David Shaw on Sun, 16 Feb 2003 15:10:35 -0500 |
On Sun, Feb 16, 2003 at 11:43:09AM -0500, gabriel rosenkoetter wrote: > On Sun, Feb 16, 2003 at 08:33:51AM -0500, David Shaw wrote: > > On Fri, Feb 14, 2003 at 07:01:19PM -0500, gabriel rosenkoetter wrote: > > > This happens to be true for the exact format of PKI that OpenPGP > > > uses, but it's not generally true (not even generally true of PKI > > > systems). > > Not true for OpenPGP either. You can have a different passphrase on > > your signing (sub)key than on your encryption (sub)key, even if they > > are the same "key" overall. > > For RSA keys too? That makes sense to me in DSA (where, in fact, > you're using a different algorithm to sign than you are to encipher), > but I didn't think you could split RSA that way... For RSA keys too. What PGP calls an "RSA key" is actually two RSA keys as signing and encryption keys just like the DSA/Elgamal keys. The old PGP 2.x keys (aka "Legacy RSA") are single keys. You can have different combinations (RSA signing key + Elgamal subkey, DSA signing key, RSA subkey, etc), but they aren't that common. David -- David Shaw | dshaw@jabberwocky.com | WWW http://www.jabberwocky.com/ +---------------------------------------------------------------------------+ "There are two major products that come out of Berkeley: LSD and UNIX. We don't believe this to be a coincidence." - Jeremy S. Anderson _________________________________________________________________________ Philadelphia Linux Users Group -- http://www.phillylinux.org Announcements - http://lists.netisland.net/mailman/listinfo/plug-announce General Discussion -- http://lists.netisland.net/mailman/listinfo/plug
|
|