On 21/01/16 13:34, Lachlan Gunn wrote: > Then you rotate to the new key with little or no data loss because all of > the session keys are logged. You can generate the key on-chip so that it is > unable to ever leave the smartcard, which is obviously desirable from a > security point of view.
I don't understand, what are the session keys encrypted with? I thought they were encrypted to the original smartcard subkey, which is dead. With two smartcards, you might be able to get by if you get all your correspondents to use the new subkey before the second smartcard dies. It seems much less of a problem, though, because you could ask them explicitly to re-encrypt if they encrypt to the old key. That construction would have it merits, but it seems complex. Complex things in crypto are best treated carefully. Or dismissed. All functionality introduces new places to make mistakes and kill security. > I was suggesting that rather than having one big encrypted file with all the > session keys, you public-key reencrypt each one as you decrypt it and then > add it to the log. Ah! Okay. I'm still not sure what you mean by re-encrypting; it seems you could just add the OpenPGP Public-Key Encrypted Session Key packet (along with an identifier to find it again on use). > Putting the entire log under the same symmetric key is problematic because > then you need to decrypt it every time you receive a message. That depends on the cipher mode; appending might be cheap. But this is academical; your construction seems better. Also, this means you can append to the log as soon as you see a message, rather then the first time the user decrypts it. That does, however, introduce the problem that you can't verify the correctness of the packet, meaning you just created a free append-only datastore for everyone to use since they can just send you data disguised as a packet encrypted to your key :). So I think that's not such a good idea after all. HTH, Peter. -- I use the GNU Privacy Guard (GnuPG) in combination with Enigmail. You can send me encrypted mail if you want some privacy. My key is available at <http://digitalbrains.com/2012/openpgp-key-peter> _______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
