Re: O.J. ObCrypto: Fuhrman's Folly Fans Fakery Fears...

["Robert A. Rosenberg" <hal9001@panix.com>]

At 23:50 8/30/95, MONTY HARDER wrote:
>I recommend that anyone who will be using escrowed keys generate two
>pairs: First, the signature key, including in the userid some kind of
>[sig use] identifier (we should settle on a standard abbreviation for
>this) follower by the encryption key. This way, when a person gets your
>pubkeys, they get the encryption key =last=, which gets it searched
>first whenever they PGP -e... something.
>
>  Whatever arrangements are made for escrowing my encryption key,
>=nobody= gets my signature key. If I am fired, quit, become brain
>damaged or dead, my key can never be used by anyone to implicate me in
>any criminal activity.
>
>
>
>  Please don't mention to anyone the fact that my signature key can be
>used to send me something that even the escrow agents can't read....

I do not think that PGP 2.x can easily (ie: Automatically) use one key for
Signing and another for Encrypting a Message (it does both at the same time
if you ask). If I "Clear Sign" a message and then Encrypt it, then I get
the result but I'm not sure if doing the decrypt on such a message will
automatically spot the signature and verify it (as would occur with a E+S
pass).

PGP3 is supposed to have the ability to have keysets that contain two keys
for this purpose (ie: When you generate a key set you can ask it to
generate separate Sign and Encrypt keys so that separate keys get used for
each function).