> I believe a public key can be associated with more than one PGP private key
I don't know PGP at all but for basic asymmetrical or public/private key encryption, the public and private keys are basically one to one with each other. You generate a pair, both halves at once. Although I guess it is not provable that no two public keys have the same private key, that situation is hopefully unlikely. Charles -----Original Message----- From: IBM Mainframe Discussion List [mailto:IBM-MAIN@LISTSERV.UA.EDU] On Behalf Of CM Poncelet Sent: Friday, August 23, 2019 8:01 AM To: IBM-MAIN@LISTSERV.UA.EDU Subject: Re: vendor distributes their private key The vendor can revoke his private/public key, generate a new private/public key pair and - hopefully this time - publish only the public key. BTW I believe a public key can be associated with more than one PGP private key, although doing so would still not explain the vendor's publishing a private key that could decrypt his public key encrypted data - regardless of how many other private keys could do so too. Just my ha'penny. Chris Poncelet (retired sysprog) On 22/08/2019 20:41, Paul Gilmartin wrote: > On Thu, 22 Aug 2019 14:13:58 -0500, Joel M Ivey wrote: > >> Thanks all for the response. I'm glad I wasn't missing something. I will >> discuss further with the vendor, hoping they will recognize the risks. >> > How can the vendor recover from this without causing great > disruption, even an indefinite time in the future, to existing > customers who are rely on the improperly distributed private key? > > -- gil > > ---------------------------------------------------------------------- > For IBM-MAIN subscribe / signoff / archive access instructions, > send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN > . > ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN
