Re: separation of signed and encrypted messages
Derek Atkins <warlord@mit.edu> Tue, 16 October 2001 16:08 UTC
Received: from above.proper.com (above.proper.com [208.184.76.39]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id MAA07623 for <openpgp-archive@odin.ietf.org>; Tue, 16 Oct 2001 12:08:01 -0400 (EDT)
Received: from localhost (localhost [[UNIX: localhost]]) by above.proper.com (8.11.6/8.11.3) id f9GFrqP00511 for ietf-openpgp-bks; Tue, 16 Oct 2001 08:53:52 -0700 (PDT)
Received: from rcn.ihtfp.org (me@ORANGE-TOUR.IHTFP.ORG [204.107.200.33]) by above.proper.com (8.11.6/8.11.3) with ESMTP id f9GFroD00504 for <ietf-openpgp@imc.org>; Tue, 16 Oct 2001 08:53:50 -0700 (PDT)
Received: (from warlord@localhost) by rcn.ihtfp.org (8.9.3) id LAA01992; Tue, 16 Oct 2001 11:40:18 -0400
To: Michael Young <mwy-opgp97@the-youngs.org>
Cc: ietf-openpgp@imc.org
Subject: Re: separation of signed and encrypted messages
References: <OE58s955E3yIyEOadke00001939@hotmail.com> <008201c15657$4b6f1880$dfc32609@transarc.ibm.com>
From: Derek Atkins <warlord@mit.edu>
Date: Tue, 16 Oct 2001 11:40:18 -0400
In-Reply-To: "Michael Young"'s message of "Tue, 16 Oct 2001 11:29:06 -0400"
Message-ID: <sjmhesz3865.fsf@rcn.ihtfp.org>
Lines: 30
X-Mailer: Gnus v5.5/Emacs 20.3
Sender: owner-ietf-openpgp@mail.imc.org
Precedence: bulk
List-Archive: <http://www.imc.org/ietf-openpgp/mail-archive/>
List-Unsubscribe: <mailto:ietf-openpgp-request@imc.org?body=unsubscribe>
List-ID: <ietf-openpgp.imc.org>
Actually, revealing the encrypted-session-key for an OpenPGP message should give you sufficient information to link the plaintext to the encrypted message without actually giving away your private key or passphrase. Considering that PGP implementations should be choosing random session keys, this implies that session keys should not be re-used. -derek "Michael Young" <mwy-opgp97@the-youngs.org> writes: > No. The message(+signature) contents are symmetrically encrypted. > There is no way to prove that the plaintext generates that specific > ciphertext without giving up the session key. Demonstrating > a decrypted signature or MDC shouldn't convince anyone that the > full plaintext matches that ciphertext. > > If you're willing to show the plaintext, why do you care about > protecting the session key? Are you reusing it? This might be an > issue for a PGPdisk, for example, where one symmetric key protects the > entire contents... you can't reveal+prove selected parts. It > shouldn't be for ordinary OpenPGP uses. Are you afraid that > your randomness source has been compromised, such that other > session keys could be deduced? If so, you have a serious problem. -- Derek Atkins, SB '93 MIT EE, SM '95 MIT Media Laboratory Member, MIT Student Information Processing Board (SIPB) URL: http://web.mit.edu/warlord/ PP-ASEL-IA N1NWH warlord@MIT.EDU PGP key available
- re: separation of signed and encrypted messages vedaal
- Re: separation of signed and encrypted messages Michael Young
- Re: separation of signed and encrypted messages Derek Atkins
- Re: separation of signed and encrypted messages vedaal
- Re: separation of signed and encrypted messages Michael Young
- Re: separation of signed and encrypted messages vedaal
- Re: separation of signed and encrypted messages Matthew Byng-Maddick
- Re: separation of signed and encrypted messages Florian Weimer
- Re: separation of signed and encrypted messages Werner Koch
- Re: separation of signed and encrypted messages Florian Weimer