[Enigmail] Signing subkey - different key id.
Faramir
faramir.cl at gmail.com
Fri Feb 6 13:33:36 PST 2009
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
I forgot to say:
Enigmail's security info about your message:
"Información de seguridad OpenPGPSIN CONFIANZA La firma de Web Ushills
<web at ushills.co.uk> es correcta
Id de clave: 0xCA265DC6 / Firmada el: 06-02-2009 7:20
Huella de la clave: ED4A C9AE 3B43 0A7B 9F0D C956 752F E277 BE7E 87FD"
Which means:
"OpenPGP Security information NO TRUST The signature of Web Ushills
<web at ushills.co.uk> is valid
Key ID: 0xCA265DC6 / Signed on: 06-02-2009 7:20
Key Fingerprint: ED4A C9AE 3B43 0A7B 9F0D C956 752F E277 BE7E 87FD"
As you can see, it shows the signature was made with your signing
subkey, but the fingerprint displayed is the fingerprint of your main
key, so it is clear the subkey belongs to you.
I _think_ to forge your subkey, an attacker would need to create a
signing subkey with the same fingerprint of the signing subkey,
something that probably would require an incredible amount of time...
Best Regards
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
iQEcBAEBCAAGBQJJjKywAAoJEMV4f6PvczxAtSMIAJB1MRnehb4psPBZ3n0CxK61
nx5PjG25kZJ3VFtOxMFpNvUYeeHoexLH9XHlwPgjQBtGbBxwmB5FYyXzllwyIn3O
yOmJaAm+b945l2Zul0kFrPOpNMMQbUs1YsemYLcFld22NEFZWiQOTIA7jFz2QyMh
Mea8aY2S3p6gTWq8BxYv6Lj6x5TQZKtteLrj9SA2pTYeXlIZn8yZ1T3+vPed/bfl
cDCliYCQ+UX6EaJbGY88a7ELgj7I9zDGkICJw4A33NAVh4UQN4vW32dNFqeitZN1
KAnl245bVkxjBFkUNJf3tQN/0k3/OS6GklCdPLeRDrR4rSi8PfySpwQ/wFeopZ8=
=Qela
-----END PGP SIGNATURE-----
More information about the Enigmail
mailing list