pgpfan:wtmwp
Differences
This shows you the differences between two versions of the page.
Next revision | Previous revisionLast revisionBoth sides next revision | ||
pgpfan:wtmwp [2022/01/18 21:59] – created b.walzer | pgpfan:wtmwp [2022/01/20 02:01] – Typos b.walzer | ||
---|---|---|---|
Line 1: | Line 1: | ||
- | ======What’s the matter with PGP? --- Some Comments====== | + | ======What’s the matter with PGP? ― Some Comments====== |
This is somewhat older blog post (2014), but it shows up in internet discussions from time to time, usually posted without context. I have some observations... | This is somewhat older blog post (2014), but it shows up in internet discussions from time to time, usually posted without context. I have some observations... | ||
Line 13: | Line 13: | ||
Basically the idea here is that PGP keys are too long. We are invited to compare the length of the key used for a system called " | Basically the idea here is that PGP keys are too long. We are invited to compare the length of the key used for a system called " | ||
- | > | + | > |
>//Three public keys offering roughly the same security level. From top-left: (1) Base58-encoded Curve25519 public key used in miniLock. (2) OpenPGP 256-bit elliptic curve public key format. (3a) GnuPG 3,072 bit RSA key and (3b) key fingerprint.// | >//Three public keys offering roughly the same security level. From top-left: (1) Base58-encoded Curve25519 public key used in miniLock. (2) OpenPGP 256-bit elliptic curve public key format. (3a) GnuPG 3,072 bit RSA key and (3b) key fingerprint.// | ||
Line 30: | Line 30: | ||
B268 0152 E274 EDE5 53C3 7C80 F80F A811 DE73 D33B | B268 0152 E274 EDE5 53C3 7C80 F80F A811 DE73 D33B | ||
- | The OpenPGP "key fingerprint" | + | The OpenPGP "key fingerprint" |
Now the post complains about the behaviour of GnuPG: | Now the post complains about the behaviour of GnuPG: | ||
Line 43: | Line 43: | ||
- You might later notice the key that was actually downloaded and wonder where it came from. | - You might later notice the key that was actually downloaded and wonder where it came from. | ||
| | ||
- | As already clearly pointed out by the post a PGP public key is a separate entity. It could come from anywhere, not just a key server. So the normal practice is to add it to your keyring and then attempt to certify it as representing the identity of your correspondent. | + | As already clearly pointed out by the post a PGP public key is a separate entity. It could come from anywhere, not just a key server. So the normal practice is to add it to your keyring and then attempt to certify it as representing the identity of your correspondent. |
Then this: | Then this: | ||
- | > | + | > |
>//PGP Key IDs are also pretty terrible, due to the short length and continued support for the broken V3 key format.// | >//PGP Key IDs are also pretty terrible, due to the short length and continued support for the broken V3 key format.// | ||
- | A key ID is a sort of a nickname of a key fingerprint. By convention | + | A key ID is a sort of a nickname of a key fingerprint. By convention |
>//PGP key management sucks// | >//PGP key management sucks// |
pgpfan/wtmwp.txt · Last modified: 2022/01/28 17:48 by b.walzer