Differences

This shows you the differences between two versions of the page.

--- project:secure_remailer:start [2017/06/06 16:27] – [Solutions] ruza
+++ project:secure_remailer:start [2017/06/06 16:48] (current) – [Solutions] ruza
@@ Line 74: / Line 74: @@
   * __public subkey distribution__ on **email sender** site - since subkey is generated with one year validity (technically 12-15 months) an email clients needs to refresh to currently valid keyring state at least once a year.
   * __private subkey distribution__ on **email recipients** site - each time new subkey generated (Usually related to the list of newly elected board members) this new subkey needs to be distributed to board members
-  * Using [[wp>GnuPG]] expert mode there is possibility to generate **"encrypt only" subkey** (key without signing and authentication capabilities) [[https://www.sidorenko.io/blog/2014/11/04/yubikey-slash-openpgp-smartcards-for-newbies/|howto]]. Since we have an requirement to decrypt email content for the purpose of storing it in the mailing list archive an receiving email server needs to hold a private subkey currently used. The question whether processing server should also keep expired subkeys could be a matter of discussion.
+  * Using [[wp>GnuPG]] expert mode there is possibility to generate **"encrypt only" subkey** (key without signing and authentication capabilities) [[https://www.sidorenko.io/blog/2014/11/04/yubikey-slash-openpgp-smartcards-for-newbies/|howto]]. Since we have an requirement to decrypt email content for the purpose of storing it in the mailing list archive an receiving email server needs to hold a private subkey currently used. The question whether processing server should also keep expired subkeys could be a matter of discussion. [[https://www.cs.cornell.edu/courses/cs5430/2015sp/notes/rsa_sign_vs_dec.php|RSA Signing is Not RSA Decryption]]