Am 01.06.2014 21:26, schrieb Hauke Laging:
Am So 01.06.2014, 21:12:49 schrieb Suspekt:
There are certain risks using the same RSA key for encryption and
signing. If you make a blind signature over data someone supplied
then you unintentionally decrypt the data (and send it back).
I don't get it. Decrypting data by signing it?
http://en.wikipedia.org/wiki/Blind_signature#Dangers_of_blind_signing
I just remembered that and didn't read it again before mentioning it. It
seems I have misunderstood it so that this is not a real-world problem
(as NdK pointed out).
Glad to hear
Thats a good point! Also it will be interesting to explain the judge
the details of PGP, main keys and subkeys ;)
Probably we have to get an expert from the CCC for that
I don't see any legal approach in Germany to force somebody to give his
decryption key to the police. Don't forget that the police would not
even need the decryption key to decrypt a certain message. You can give
them the session key for this message.
Also, AFAIK, they can't put you into jail or fine you if you have
forgotten the according passwords and sometimes those passwords are
really hard to remember...
_______________________________________________
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users
