Advanced
Mailing List Archive

Mailing List Archive

  1. Home >
  2. GnuPG>
  3. devel
Better way to ID keys
jgg at ualberta
May 30, 1999, 9:09 PM
Post #1 of 4 (143 views)
Permalink
Hi all!

In testing my GPG mail gateway someone pointed me to this interesting
post,

http://jya.com/show-trials.htm

Search for `Subject: CDR: oh goody, more key games'

The poster describes a mechanism that can be used to spoof a key finger
print and a key ID but indicates that spoofing the fingerprint, key ID and
key size all at once is substantialy more difficult [or just the
fingerprint and the size?].

So, assuming that is not just some horrible prank - could I ask that the
status-fd output contain not only the key fingerprint but it's type, and
it's size. Furthermore, I would like it if there was a nice standard way
to give GPG an exact key specfication involving all relevent portions and
have it use that exact key.

I was thinking a notation like,

21BADABBBF24424C/4966F272D093B493410B924B21BADABBBF24424C/1024D
6DC580F5C7261095/CBD9F4126807E405CC2D27121DF5E86E/1024R

Or if it turns out that the keyID is redundant then perhaps,
4966F272D093B493410B924B21BADABBBF24424C/1024D
CBD9F4126807E405CC2D27121DF5E86E/1024R

Which is just a more compact form of the --fingerprint output. The only
trouble is that the letter is not present in the --with-colons output
which make deriving it kinda ugly :<

This way I could specify the key to --recipient with assurance that it
precisly matches the one in my database. (In effect we maintain a seperate
global trust database for our keys, all the keys in that list are assured
to be Debian Developer keys)

Even if that posting isn't true it would be nice to have all that
information in the status-fd for completeness. (Just size and type are
needed right?)

My only other concern is that GPG uses the key fingerprint as an index for
it's gdbm keyring (I choose to use it as well because of that) will this
lead to problems if someone malliciously collides fingerprints?

Thanks,
Jason
Re: Better way to ID keys [ In reply to ]
wk at isil
May 31, 1999, 12:29 AM
Post #2 of 4 (141 views)
Permalink
Jason Gunthorpe <jgg@ualberta.ca> writes:

> The poster describes a mechanism that can be used to spoof a key finger
> print and a key ID but indicates that spoofing the fingerprint, key ID and

This is quite old news. And I think the keysigning party FAQ
explictyely says that you have to compare more than justthe
fingerprint. The problem exists only with v3 keys (and that is in
nearly all cases a RSA key). OpenPGP and the v4 keys addresses this
and other problems; This is one of the reasons why RSA keys are
depreciated and if we put RSA back after sep 2000 they will go into
v4 packets of course.

Please note that the key ID of a v4 key are the lowest 64 bits of the
fingerprint.

> So, assuming that is not just some horrible prank - could I ask that the
> status-fd output contain not only the key fingerprint but it's type, and

Hmmm.

> it's size. Furthermore, I would like it if there was a nice standard way
> to give GPG an exact key specfication involving all relevent portions and
> have it use that exact key.

The fingerprint is used all over the system as the unique key
identifier.

> This way I could specify the key to --recipient with assurance that it
> precisly matches the one in my database. (In effect we maintain a seperate
> global trust database for our keys, all the keys in that list are assured
> to be Debian Developer keys)

Well I think it is better t amke sure that either the key IDs in the
Debian keyring are unique (which is not required by OpenPGP) or that
the finperprints are unique.

> Even if that posting isn't true it would be nice to have all that
> information in the status-fd for completeness. (Just size and type are

Okay.

> My only other concern is that GPG uses the key fingerprint as an index for
> it's gdbm keyring (I choose to use it as well because of that) will this
> lead to problems if someone malliciously collides fingerprints?

You can also create faked key IDs (watch out for 0xdeadbeef key ID on
the keyservers) and the key ID is quite importand as it is used to
specify the used key.

We need the fingerprint to identify a key (the key ID may have
collissions). IIRC there is an addtional check in the gdbm keyring
code mitch matches the key material and not only the fingerprints
(which are used as index) and if they don't mathc gpg should cry
load.


--
Werner Koch at guug.de www.gnupg.org keyid 621CC013
Re: Better way to ID keys [ In reply to ]
jgg at ualberta
May 31, 1999, 8:01 AM
Post #3 of 4 (141 views)
Permalink
On Mon, 31 May 1999, Werner Koch wrote:

> This is quite old news. And I think the keysigning party FAQ
> explictyely says that you have to compare more than justthe
> fingerprint. The problem exists only with v3 keys (and that is in
> nearly all cases a RSA key). OpenPGP and the v4 keys addresses this
> and other problems; This is one of the reasons why RSA keys are
> depreciated and if we put RSA back after sep 2000 they will go into
> v4 packets of course.

This is good news, so the newer keys have unspoofable fingerprints while
the older RSA keys do not.. Is there any way to get GPG give output (and
do matches) for a RSA key in v4 form?

> Please note that the key ID of a v4 key are the lowest 64 bits of the
> fingerprint.

Ah, that is good to know.

> > it's size. Furthermore, I would like it if there was a nice standard way
> > to give GPG an exact key specfication involving all relevent portions and
> > have it use that exact key.
>
> The fingerprint is used all over the system as the unique key
> identifier.

The person who gave this information to me said it was essential to
specify both the fingerprint and the size for the RSA keys, but if there
is no way to ask GPG to do matches with both pieces of information then
there is not much point in storing it.

> Well I think it is better t amke sure that either the key IDs in the
> Debian keyring are unique (which is not required by OpenPGP) or that
> the finperprints are unique.

Our fingerprints are unique and we can deal with assuring that - if they
are not unique then how can I deal with it? There is no other way to
specify a key than by fingerprint, right?

Thanks,
Jason
Re: Better way to ID keys [ In reply to ]
wk at isil
May 31, 1999, 8:04 AM
Post #4 of 4 (139 views)
Permalink
Jason Gunthorpe <jgg@ualberta.ca> writes:

> the older RSA keys do not.. Is there any way to get GPG give output (and
> do matches) for a RSA key in v4 form?

It should be possible to transder a key from v3 to v4. But pgp2 will
not be able to handle them and the key IDs and finperprints will chnage
too.

> are not unique then how can I deal with it? There is no other way to
> specify a key than by fingerprint, right?

Hmmm, it would be possible to extend the scheme to specify the key by
giving the complete key as a hexdump (or base64) value :-)


--
Werner Koch at guug.de www.gnupg.org keyid 621CC013

©2024 GT.net. A Gossamer Threads company.
5th Floor, 455 Granville St., Vancouver, BC V6C 1T1, Canada | Legal