Sean Rima <sean () srima wrote on Date: 2010-01-17 17:23:31 :
>A friend on the pgpnet mailing list is using a hushmail.com gpg
key >but when I import it, I get
>gpg: key C4E23A82: public key ""-...@hushmail.com"
<jefal...@hushmail.com>"
>imported
>gpg: Total number processed: 1
>gpg: imported: 1 (RSA: 1)
...
:public sub key packet:
version 4, algo 2, created 1262830846, expires 0
unknown algorithm 2
-----
the above listed public subkey packet is the encryption key
i imported it directly from hushmail
(https://www.hushtools.com/hushtools2/index.php
click on 'key management'
then enter the hushmail email address and retrieve the key )
and encrypted to it without any problem.
caveat:
it is not a great idea to use hushmail keys for open pgp encryption
or authentication
(1) the keys are not updated, and can't be for the same email
address,
so, for example, i've been with hushmail since it started, and my
key is a 1024 bit key and signs with SHA-1
(to be fair, i imagine that whenever this becomes a 'real' threat,
hushmail will allow for modifications/new keys)
(2) the hushmail user probably will not be able to decrypt a gnupg
encrypted message in hushmail if the encryption algorithm chosen
isn't currently being used by hushmail, which, depending on how old
the key is, may not be the encryption algorithm listed on the key,
and if the hushmail user uses gnupg (preferable ;-) ), then he/she
would be better off generating a new key in gnupg, and just leave
the hushmail key for hushmail users
(i use my hushmail key only for hushmail/hushtools)
vedaal
_______________________________________________
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users
