User Tools

Site Tools


project:secure_remailer:start

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revisionPrevious revision
Next revision
Previous revision
project:secure_remailer:start [2017/06/05 19:33] ruzaproject:secure_remailer:start [2017/06/06 16:48] (current) – [Solutions] ruza
Line 52: Line 52:
     * email should be dropped, rejected or delivered (and stored in the archive) untouched     * email should be dropped, rejected or delivered (and stored in the archive) untouched
  
-= Mailing list archive =+== Mailing list archive ==
 Emails are stored in the email archive in a decrypted form. Since there is no requirement to reencrypt emails to the specific recepients an email archive is the only reason to hold private subkey on the receiving server. Emails are stored in the email archive in a decrypted form. Since there is no requirement to reencrypt emails to the specific recepients an email archive is the only reason to hold private subkey on the receiving server.
  
Line 74: Line 74:
   * __public subkey distribution__ on **email sender** site - since subkey is generated with one year validity (technically 12-15 months) an email clients needs to refresh to currently valid keyring state at least once a year.   * __public subkey distribution__ on **email sender** site - since subkey is generated with one year validity (technically 12-15 months) an email clients needs to refresh to currently valid keyring state at least once a year.
   * __private subkey distribution__ on **email recipients** site - each time new subkey generated (Usually related to the list of newly elected board members) this new subkey needs to be distributed to board members   * __private subkey distribution__ on **email recipients** site - each time new subkey generated (Usually related to the list of newly elected board members) this new subkey needs to be distributed to board members
-  * Afaik in GnuPG there is no way how to generate an decrypt only subkey (key without signing capability). Since we have an requirement to decrypt email content for the purpose of storing it in the mailing list archive an receiving email server needs to hold a private subkey currently used. The question whether processing server should also keep expired subkeys could be a matter of discussion.+  * Using [[wp>GnuPG]] expert mode there is possibility to generate **"encrypt onlysubkey** (key without signing and authentication capabilities[[https://www.sidorenko.io/blog/2014/11/04/yubikey-slash-openpgp-smartcards-for-newbies/|howto]]. Since we have an requirement to decrypt email content for the purpose of storing it in the mailing list archive an receiving email server needs to hold a private subkey currently used. The question whether processing server should also keep expired subkeys could be a matter of discussion. [[https://www.cs.cornell.edu/courses/cs5430/2015sp/notes/rsa_sign_vs_dec.php|RSA Signing is Not RSA Decryption]]
  
  
project/secure_remailer/start.1496691187.txt.gz · Last modified: 2017/06/05 19:33 by ruza