[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Valid OpenPGP keys without self-signature?



On Monday 22 December 2003 11:38, aboietf@xxxxxxxxxxxxxxx wrote:
> The German company "Robert Bosch GmbH" introduced a PKI on the basis
> of a product called "Secure e-mail iT_SEC_outlook". This product uses
> old-style V3 RSA keys that are created by the "trust center" of
> the company for every user and are signed on creation by the trust
> center key. The unusual aspect now is that only the "trust center key"
> has a self-signature. All normal user keys have no self-signature but
> only the trust center signature on them.
[...]
> (1) Are such keys a security problem?

The key material in itself should be pretty secure. The signature also should 
be ok, as long as it stays valid.

I personally would not use V3-keys for another reason: you can change the 
creation date of the key without changing the keyID and fingerprint. This 
means you can easily invalidate the signature without changing the main 
identifiers of the key (key material, keyID, fingerprint). It can be very 
annoying to try to verify a key that seemingly is the correct one, but has 
been altered enough to make the signature invalid(*). V4 keys change their ID 
and fingerprint whenever you change ANY bit in the public part of the key.

(*)Assuming that PGP2.x does verify the creation date of the key versus the 
creation date of the signature. This is the only part that invalidates the 
signature.


	Konrad

Attachment: pgpnHclMQhxLk.pgp
Description: signature