[Pkg-gnupg-maint] Bug#514623: Cannot use revoked subkeys for decription using a smart card
Enrico Zini
enrico at debian.org
Mon Feb 9 23:04:54 UTC 2009
On Mon, Feb 09, 2009 at 05:17:01PM +0100, Kai Wasserbäch wrote:
> I'd expect GnuPG to behave like this. For me the revocation singals that I've
> lost control over the secret key and therefore any access should be blocked - if
> possible. But that's just my singular opinion and possibly the wrong way to see it.
Try to revoke a key with gnupg, and read the list of reasons for
revocation. Here's a simple use case for revocation without
compromission: I revoke a 1024b subkey because I've switched to a 4096b
subkey.
But even if the subkey, or the key, has been compromised: sure enough,
it shouldn't be used for signing. But we are talking about
*decryption*!
Why shouldn't I be allowed to use it to read my own old encrypted data,
maybe (here's another quite legitimate use case) in order to reencrypt
it using the new key?
Ciao,
Enrico
--
GPG key: 1024D/797EBFAB 2000-12-05 Enrico Zini <enrico at debian.org>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 835 bytes
Desc: Digital signature
Url : http://lists.alioth.debian.org/pipermail/pkg-gnupg-maint/attachments/20090209/fe595b90/attachment.pgp
More information about the Pkg-gnupg-maint
mailing list