On 20/08/15 17:01, Peter Lebbing wrote: > Most importantly, it's generally advised not to do encryption and > signing with the same key material.
This is just a general recommendation, and abusing the fact a key is used for both encryption and signatures is an intricate matter. But since OpenPGP supports subkeys, the matter is easily avoided completely by using a separate subkey for encryption, so it's a good idea to do so. But it suddenly dawned on me you might have an actual issue when you assign both Sign and Authenticate capabilities to a key! Authentication is pretty much proving that you can sign what the server sends you. It might be the case that these signatures can actually pass for data signatures or key certifications! I don't think RFC 4880 says anything about authentication (except when used to refer to data signatures and key certifications). Checking the OpenPGP Card Specification 3.0, it would seem that the key in the Authenticate command can indeed issue signatures, since the PKCS#1 padding is identical to the Sign command, and there is no check on the signed data. It seems like a genuinely bad idea to assign Authenticate capability to a key that has Certify or Sign set. Even if GnuPG or GPG-Agent does checks to catch abuse, it's just asking for trouble that is easily avoided, in my opinion. HTH, Peter. -- I use the GNU Privacy Guard (GnuPG) in combination with Enigmail. You can send me encrypted mail if you want some privacy. My key is available at <http://digitalbrains.com/2012/openpgp-key-peter> _______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
