gpg --show-session-key option - PGP

This is a discussion on gpg --show-session-key option - PGP ; Is it correct that option --show-session-key works while decrypting (with a private key and passphrase) but does not show the key while encrypting? I would have thought it more useful to show the key while encrypting so you can use ...

+ Reply to Thread
Results 1 to 7 of 7

Thread: gpg --show-session-key option

  1. gpg --show-session-key option

    Is it correct that option --show-session-key works while decrypting
    (with a private key and passphrase) but does not show the key while
    encrypting? I would have thought it more useful to show the key while
    encrypting so you can use it later with --override-session-key when
    forced to decrypt a file.


  2. Re: gpg --show-session-key option

    -----BEGIN PGP SIGNED MESSAGE-----
    Hash: RIPEMD160


    "Nomen Nescio" wrote in message
    news:4cbef9e40f1bc9c626a9e2175bb19251@dizum.com...
    > Is it correct that option --show-session-key works while

    decrypting
    > (with a private key and passphrase) but does not show the key

    while
    > encrypting? I would have thought it more useful to show the

    key while
    > encrypting so you can use it later with --override-session-key

    when
    > forced to decrypt a file.


    it was introduced as an alternative to key escrow;

    that if there were a court order to decrypt a particular file,
    the person so ordered, could just provide the session key,
    and not give up the private key, or decrypt the message in front
    of the court, etc.

    with that in mind, it works perfectly,
    but as that is what it was introduced for,
    it was done in a way that it could be seen only by the person
    decrypting it,
    (which is exactly as it should be)

    the request for having it visible as it is being used to
    encrypt,
    is for special situations, and is more of a security risk.

    hth,

    vedaal
    -----BEGIN PGP SIGNATURE-----
    Version: GnuPG v1.2.3-nr1 (Windows 98)
    Comment: Acts of Kindness better the World, and protect the Soul

    iQEVAwUBP94L1moFoLeFMG0lAQNJ4wf/VSE5Gpn/sRScF1xp5qJrStXxyZeXlPtQ
    tbTDR4HSRj9Lu+9mTXUVMOx3oq4+XFFnDM1Kxrg1YXPwVSxxz1 D3st0DSlAQqRyn
    S66FuPOXY+RzP1MIhMJoLVea77GvSGu17LqoIG4Biog5OAxM0K 26hmc7SZiSeMxx
    SGcEBgL/F4pdczvPBeTP9a1apyQGUmZipbl8CrX4zqrZO4RiHIIUPCr/GdKVSOvc
    h63+cwx+hNUYXPT4w5QcXMsTPQrH8PWLesbY7Q8lDPq2VUfMiG UN/SpG0IMGiqex
    rC9xv0dUKeI1xjuHUUEi2oxB83Txjkgq2UqWP/M0JZOI67jYZOLyAg==
    =ZKac
    -----END PGP SIGNATURE-----



  3. Re: gpg --show-session-key option


    "vedaal" wrote in message
    news:brl27i$4d4mu$1@ID-99877.news.uni-berlin.de...
    [...option --show-session-key...]

    Vedaal's comments make a lot of sense.
    I take it there is no similar function in pgp 8?

    MFPA



  4. Re: gpg --show-session-key option

    "vedaal" wrote:

    > it was introduced as an alternative to key escrow;

    ...

    This I understand.

    > with that in mind, it works perfectly,
    > but as that is what it was introduced for,
    > it was done in a way that it could be seen only by the person
    > decrypting it,
    > (which is exactly as it should be)


    But this method means that in order to reveal the content of one
    message, I can obtain the session key only while decrypting with my
    private key and passphrase (when I might already be victim of
    keylogging or have someone standing over me).

    It seems that it would be more secure for me to note the session key
    for a particular file in private while encrypting if I suspect that I
    may be forced to decrypt it later.

    > the request for having it visible as it is being used to
    > encrypt,
    > is for special situations, and is more of a security risk.


    This statement I do not understand.


  5. Re: gpg --show-session-key option

    Nomen Nescio writes:
    > But this method means that in order to reveal the content of one
    > message, I can obtain the session key only while decrypting with my
    > private key and passphrase (when I might already be victim of
    > keylogging or have someone standing over me).


    Typically you would do it in private, e.g. you're given a court order
    and your lawyer turns over the document. It's not like in the movies.

  6. Re: gpg --show-session-key option

    -----BEGIN PGP SIGNED MESSAGE-----
    Hash: RIPEMD160

    "Nomen Nescio" wrote in message
    news:a8eee225bd6d7193267d75311a47886b@dizum.com...
    > "vedaal" wrote:


    [...]

    > > the request for having it visible as it is being used to
    > > encrypt,
    > > is for special situations, and is more of a security risk.

    >
    > This statement I do not understand.


    [...]

    i requested this extension of the -show-session-key option, on the
    gnupg-users list,

    specifically to be able to send messages encrypted to only the receiver,
    not both the sender and receiver,


    so, in order for the sender to be able to decrypt such a message later, it
    would be necessary to show the session key while encrypting,
    so that the sender can store it together with a copy of the encrypted
    message (encrypted, or in an encrypted container)

    this provides a greater degree of anonymity and plausible deniability,
    but also has the potential to be less secure,
    as people may sometimes be lax when only encrypting, and not using their
    passphrases

    hope this clears up my previous post,

    vedaal

    -----BEGIN PGP SIGNATURE-----
    Version: 6.5.8ckt http://www.ipgpp.com/
    Comment: { Acts of Kindness better the World, and protect the Soul }
    Comment: KeyID: 0x6A05A0B785306D25
    Comment: Fingerprint: 96A6 5F71 1C43 8423 D9AE 02FD A711 97BA

    iQEVAwUBP98dP2oFoLeFMG0lAQMbEAf/YLcFADKdKSQmhOjAxXNsTE+6/7fKq+7+
    hzaIoWBIHh/aotPrQ3O+YzGk7zAqN+W4Qf8CF4Awe8UKS6EOYVHZMlwFL/5uMDyq
    UJYaxlrGnQWnNveKx0hQGjuEeGYpyPRcgYASIYh+01rHxFo1zK qmiHSTuE+BYlXm
    yWQsSycR4SK09fmwuSs/ILFF6y8HP4sjjFbc3VwbSUDu86dlJGj6VwMBrq8TJ4X3
    ZoQnzgElEopsJMbAtrMB1kig5K4zuJU7mOV9l3JaUa1Ltzv3Ql +TlNj2Jlfp8rd/
    v7t9WBbUk/A2vOI5Uxa8PKO8a+hHuS6yjfty4DzzDNBbEh7fhpN9kw==
    =VBh6
    -----END PGP SIGNATURE-----



  7. Re: gpg --show-session-key option

    > hope this clears up my previous post,

    yes, thanks


+ Reply to Thread