Discussion:
Does Double Signing an E-mail Compromise PGP?
(too old to reply)
Anonymous
2013-06-24 16:54:58 UTC
Permalink
I'm using PGP 6.5.8 w/Windows

I used to encrypt e-mails simply by selecting a person's key from the
Key Selection Dialog window, then selecting OK, which opens a window
that asks which key I would like to encrypt the msg with. I would then
select my own key. The problem with this method is that if I forgot to
save an unencrypted version of the email, I could not open the saved
PGP version because it took the recipient's key to do so. Now, someone
has shown me that when in step one of selecting the other person's key
to encrypt the e-mail with in the Key Selection Dialog window, if I
also select my own key and encrypt the PGP message with both, I will
be able to open it at a later time. My question is does this
compromise the security of my message beyond the point of having two
keys and not only one which will open the message?
David W. Hodgins
2013-06-24 23:32:29 UTC
Permalink
Post by Anonymous
to encrypt the e-mail with in the Key Selection Dialog window, if I
also select my own key and encrypt the PGP message with both, I will
be able to open it at a later time. My question is does this
compromise the security of my message beyond the point of having two
keys and not only one which will open the message?
Nope. PGP generates a large random key, and uses symmetric encryption
to encrypt the message. The only known attack for that is brute force.

The generated key is then encrypted using asymmetric encryption, using
each of the public keys of the recipients, so there will be multiple
copies of the key. As the only known attacks for the asymmetric are
brute force and factoring, having multiple copies, each encrypted with
a different public key, does not help the attacker.

See http://www.rossde.com/PGP/index.html for a lot more info.

Regards, Dave Hodgins
--
Change nomail.afraid.org to ody.ca to reply by email.
(nomail.afraid.org has been set up specifically for
use in usenet. Feel free to use it yourself.)
David E. Ross
2013-06-25 00:40:53 UTC
Permalink
Post by David W. Hodgins
Post by Anonymous
to encrypt the e-mail with in the Key Selection Dialog window, if I
also select my own key and encrypt the PGP message with both, I will
be able to open it at a later time. My question is does this
compromise the security of my message beyond the point of having two
keys and not only one which will open the message?
Nope. PGP generates a large random key, and uses symmetric encryption
to encrypt the message. The only known attack for that is brute force.
The generated key is then encrypted using asymmetric encryption, using
each of the public keys of the recipients, so there will be multiple
copies of the key. As the only known attacks for the asymmetric are
brute force and factoring, having multiple copies, each encrypted with
a different public key, does not help the attacker.
See http://www.rossde.com/PGP/index.html for a lot more info.
Regards, Dave Hodgins
Thank you, Hodgins, for citing my work.

The answer for Anonymous can be seen at my
<http://www.rossde.com/PGP/pgp_encrypt.html#combine>, which describes
(including a diagram) what happens when a single message is encrypted to
two different public keys.
--
David E. Ross
<http://www.rossde.com/>

Concerned about someone (e.g., the government)
snooping into your E-mail? Use PGP.
See my <http://www.rossde.com/PGP/>
Anonymous
2013-06-25 02:16:44 UTC
Permalink
Post by David E. Ross
Post by David W. Hodgins
Post by Anonymous
to encrypt the e-mail with in the Key Selection Dialog window, if I
also select my own key and encrypt the PGP message with both, I will
be able to open it at a later time. My question is does this
compromise the security of my message beyond the point of having two
keys and not only one which will open the message?
Nope. PGP generates a large random key, and uses symmetric encryption
to encrypt the message. The only known attack for that is brute force.
The generated key is then encrypted using asymmetric encryption, using
each of the public keys of the recipients, so there will be multiple
copies of the key. As the only known attacks for the asymmetric are
brute force and factoring, having multiple copies, each encrypted with
a different public key, does not help the attacker.
See http://www.rossde.com/PGP/index.html for a lot more info.
Regards, Dave Hodgins
Thank you, Hodgins, for citing my work.
The answer for Anonymous can be seen at my
<http://www.rossde.com/PGP/pgp_encrypt.html#combine>, which describes
(including a diagram) what happens when a single message is encrypted to
two different public keys.
--
David E. Ross
<http://www.rossde.com/>
Concerned about someone (e.g., the government)
snooping into your E-mail? Use PGP.
See my <http://www.rossde.com/PGP/>
Good pages with good info. Just what I needed.

Thanks to both of you. :o)
Anonymous
2013-06-25 02:16:44 UTC
Permalink
Post by David W. Hodgins
Post by Anonymous
to encrypt the e-mail with in the Key Selection Dialog window, if I
also select my own key and encrypt the PGP message with both, I will
be able to open it at a later time. My question is does this
compromise the security of my message beyond the point of having two
keys and not only one which will open the message?
Nope. PGP generates a large random key, and uses symmetric encryption
to encrypt the message. The only known attack for that is brute force.
The generated key is then encrypted using asymmetric encryption, using
each of the public keys of the recipients, so there will be multiple
copies of the key. As the only known attacks for the asymmetric are
brute force and factoring, having multiple copies, each encrypted with
a different public key, does not help the attacker.
See http://www.rossde.com/PGP/index.html for a lot more info.
Regards, Dave Hodgins
--
Change nomail.afraid.org to ody.ca to reply by email.
(nomail.afraid.org has been set up specifically for
use in usenet. Feel free to use it yourself.)
That's what I needed.

Thanks much!

Loading...