headers
J. G. Tag,Jr. | 5 Feb 2001 20:39
Picon
Favicon

Rijndael in PGP???

Hello.  Forgive the question, I don't know 
whom else to ask. 

Is there anyone doing work to incorporate Rijndael
into PGP, to replace Rijndael with TripleDES (DES-EDE) ???

Thanks. 

>>> Joe Tag 

________________________________________________________________
GET INTERNET ACCESS FROM JUNO!
Juno offers FREE or PREMIUM Internet access for less!
Join Juno today!  For your FREE software, visit:
http://dl.www.juno.com/get/tagj.
Permalink | Reply | 3 comments |
headers
Jon Callas | 6 Feb 2001 02:08
Gravatar

Re: Rijndael in PGP???

At 2:39 PM -0500 2/5/01, J. G. Tag,Jr. wrote:
>Hello.  Forgive the question, I don't know
>whom else to ask.
>
>Is there anyone doing work to incorporate Rijndael
>into PGP, to replace Rijndael with TripleDES (DES-EDE) ???
>

Yes, RFC 2440 already has specification in it for the AES, which is the
same thing as Rijndael.

	Jon
Permalink | Reply | 2 comments |
headers
Florian Weimer | 6 Feb 2001 18:22
Picon
Favicon

Re: Rijndael in PGP???

Jon Callas <jon <at> callas.org> writes:

> Yes, RFC 2440 already has specification in it for the AES, which is the
> same thing as Rijndael.

At the moment, AES and Rijndael are different things.  Of course, it's
unlikely that AES will become an entirely different algorithm, but
AFAIK, the official AES specification has not yet been released (so
changes in detail are still possible).

--

-- 
Florian Weimer 	                  Florian.Weimer <at> RUS.Uni-Stuttgart.DE
University of Stuttgart           http://cert.uni-stuttgart.de/
RUS-CERT                          +49-711-685-5973/fax +49-711-685-5898
Permalink | Reply | 1 comment |
headers
J. G. Tag,Jr. | 6 Feb 2001 22:05
Picon
Favicon

Re: Rijndael in PGP???

=== Feb. 6, 2001; 21:17 EST === 

Hello. I am interested in the subject, because 
I believe that both CAST-256 and Rijndael support
128 bit Plaintext/Ciphertext I/O, and 
because CAST was already incorporated into PGP 5.0+. 
I am on "the learning curve" and I apprecciate your
assistance.  Is there a "real development" effort 
being done to incorporate Rijndael into PGP? 
Let me know, please.  It's a project I may want 
to work on locally, in New Jersey, USA. 

Best regards. 

    Joe Tag,Jr. 

----- reply separator ----- 

On 06 Feb 2001 18:22:26 +0100 Florian Weimer
<Florian.Weimer <at> RUS.Uni-Stuttgart.DE> writes:
>Jon Callas <jon <at> callas.org> writes:
>
>> Yes, RFC 2440 already has specification in it for the AES, which is 
>the
>> same thing as Rijndael.
>
>At the moment, AES and Rijndael are different things.  Of course, it's
>unlikely that AES will become an entirely different algorithm, but
>AFAIK, the official AES specification has not yet been released (so
>changes in detail are still possible).
(Continue reading)

Permalink | Reply | 0 comments |
headers
hal | 7 Feb 2001 03:58

Re: Rijndael in PGP???

Yes, both the commercial version, PGP 7 from Network Associates, and
the free GPG (GNU Privacy Guard) already incorporate Rijndael.

Hal Finney

> Hello. I am interested in the subject, because 
> I believe that both CAST-256 and Rijndael support
> 128 bit Plaintext/Ciphertext I/O, and 
> because CAST was already incorporated into PGP 5.0+. 
> I am on "the learning curve" and I apprecciate your
> assistance.  Is there a "real development" effort 
> being done to incorporate Rijndael into PGP? 
> Let me know, please.  It's a project I may want 
> to work on locally, in New Jersey, USA.
Permalink | Reply | 4 comments |
headers
Michael Young | 7 Feb 2001 06:51

Limited utility of master/subkey


Does PGP7 or GnuPG provide the ability to use a separate
passphrase for the master key and its subkeys?  I'd like to
use my master key rarely, for key-signing only, and protect
it with a passphrase that I almost never use.  I'd then use
(limited-lifetime) subkeys for everyday decryption.
Ideally, I'd be able to make a subkey for everyday signing
of messages.  The OpenPGP specification would appear to
allow this, but I don't see any commands for doing so in the
implementations.

As an experiment, I generated such a master/subkey set and
imported it into PGP 6.5.3.  I found that it couldn't decrypt
material encrypted to the encryption subkey.  I then tried
the passphrase-changing dialog, and it (quite reasonably)
complained about "the" passphrase being incorrect, but it
did change the master's passphrase.  Even though I had
changed the passphrases to match, I was unable decrypt until
I went through the passphrase-changing dialog yet again.

So, unless I'm missing something, it doesn't look like this
is possible.  I also see no way to generate a signing subkey.
Yes, I can create a completely separate key-signing key,
but this gives up the values of the master/subkey (notably,
being able to accumulate signatures on master/userId
relationships that automatically apply to all subkeys).
The very limited coupling available in the implementations
just doesn't buy very much.

Any thoughts?
(Continue reading)

Permalink | Reply | 3 comments |
headers
Werner Koch | 7 Feb 2001 14:54
Picon
Favicon

Re: Limited utility of master/subkey

On Wed, 7 Feb 2001, Michael Young wrote:

> Does PGP7 or GnuPG provide the ability to use a separate
> passphrase for the master key and its subkeys?  I'd like to

GnuPG in part.  If the subkey's passphrase is different it will ask
you for this passphrase.  However, it is not possible to set a
different passphrase for a subkey.

There is a hack which allows you to create a secret key without a
usable primary key:  grep the FAQ for --export-secret-subkeys

> is possible.  I also see no way to generate a signing subkey.
> Yes, I can create a completely separate key-signing key,

You can do this with GnuPG, but there are probably some problems
using this sign-only subkey: currently GnuPG favors the primary key
for this.  This will be changed soon.

Ciao,

  Werner 

--

-- 
Werner Koch                                              <wk <at> gnupg.org>
GNU Privacy Guard                                (http://www.gnupg.org)
Free Software Foundation Europe              (http://www.fsfeurope.org)
           [Please see X-* mail header for OpenPGP key info]
(Continue reading)

Permalink | Reply | 0 comments |
headers
Clive Jones | 8 Feb 2001 02:10

[PGP-USERS] Limited utility of master/subkey

"Michael Young" <mwy-pgpu89 <at> the-youngs.org> wrote:
> Does PGP7 or GnuPG provide the ability to use a separate
> passphrase for the master key and its subkeys?  I'd like to
> use my master key rarely, for key-signing only, and protect
> it with a passphrase that I almost never use.  I'd then use
> (limited-lifetime) subkeys for everyday decryption.
> Ideally, I'd be able to make a subkey for everyday signing
> of messages.
[...]
> Any thoughts?

I don't think what you're trying to do is a good idea.

The basic premise is that you want to keep your key-signing key more
secure than your everyday decryption and message-signing keys. You
propose to do this by giving your key-signing key a different
passphrase - presumably one that is more secure?

You are naturally remembering passphrases rather than writing them
down, since you care about security so much. Since you can remember
the more secure passphrase, why not enjoy greater security by using
that passphrase for everything, rather than using a weaker passphrase
for the other parts?

- It means there are two passphrases to crack not just one.
    Not true. Anyone who obtains your key-signing key and determines
    its passphrase gains the authority to replace your message-signing
    and decryption keys, which is almost as useful to them anyway.
- It means that if your everyday passphrase is captured by a keyboard
  sniffer, your key-signing passphrase is still safe.
(Continue reading)

Permalink | Reply | 1 comment |
headers
Michael Young | 8 Feb 2001 07:06

Re: [PGP-USERS] Limited utility of master/subkey


Clive Jones wrote:
> I don't think what you're trying to do is a good idea.

I appreciate your concerns, but I do not share your conclusions.

The care I take with a key and its passphrase *is* related to its
value, which is in turn related to its lifetime.  I may use a simpler
passphrase for a key that deals with short-term messages than ones
that guard other personal data or that signs other keys.  I also
attach a shorter expiration time to those less valuable keys.
I also believe that the more a key is used, the greater chance
of a compromise to due malice *or accident*.

The ability to generate new subkeys seems to match my model.
If my subkey were always as valuable as my master key, why would
I ever generate another subkey?

If the keys have different values, why is it unreasonable to
allow different passphrases?  No, it's not the only (or even
best) way to mitigate risk, but I believe it can help.

You suggest:

> Isn't it far simpler just to make a separate key-signing key, rather
> than looking for a way to do this with subkeys? This is certainly a
> method a lot of people have used for years.

I am doing just that.  The *only* reason that it is simpler is that
the tools have this limitation.  This requires that human beings
(Continue reading)

Permalink | Reply | 0 comments |
headers
Internet-Drafts | 9 Feb 2001 13:24
Picon
Favicon

I-D ACTION:draft-ietf-openpgp-mime-04.txt

A New Internet-Draft is available from the on-line Internet-Drafts directories.
This draft is a work item of the An Open Specification for Pretty Good Privacy Working Group of the IETF.

	Title		: MIME Security with OpenPGP
	Author(s)	: M. Elkins, D. Del Torto, R. Levien, T. Roessler
	Filename	: draft-ietf-openpgp-mime-04.txt
	Pages		: 12
	Date		: 08-Feb-01
	
This document describes how the OpenPGP Message Format [1] can be
used to provide privacy and authentication using the Multipurpose
Internet Mail Extensions (MIME) security content types described in
RFC1847 [2].
This draft is being discussed on the 'ietf-openpgp' mailing list.  To
join the list, send a message to <ietf-openpgp-request <at> imc.org> with
the single word 'subscribe' in the subject.  An archive of the
working group's list is located at <http://www.imc.org/ietf-openpgp>.

A URL for this Internet-Draft is:
http://www.ietf.org/internet-drafts/draft-ietf-openpgp-mime-04.txt

Internet-Drafts are also available by anonymous FTP. Login with the username
"anonymous" and a password of your e-mail address. After logging in,
type "cd internet-drafts" and then
	"get draft-ietf-openpgp-mime-04.txt".

A list of Internet-Drafts directories can be found in
http://www.ietf.org/shadow.html 
or ftp://ftp.ietf.org/ietf/1shadow-sites.txt
(Continue reading)

Permalink | Reply | 0 comments |

Gmane