Mailing List Archive: GnuPG: users

Encryption keys in the OpenPGP spec

Index | Next | Previous | View Threaded

jh at jameshoward

Jul 26, 2009, 6:40 PM

Post #1 of 5 (771 views)
Permalink

Encryption keys in the OpenPGP spec

I am trying to understand the differences in key types and looking at
encryption keys in particular. RFC 4880 has this to say on the matter
of key flags:

0x04 - This key may be used to encrypt communications.

0x08 - This key may be used to encrypt storage.

So, my first question is why is there a distinction between the two
types of encryption?

Also, looking in GnuPG 1.4.9, I see this in g10/keygen.c:

if (use & PUBKEY_USAGE_ENC)
buf[0] |= 0x04 | 0x08;

Which suggests, quite strongly, that the distinction is irrelevant. Why
GnuPG ignore the different encryption key types?

Thank you, James

--
James P. Howard, II, MPA
jh [at] jameshoward

Attachments:

signature.asc (0.16 KB)

dshaw at jabberwocky

Jul 26, 2009, 8:09 PM

Post #2 of 5 (730 views)
Permalink

Re: Encryption keys in the OpenPGP spec [In reply to]

On Jul 26, 2009, at 9:40 PM, James P. Howard, II wrote:

> I am trying to understand the differences in key types and looking at
> encryption keys in particular. RFC 4880 has this to say on the matter
> of key flags:
>
> 0x04 - This key may be used to encrypt communications.
>
> 0x08 - This key may be used to encrypt storage.
>
> So, my first question is why is there a distinction between the two
> types of encryption?
>
> Also, looking in GnuPG 1.4.9, I see this in g10/keygen.c:
>
> if (use & PUBKEY_USAGE_ENC)
> buf[0] |= 0x04 | 0x08;
>
> Which suggests, quite strongly, that the distinction is irrelevant.
> Why
> GnuPG ignore the different encryption key types?

Because it is difficult (or nearly impossible) to determine the
difference from the perspective of GnuPG. That is, I as a person know
what I'm encrypting and what I plan on doing with it, but GnuPG just
sees bits. As a general-purpose OpenPGP tool, GnuPG pretty much needs
to treat both communications and storage as the same thing. Other
tools for more specific environments may "know" what their usage is
and can treat this differently.

This is expected behavior - the OpenPGP standard even mentions it:

Note however, that it is a thorny issue to
determine what is "communications" and what is "storage". This
decision is left wholly up to the implementation; the authors of
this
document do not claim any special wisdom on the issue and realize
that accepted opinion may change.

David

_______________________________________________
Gnupg-users mailing list
Gnupg-users [at] gnupg
http://lists.gnupg.org/mailman/listinfo/gnupg-users

rjh at sixdemonbag

Jul 26, 2009, 8:20 PM

Post #3 of 5 (719 views)
Permalink

Re: Encryption keys in the OpenPGP spec [In reply to]

> So, my first question is why is there a distinction between the two
> types of encryption?

It is conceivable there may exist some highly niche areas which need
the ability to definitively say, "this encryption key may only be used
for this purpose, and that encryption key may only be used for that
purpose." The spec allows these users to make those sorts of
statements.

> Which suggests, quite strongly, that the distinction is irrelevant.
> Why
> GnuPG ignore the different encryption key types?

It doesn't suggest the distinction is irrelevant -- only that GnuPG
doesn't enforce a distinction. The spec requires some behavior, and
other behavior is left up to implementors to decide whether, and how,
to implement it.

For users who need the sorts of guarantees mentioned in my first para,
they need to use a different product than GnuPG. That's not a bad
thing: different software packages are aimed at different groups of
users.

_______________________________________________
Gnupg-users mailing list
Gnupg-users [at] gnupg
http://lists.gnupg.org/mailman/listinfo/gnupg-users

jh at jameshoward

Jul 27, 2009, 8:15 AM

Post #4 of 5 (722 views)
Permalink

Re: Encryption keys in the OpenPGP spec [In reply to]

On Sun Jul 26 2009 23:09:18 GMT-0400 (EST) , David Shaw
<dshaw [at] jabberwocky> wrote:

> Because it is difficult (or nearly impossible) to determine the
> difference from the perspective of GnuPG. That is, I as a person
> know what I'm encrypting and what I plan on doing with it, but GnuPG
> just sees bits. As a general-purpose OpenPGP tool, GnuPG pretty much
> needs to treat both communications and storage as the same thing.
> Other tools for more specific environments may "know" what their
> usage is and can treat this differently.
>
> This is expected behavior - the OpenPGP standard even mentions it:
>
> Note however, that it is a thorny issue to determine what is
> "communications" and what is "storage". This decision is left wholly
> up to the implementation; the authors of this document do not claim
> any special wisdom on the issue and realize that accepted opinion may
> change.

I noticed this, too. But since I also do not claim any special wisdom
on the issue, I was hoping someone would. Since we all seem to agree
that communication and storage is difficult to distinguish, can someone
suggest why different keys may be desired in different circumstances?

James

--
James P. Howard, II, MPA
jh [at] jameshoward

Attachments:

signature.asc (0.16 KB)

dshaw at jabberwocky

Jul 27, 2009, 8:35 AM

Post #5 of 5 (712 views)
Permalink

Re: Encryption keys in the OpenPGP spec [In reply to]

On Jul 27, 2009, at 11:15 AM, James P. Howard, II wrote:

> On Sun Jul 26 2009 23:09:18 GMT-0400 (EST) , David Shaw
> <dshaw [at] jabberwocky> wrote:
>
>> Because it is difficult (or nearly impossible) to determine the
>> difference from the perspective of GnuPG. That is, I as a person
>> know what I'm encrypting and what I plan on doing with it, but GnuPG
>> just sees bits. As a general-purpose OpenPGP tool, GnuPG pretty much
>> needs to treat both communications and storage as the same thing.
>> Other tools for more specific environments may "know" what their
>> usage is and can treat this differently.
>>
>> This is expected behavior - the OpenPGP standard even mentions it:
>>
>> Note however, that it is a thorny issue to determine what is
>> "communications" and what is "storage". This decision is left wholly
>> up to the implementation; the authors of this document do not claim
>> any special wisdom on the issue and realize that accepted opinion may
>> change.
>
> I noticed this, too. But since I also do not claim any special wisdom
> on the issue, I was hoping someone would. Since we all seem to agree
> that communication and storage is difficult to distinguish, can
> someone
> suggest why different keys may be desired in different circumstances?

As one of the authors of the document, I have already disclaimed any
special wisdom ;)

A contrived example: say you are in an environment where you do both
email (communications) and archiving data (storage). You make a new
email (i.e. communications) subkey every year or so because you take
that key with you and want to make sure any exposure is limited. You
only make a new archiving (i.e. storage) subkey every 10 years because
of the inconvenience. Given those two use cases, you'd want the
ability to differentiate.

A better answer is that the ability is there in the standard as a tool
in the toolbox. Whether the need to differentiate comes for legal
reasons (long-term storage needing a particular key type or size as
per regulation), or for convenience (as in my example), or for some
other reason altogether doesn't matter. The ability is in the
standard in case someone wants to make use of it.

David

_______________________________________________
Gnupg-users mailing list
Gnupg-users [at] gnupg
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Index | Next | Previous | View Threaded

Interested in having your list archived? Contact Gossamer Threads