On Tuesday 11 May 2010 23:02:18 markus reichelt wrote: > * Joke de Buhr <[email protected]> wrote: > > I'm not quiet sure but shouldn't gnupg encrypt to both (all > > not-revoked) encryption keys in this case? This way the user could > > decrypt the encrypted message (email) regardless what encryption > > keys secrets are available at the current location. > > Nope. More to the point, think about people having both private UID > and business UID on the same key - the way you describe it could mix > things up badly.
Gnupg always choosing the last created encryption subkey doesn't prevent any kind of mix-up if a key has a private UID and a business UID. There is no connection between UID and the chosen subkey. There isn't a way of specifing UID_0 (business) use encryption subkey_1 and UID_1 (private) use encryption subkey_0. At least no way I know about. A user with two encryption keys will always get messages encrypted to the latest subkey regardless of specifying the business UID or private UID as recipient unless the sender explicitly selected a particular subkey for encryption. > (I guess you know how to tell people to use a specific subkey) Telling people which key to use doesn't solve the problem. Think about me switching places between two computers. Each computer got only one of the two encryption secret keys. So if one computer gets compromised I only loose that specific encryption secret key which can then be revoked from the primary key. PC_0 has the secret key to encryption subkey_0 and PC_1 has the secret key to encryption subkey_1. If I tell people to use subkey_0 I won't be able to decrypt the message if I'm working on PC_1. If I'm working on PC_0 I can't decrypt the message if the users used subkey_1 for encryption. Since people don't know where I might receive mails I most certainly will get messages which are intended to be read by the owner of the primary key in over words me but since I don't have the correct public key the sender specified I can't read the message until I switch computers again. On the other hand if a user doesn't specify particular subkey which is certain if he uses a default mailing program gnupg will always pick the last subkey so if I'm currently working on PC_0 (subkey_0) I can't decrypt the message at all.
signature.asc
Description: This is a digitally signed message part.
_______________________________________________ Gnupg-users mailing list [email protected] http://lists.gnupg.org/mailman/listinfo/gnupg-users
