/NyW5UE7s0ANSRvDugwDQYJKoZIhvcNAQECBQAwYDELMAkG
   A1UEBhMCVVMxIDAeBgNVBAoTF1JTQSBEYXRhIFNlY3VyaXR5LCBJbmMuMRwwGgYD
   VQQLExNQZXJzb25hIENlcnRpZmljYXRlMREwDwYDVQQDEwhUZXN0Q2VydDAeFw05
   MzExMTAyMjE1MDhaFw05NTExMTAyMjE1MDhaMGAxCzAJBgNVBAYTAlVTMSAwHgYD
   VQQKExdSU0EgRGF0YSBTZWN1cml0eSwgSW5jLjEcMBoGA1UECxMTUGVyc29uYSBD
   ZXJ0aWZpY2F0ZTERMA8GA1UEAxMIVGVzdENlcnQwWTAKBgRVCAEBAgICAANLADBI
   AkEA1wqHPZ4sRZxhn7spZyN9g1uWdazh8dGxKRPvpUX8ZjmT0oe0TIrYb4JlvOh5
   v2R0dD73Pv4KRMoIDYtnbHlgYwIDAQABMA0GCSqGSIb3DQEBAgUAA0EAz6KPsPwQ
   /NzaxcSjw3WxoLE+4ZyBRr4Aly6Fnzi0Gh9moj/iZy+80QXAoVE6Gw01g6HhEKBF
   bntD1lXPxaGFKA==
  MIC-Info: RSA-MD5,RSA,
   vjFoxoNGVWiRjrvmqI2U0d42K6cfEsg4KA43QgW2/fKfNhjrv+ChFo4i/CKuTxri
   pMKJcmDo2QSLItfJ8PRwA89Ft9h+Eabh
  X-Recipient-Key-Asymmetric:
   MFkwCgYEVQgBAQICAgADSwAwSAJBANcKhz2eLEWcYZ+7KWcjfYNblnWs4fHRsSkT
   76VF/GY5k9KHtEyK2G+CZbzoeb9kdHQ+9z7+CkTKCA2LZ2x5YGMCAwEAAQ==
  Key-Info: RSA,
   rgO4NJ7vCx0nznuBU2vy3jQ9VY3HsrowQOQtkkYtBRfhWT4A8MZouIOUO5dNDIou
   QGNo8nC/baa9JIM2Hkxo7g==

  oVw81k7PlyxwmLChy79m3P3VRNlfUP0di7ELqqjQG2gunJZWt5w451MCk/sLsKGd
  hl3mL0UtLS4FVsE5TVkRK8C0Z8/J2YQp+/dlk1SZGWpT4VM29gAW3At9Oa7ac+90
  -----END PRIVACY-ENHANCED MESSAGE-----

Note that we also took care of ambiguity on the sender's side by using
the self-signed certificate in the Originator-Certificate field in the
manner of a RFC 1424 certifiation request.  This is appropriate if you
note that a certificate request is precisely a message where the
recipient isn't sure of the key used by the sender or of their
affiliation in a hierarchy.

- Jeff
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  desire to use multiple keys, at least in RIPEM, Carl Ellison
Next by Date:  Re: identifying attribute types, jueneman%wotan
Previous by Thread:  desire to use multiple keys, at least in RIPEM, Carl Ellison
Next by Thread:  Re: desire to use multiple keys, at least in RIPEM, Steve Kent
Indexes:  [Date] [Thread] [Top] [All Lists]