Re: PGP reveals the key ID of the recipient of encrypted msg
At 16:36 3/11/96, John Pettitt wrote:
I can see a case where one would want to broadcast a message (say on usenet) with *no* indication of the intended recipient (not even a non registered key-id). It would seem to be easy enough to hack up something that does not have key-IDs - to know if it's for you try decryption and if it works then it was for you. This does not scale well as the recipient must trial decrypt all messages which could use *a lot* (tm) of CPU time.
There is also the problem of knowing WHICH key to use (ie: Even when you know the message is intended for you, you must do a test run with each of your keys until one works). Thus you want private keys whose ownership is not publicly linked to your known identity (but is known to your correspondents). So long as you have your corespondent's published Public Key, you can use it to do a one-time transmission of a private Public Key to be used to do anonymous (ie: Not Linked to your Public Identity) transmissions to you.
On Wed, 13 Mar 1996 00:28:48 -0500, "Robert A. Rosenberg" <hal9001@panix.com> wrote:
There is also the problem of knowing WHICH key to use (ie: Even when you know the message is intended for you, you must do a test run with each of your keys until one works).
I believe that provided all your keys are in your secret keyring, PGP will automatically pick the correct one for you. Best wishes, Matthew
I believe that provided all your keys are in your secret keyring, PGP will automatically pick the correct one for you.
Unfortunately, PGP 2.6.2 will do this only if the PGP message has proper keyIDs. It finds the proper key by matching the keyID in the PGP message to the keyIDs in the secret keyring. If you remove the keyIDs from the message (as stealth does), PGP 2.6.2 cannot find the secret key to use. One fix would be to have PGP (say, PGP3 ;) try all the keys on your secret keyring if the keyID in the message is 0. In other words, you can pseudo-stealth a message by leaving off the keyID and PGP3 would attempt all the secret keys. If one worked, you'd be able to read it. This doesn't solve the whole problem of stealth; you still know that what you have is a PGP message, and even that it is an encrypted message, but you do not know to whom it has been encrypted. The nice thing about this approach is that this works for multiple recipients, too! NOTE: while the PGP3 API should be able to handle this case, I do not know if support for this feature will be implemented in PGP 3.0 -derek
-----BEGIN PGP SIGNED MESSAGE----- [To: matthew@itconsult.co.uk (Matthew Richardson)] [cc: cypherpunks@toad.com] [Subject: Re: PGP reveals the key ID of the recipient of encrypted msg ] [In-reply-to: Your message of Wed, 13 Mar 96 09:12:10 GMT.] <3146910b.90015235@itconsult.co.uk> matthew@itconsult.co.uk (Matthew Richardson) came full circle with:
On Wed, 13 Mar 1996 00:28:48 -0500, "Robert A. Rosenberg" <hal9001@panix.com> wrote:
There is also the problem of knowing WHICH key to use (ie: Even when you know the message is intended for you, you must do a test run with each of your keys until one works).
I believe that provided all your keys are in your secret keyring, PGP will automatically pick the correct one for you.
But PGP can only do this because the keyID is there in the encrypted text, and the point of this discussion was to strip off the keyIDs so that you couldn't tell who the message was being sent to any more... Arrgh. Chris McAuliffe <cmca@alpha.c2.org> (No, not that one.) -----BEGIN PGP SIGNATURE----- Version: 2.6 iQCVAwUBMUdvyIHskC9sh/+lAQH+WwP/aDYO2Pp9b9+x7UxYYITIG46WxaM8uaxg 9hQg/1ZaoRRC5Ha/8kF4W2gUu3ecCJ6Kh1E/mCOVm3TUVWV+47tzolLsT8tM3530 13pLr6wmbwir+CFs4cURxjMpEKx/CixbyzvzZWD939woiKIjYiivoBEhwoBZE9bz 2cdUHnYjvro= =1Lhv -----END PGP SIGNATURE-----
participants (4)
-
cmca@alpha.c2.org -
Derek Atkins -
matthew@itconsult.co.uk -
Robert A. Rosenberg