-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 David Shaw wrote: > On Sat, Nov 05, 2005 at 04:39:40PM +1030, Alphax wrote: > >>David Shaw wrote: >> >>>On Fri, Nov 04, 2005 at 10:15:16PM +0300, Pawel Shajdo wrote: >>> >>> >>>>Salve! >>>>Can somebody explain me what is "back signatures"? >>>>Manual not very clear about this. >>> >>> >>>It's a countermeasure against an attack against signing subkeys. >>>Basically, the primary key signs all subkeys. With backsigs, the >>>signing subkey also signs the primary key. >>> >>>Without this, an attacker can "steal" a signing subkey from someone >>>else and try and pretend that a signature came from his own key. It's >>>not a particularly good attack: the attacker can't issue signatures to >>>prove his ownership. >>> >> >>Will this remove the possibility of moving subkeys from one primary key >>to another / converting primary keys to subkeys (documented at >>http://atom.smasher.org/gpg/gpg-migrate.txt)? > > > No, it's unrelated to that. It's a countermeasure against a (somewhat > weak) attack. It has nothing to do with various bit twiddling you can > do to your own key. >
So how /do/ they work (and how does one go about moving subkeys between keys)? - -- Alphax | /"\ Encrypted Email Preferred | \ / ASCII Ribbon Campaign OpenPGP key ID: 0xF874C613 | X Against HTML email & vCards http://tinyurl.com/cc9up | / \ -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.3 (MingW32) Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org iQEVAwUBQ29VrrMAAH8MeUlWAQiI1Af+IOP3LqxNddNc1tRxKo4BwNNm4MmiRQrC XnOkj+kpEzt7TnlvYhEWy4QUW/Kjv/7F0DvW/68lMNsSq+MV/dm89wFNiRpUV0e9 XR6qf6/jMkJEyafhT0fkfJoZBrNRhhgT6Gdgl6yvGZbK4JscMAi0CaWzVZOBryaL YNeaR+TKLhkleW6n4Q1nFodMeTZE7KgjzkyhcWvp3r6XB/mzQJ2R7EF+MD8C+P53 jmq9QQL0BAMq3F1Q6tunxHzdNknP9DUuS6pSWSVUUPZVkS/YCKX5LQFhE4txh4+E pC1v4IExoJD7Ec4hfRCIZ01S/W349uxpupL4zhPlpIXSuiwb9DXyfA== =lSYS -----END PGP SIGNATURE----- _______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
