2005 OLS is this week!

Michael Halcrow mike at halcrow.us
Tue Jul 19 07:16:17 MDT 2005

On Mon, Jul 18, 2005 at 11:30:32PM -0600, Richard Esplin wrote:
> I've been thinking about the concept of encrypting information with
> multiple public keys.

RFC 2440 explains how OpenPGP does it; eCryptfs packets are patterned
after OpenPGP.

> It seems that to decrypt this information it would require the use
> the private keys paired with all the public keys used during
> encryption.

The bulk encryption is symmetric. The symmetric key (called a session
key) is encrypted via public-key encryption, which is an expensive
operation. When you have multiple recipients, the same session key is
encrypted multiple times, using multiple public keys. Only one
corresponding private key is requisite to recover the session key.

> I read about subkeys, but it appears from the documentation that
> subkeys are used mostly to allow revocation without losing trust
> signatures on the primary key.

Crypto theory states that the more data you encrypt with the same key,
the easier it is to perform cryptanalysis on that key. In GnuPG, the
subkeys encrypt the session keys for each file, and the primary keys
sign the subkeys. It makes sense, for example, to generate a 2048-bit
primary key and a 4096-bit subkey, and then after a few months of
usage, revoking the subkey and regenerating it. You keep your
web-of-trust via your primary key (which is used minimally) and you
help fight cryptanalysis by limiting the quantity of data encrypted by
any one key.

Of course, if someone wanted your key that bad and had anywhere near
the financial resources to successfully cryptanalyze your keys, he
would probably just install a keylogger on your box instead.

> Can a primary key decrypt items encrypted with a subkey?


                         Michael A. Halcrow                          
       Security Software Engineer, IBM Linux Technology Center       
GnuPG Fingerprint: 419C 5B1E 948A FA73 A54C  20F5 DB40 8531 6DCA 8769

"We live, thank God, in a secular society."                          
 - Joseph Campbell 
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 481 bytes
Desc: Digital signature
Url : http://plug.org/pipermail/plug/attachments/20050719/8b82a3c8/attachment.bin 

More information about the PLUG mailing list