Am So 01.06.2014, 21:12:49 schrieb Suspekt: > > There are certain risks using the same RSA key for encryption and > > signing. If you make a blind signature over data someone supplied > > then you unintentionally decrypt the data (and send it back). > > I don't get it. Decrypting data by signing it?
http://en.wikipedia.org/wiki/Blind_signature#Dangers_of_blind_signing I just remembered that and didn't read it again before mentioning it. It seems I have misunderstood it so that this is not a real-world problem (as NdK pointed out). > Thats a good point! Also it will be interesting to explain the judge > the details of PGP, main keys and subkeys ;) > Probably we have to get an expert from the CCC for that I don't see any legal approach in Germany to force somebody to give his decryption key to the police. Don't forget that the police would not even need the decryption key to decrypt a certain message. You can give them the session key for this message. Hauke -- Crypto für alle: http://www.openpgp-schulungen.de/fuer/unterstuetzer/ http://userbase.kde.org/Concepts/OpenPGP_Help_Spread OpenPGP: 7D82 FB9F D25A 2CE4 5241 6C37 BF4B 8EEF 1A57 1DF5
signature.asc
Description: This is a digitally signed message part.
_______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
