diff options
| author | Justus Winter <justus@sequoia-pgp.org> | 2020-12-14 16:37:33 +0100 |
|---|---|---|
| committer | Justus Winter <justus@sequoia-pgp.org> | 2020-12-14 16:37:33 +0100 |
| commit | 8c50ba96a5434aeefbf44e0d034072dfc6669521 (patch) | |
| tree | 7c6a5d31c22dac12fa97c4545de873a3605c7b2e /openpgp/src/types | |
| parent | 7e57122f0bd6db27c6e2f0c7deac1333256e5146 (diff) | |
openpgp: Change general purpose keys to have a signing subkey.
- Certificates with a primary key that is not signing capable, and a
subkey that is, are strictly more secure than ones that combine
signing and certification capabilities in the primary key.
- If the owner of a certificate with a signing-capable primary key
can be tricked into creating a binary signature over carefully
chosen attacker-controlled data, this signature can be repurposed
to bind arbitrary attacker-controlled components to the
certificate using a chosen-prefix collision attack on the hash
function (see e.g. "SHA-1 is a Shambles" for a similar attack).
- Having a separate signing-subkey mitigates the attack, because
signatures by the signing subkey cannot bind components to the
certificate.
Diffstat (limited to 'openpgp/src/types')
0 files changed, 0 insertions, 0 deletions