Il 01/06/2014 16:17, Hauke Laging ha scritto: > There are certain risks using the same RSA key for encryption and > signing. If you make a blind signature over data someone supplied then > you unintentionally decrypt the data (and send it back). Then you're using RSA the wrong way. You should *never* apply RSA directly. Padding is important and *must* be checked during process. Decryption and signature are the same RSA op, but use a different padding so you can tell which op got applied.
> 2) If a signature key has expired then you may delete the private part. > You should usually never throw away a decryption key, though, as it can > happen that you have to decrypt data long after the public part has > expired. And that poses a big problem for everyone that would like to use a smartcard for decryption... BYtE, Diego. _______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
