[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: mail client implementations problem? bcc and encrypting to multiple recipients
At 02:07 PM 22/08/2000 -0700, Hal wrote:
>Erron Criddle writes:
> > As far as I'm concerned the Key ID is a complete waste of time unless a
> > lookup is being made on a server that is automatically decrypting each
> > message. This is OK here because you can configure the database to store
> > the Key ID and that makes lookups easier (if there are no duplicate Key
> > ID's).
>I am confused about whether you are talking about decryption or
> The OpenPGP message formats only allow for using keyids to
>indicate which key should decrypt.
Yes, I know.
> If you are decrypting, isn't looking up by keyid the only possibility?
If you're not using speculative Key ID's and you're talking about sigs, yes.
> There is no userid to tell you which key to decrypt with.
Yes; if the headers have been stripped from the email message - no; if
they're not :)
> > From my understanding of the Public and Private Keyring structures,
> > you can only have a Key ID for the highest level key (self sig.) and
> > store the Key ID's for the subkeys.
>No, subkeys can have keyids too. A PKESK packet should use the keyid of
>the specific subkey which can decrypt it.
OK, here is where I am confused. For example, a tag 14 (Public Subkey
Packet) hasn't the facility to store the Key ID and from reading the tag 2
(signature packet), you cannot store the key ID's there either - either
within the sig. packet or a subpacket of the signature. Where exactly do
you store the Key ID of an encryption subkey...I am totally bamboozled!
> > For our client software, we are not doing lookups via the Key ID (as it
> > isn't stored in the public/private keyrings), however the server version
> > will support lookups via Key ID's.
> > We have found it better just to do lookups via the User ID - at least you
> > can store that within the private /public keyring structures.
> > If anyone can tell me otherwise regarding the storage of Signing and
> > Encryption Key ID's within the private/public keyrings, it would be great.
>If you are talking about decryption, I don't see how you do it.
The type of software we are implementing will allow us to do this.
> And what about signature verification? Again in that case the OpenPGP
>only has the signing keyid. Don't you have to do a lookup by keyid to
>verify the sig?
Sorry, I didn't clarify enough - when I refer to using User ID's, I am
referring to decryption, not verification. The signature Key ID's can be
looked up via the self sig.
However, once again, I am still baffled as to where the Key ID is stored
for an encryption subkey :) I have looked at the tag 2 packet (sig) and I
can only see that you can store a Key ID in a signature subpacket for a
signing key - but what is the subpacket type to use for a Key ID? Has a new
one been created? Can we create one for Key ID?
Level 2, 45 Stirling Hwy
NEDLANDS WA 6009
Fax: 08 9386 9473
Tel: 08 9386 9534