Andrew Gallagher wrote: > On 21/04/2020 11:40, Romain Lebrun Thauront via Gnupg-users wrote: > > I'm using a web mailer called ProtonMail which offer in-browser > > cryptography. For that I have to upload some encrypted secret key with > > signing and encrypting capabilities to their servers. But their software > > wont accept that I upload only the "secret subkeys" keys, without the > > "secret master key" key. > > This is a potentially interesting hack. I don't see any reason in > principle why you can't construct such a key, since the mathematics of > keys and subkeys is identical. > > But there is a big wrinkle coming, and that is how such a mangled key > would be understood in practice. If someone were to send you a mail > encrypted to your "real" key, would Protonmail understand that it has > the correct key material available to decrypt it? After all, the "fake" > key that Protonmail knows would have a different (primary) fingerprint > from the one your correspondent used to encrypt. It might be possible > IFF protonmail tests only the fingerprint of the encryption subkey and > ignores that of the primary, but that would be an implementation detail. > > If you do get it to work though, I would be very interested in your > method. :-)
I have just checked my pub key, I created there a month ago, for testing purposes, of this account. What would happen if one creates a master key with only signing capabilities and no certification capablities? And then create a second key pair with the proper master key and try to combine those with what skeeto once mentioned with his pgp key-poisoner, i.e. that it is possible to bind sub keys to someone elses pub key? Because Protomail only uses the encryption sub key, with a different fingerprint it should not matter, right? I see there no problem if the submitted Master key there has a different fingerprint and only signing capabilities. Maybe worth a try. Regards Stefan -- Signal (Desktop) +4915172173279 https://keybase.io/stefan_claas _______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
