[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: mail client implementations problem? bcc and encrypting to multiple recipients



Hal,

At 02:07 PM 22/08/2000 -0700, Hal wrote:

>Erron Criddle writes:
> > As far as I'm concerned the Key ID is a complete waste of time unless a
> > lookup is being made on a server that is automatically decrypting each
> > message. This is OK here because you can configure the database to store
> > the Key ID and that makes lookups easier (if there are no duplicate Key
> > ID's).
>
>I am confused about whether you are talking about decryption or
>encryption.

Decryption.

>   The OpenPGP message formats only allow for using keyids to
>indicate which key should decrypt.

Yes, I know.

>   If you are decrypting, isn't looking up by keyid the only possibility?

If you're not using speculative Key ID's and you're talking about sigs, yes.

>   There is no userid to tell you which key to decrypt with.

Yes; if the headers have been stripped from the email message - no; if 
they're not :)

> > From my understanding of the Public and Private Keyring structures,
> > you can only have a Key ID for the highest level key (self sig.) and 
> cannot
> > store the Key ID's for the subkeys.
>
>No, subkeys can have keyids too.  A PKESK packet should use the keyid of
>the specific subkey which can decrypt it.

OK, here is where I am confused. For example, a tag 14 (Public Subkey 
Packet) hasn't the facility to store the Key ID and from reading the tag 2 
(signature packet), you cannot store the key ID's there either - either 
within the sig. packet or a subpacket of the signature. Where exactly do 
you store the Key ID of an encryption subkey...I am totally bamboozled!

> > For our client software, we are not doing lookups via the Key ID (as it
> > isn't stored in the public/private keyrings), however the server version
> > will support lookups via Key ID's.
> >
> > We have found it better just to do lookups via the User ID - at least you
> > can store that within the private /public keyring structures.
> >
> > If anyone can tell me otherwise regarding the storage of Signing and
> > Encryption Key ID's within the private/public keyrings, it would be great.
>
>If you are talking about decryption, I don't see how you do it.

The type of software we are implementing will allow us to do this.

>   And what about signature verification?  Again in that case the OpenPGP 
> message
>only has the signing keyid.  Don't you have to do a lookup by keyid to
>verify the sig?

Sorry, I didn't clarify enough - when I refer to using User ID's, I am 
referring to decryption, not verification. The signature Key ID's can be 
looked up via the self sig.

However, once again, I am still baffled as to where the Key ID is stored 
for an encryption subkey :) I have looked at the tag 2 packet (sig) and I 
can only see that you can store a Key ID in a signature subpacket for a 
signing key - but what is the subpacket type to use for a Key ID? Has a new 
one been created? Can we create one for Key ID?

Regards


Erron Criddle
Comasp Ltd.
Level 2, 45 Stirling Hwy
NEDLANDS  WA  6009
Australia

Fax: 08 9386 9473
Tel: 08 9386 9534

http://www.comasp.com
ejc@comasp.com