On 05/09/18 11:27, Fiedler Roman wrote: > Sorry, but you are completely off here.
If there are six people I am actually interested in, and I know all their public keys, checking if one of them signed a message with a hypothetical "throw-keyid" takes me at most six trial verifications, using their public keys in turn. Now when you say that you could find the signer by brute-forcing "all keys in the 2^2048 key space", that seems to miss a vital step. Let's suppose you did this massive brute force, the universe still exists, and you found that the RSA key with keygrip 8FE036329129F568D5B58A88F6F8580A064E4887 has signed the message. Back to your goal. Who signed the message? You don't know. You know what the RSA modulus of the key of this person is, but you don't know their identity, because your brute-force search did not produce an identity, it produced an RSA modulus and exponent. So: to know who signed a message, you need their public key. So to check a random signature without identification, you try all the public keys you have at your disposal (perhaps ignoring the ones you know are uninteresting). So your search space is your collection of public keys. HTH, Peter. -- I use the GNU Privacy Guard (GnuPG) in combination with Enigmail. You can send me encrypted mail if you want some privacy. My key is available at <http://digitalbrains.com/2012/openpgp-key-peter>
signature.asc
Description: OpenPGP digital signature
_______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users