• PGP question

    From alterego@21:2/116 to All on Mon Jun 8 14:11:57 2020
    So I thought I'd ask a PGP question.

    Lets say I have 3 PGP users "A", "B" and "C".

    B sends A their public key, which A signs and returns.

    Now "B" and "C" dont have each other's public keys, but they do have "A"s.

    If "B" signs a message that is sent to "C", but "C" only has "A"s public key, can "C" verify "B"s message without asking for "B"s public key?

    I thought the answer was yes, but I'n not sure now...

    ...δεσ∩

    ... I don't deserve this, but I have arthritis and I don't deserve that either --- SBBSecho 3.11-Linux
    * Origin: I'm playing with ANSI+videotex - wanna play too? (21:2/116)
  • From Adept@21:2/108 to alterego on Mon Jun 8 07:23:45 2020
    If "B" signs a message that is sent to "C", but "C" only has "A"s public key, can "C" verify "B"s message without asking for "B"s public key?

    Just so I'm understanding the question correctly, we're talking about some
    sort of signature where you can decode it by using that user's public key, correct?

    Thus you somehow have to have B's signature, which was encrypted with B's private key, become unencrypted by something other than B's public key?

    That seems to be against the very idea of how a signature is supposed to
    work. But maybe I'm missing something in the question.

    And we're not counting things like A sending B's public key to C, right? Because A could do that; it's just that you have to trust A to be sending the correct public key, and not having just impersonated B the first time with
    the signature.

    --- Mystic BBS v1.12 A45 2020/02/18 (Linux/64)
    * Origin: Storm BBS (21:2/108)
  • From alterego@21:2/116 to Adept on Mon Jun 8 20:49:11 2020
    Re: Re: PGP question
    By: Adept to alterego on Mon Jun 08 2020 07:23 am

    Just so I'm understanding the question correctly, we're talking about some sort of signature where you can decode it by using that user's public key, correct?
    Thus you somehow have to have B's signature, which was encrypted with B's private key, become unencrypted by something other than B's public key?

    No, no decoding, nor encryption involved. With PGP, you can "digitally sign" a piece of text, that somebody can verify with a public key.

    That seems to be against the very idea of how a signature is supposed to work. But maybe I'm missing something in the question.

    Perhaps... Since I'm not talking about "encryption", but rather "digital signature", I'm wondering is it possible to validate that the message came from "B", because "A" signed "B"'s key and "C" has "A"s key...

    SSL works the same way. A certificate on my website is validated by the fact that your browser trusts the root certificate that is an ancestor of my certificate. (The difference is, you also get my public certificate, so I may have answered my own question...)

    IE: I'm wanting to verify that "B" send a message, when "C" receives it, and "C" doesnt have "B"s public key - but has "A"s and "A" also signed "B"s key.

    ...δεσ∩

    ... Youth doesn't excuse everything. Dr. Janice Lester stardate 5928.5.
    --- SBBSecho 3.11-Linux
    * Origin: I'm playing with ANSI+videotex - wanna play too? (21:2/116)
  • From Ogg@21:4/106.21 to alterego on Mon Jun 8 10:49:00 2020
    Hello δεσ∩!

    ** On Monday 08.06.20 - 14:11, alterego wrote to All:

    So I thought I'd ask a PGP question.

    Lets say I have 3 PGP users "A", "B" and "C".

    B sends A their public key, which A signs and returns.

    Now "B" and "C" dont have each other's public keys, but they do have "A"s.

    If "B" signs a message that is sent to "C", but "C" only has "A"s public key, can "C" verify "B"s message without asking for "B"s public key?

    I thought the answer was yes, but I'n not sure now...


    You need the public key of the person who signed the message to verify
    that message.



    --- OpenXP 5.0.44
    * Origin: Key ID = 0x5789589B (21:4/106.21)
  • From Warpslide@21:3/110 to alterego on Mon Jun 8 11:19:17 2020
    On 08 Jun 2020, alterego said the following...

    No, no decoding, nor encryption involved. With PGP, you can "digitally sign" a piece of text, that somebody can verify with a public key.

    Since PGP is inherently peer to peer, there's no central authority that controls it. You would need a directory or listing of other people's public keys.

    This is where the idea of a pgp key repository comes in. Perhaps the most famous is the one operated by mit at:

    https://pgp.mit.edu

    If you go to that site, you're able to submit your own public key & look up
    the public keys of others.

    You can then configure PGP clients to search one or more repositories if you don't happen to have their public key locally.

    Of course for this to work all parties involved would need to be using the
    same repositor(y|ies).

    If you didn't want to use a repository, you would then need to make sure each client had each other's public key locally.


    Jay

    --- Mystic BBS v1.12 A45 2020/02/18 (Windows/32)
    * Origin: Northern Realms BBS | bbs.nrbbs.net | Binbrook, ON (21:3/110)
  • From Ogg@21:4/106.21 to Warpslide on Mon Jun 8 12:05:00 2020
    Hello Warpslide!

    ** On Monday 08.06.20 - 11:19, Warpslide wrote to alterego:

    This is where the idea of a pgp key repository comes in. Perhaps the most famous is the one operated by mit at:

    https://pgp.mit.edu

    When was the last time you used that one? The search function seems to be broken for nearly a year now. After a long delay, it still reports:

    Proxy Error

    The proxy server received an invalid response from an upstream server.
    The proxy server could not handle the request GET /pks/lookup.

    Reason: Error reading from remote server


    If you go to that site, you're able to submit your own public key & look
    up the public keys of others.

    Maybe submission works, but I haven't tried it.


    Of course for this to work all parties involved would need to be using the same repositor(y|ies).

    I don't think that's true. I can fetch the public keys from anywhere, and you can fetch the same keys from somewhere else.


    --- OpenXP 5.0.44
    * Origin: Key ID = 0x5789589B (21:4/106.21)
  • From Adept@21:2/108 to alterego on Mon Jun 8 20:22:43 2020
    No, no decoding, nor encryption involved. With PGP, you can "digitally sign" a piece of text, that somebody can verify with a public key.

    Perhaps I'm still not following, but my understanding of a PGP signature is that I encrypt something (generally a hash) using my private key, and then
    you decrypt it using the public key and see if it matches that something.

    It's the reverse of encrypting a message, where I'd use your public key, and you'd decode with your private key.

    Is that _not_ what a PGP signature is? How do you create something that's trustworthy as someone's signature without using encryption?

    of my certificate. (The difference is, you also get my public
    certificate, so I may have answered my own question...)

    That would make sense, then.

    With your example, it seems like you can see that A signed something, and if you trust A's signature, then that's good enough even without B's actual signature.

    --- Mystic BBS v1.12 A45 2020/02/18 (Linux/64)
    * Origin: Storm BBS (21:2/108)
  • From alterego@21:2/116 to Warpslide on Tue Jun 9 09:03:38 2020
    Re: Re: PGP question
    By: Warpslide to alterego on Mon Jun 08 2020 11:19 am

    Since PGP is inherently peer to peer, there's no central authority that controls it. You would need a directory or listing of other people's public keys.

    So the only value of cross-signing keys is to increase trust (of the public key). IE: If Alice and Bill signed Cindy's key, and I receive something from Cindy it must be Cindy (not somebody protending to bre Cindy) becase I know Alice and Bill and trust them...

    (But Cindy also needs to give you her cross signed public key by Alice and Bill
    right?)

    If you didn't want to use a repository, you would then need to make sure each client had each other's public key locally.

    Ahh, OK, I thought cross signing might mitigate that - but then you confirmed my doubts, tks.

    ...δεσ∩

    ... Gossip is when you hear something you like about someone you don't.
    --- SBBSecho 3.11-Linux
    * Origin: I'm playing with ANSI+videotex - wanna play too? (21:2/116)
  • From alterego@21:2/116 to Adept on Tue Jun 9 09:05:37 2020
    Re: Re: PGP question
    By: Adept to alterego on Mon Jun 08 2020 08:22 pm

    Perhaps I'm still not following, but my understanding of a PGP signature is that I encrypt something (generally a hash) using my private key, and then you decrypt it using the public key and see if it matches that something.

    With PGP, you can choose to encrypt something - so that only the receipent can see it, or you can choose to sign something - which proves you are the only person that sent it.

    When you "sign" it does not have to be encrypted. IE: I can clear sign a piece of text, that anybody can read, but the signature below it will only be validated with my public key, prooving it came from me.

    ...δεσ∩

    ... Don't force it, get a larger hammer.
    --- SBBSecho 3.11-Linux
    * Origin: I'm playing with ANSI+videotex - wanna play too? (21:2/116)
  • From apam@21:1/126 to alterego on Tue Jun 9 09:17:49 2020
    Re: Re: PGP question
    By: Adept to alterego on Mon Jun 08 2020 08:22 pm

    Perhaps I'm still not following, but my understanding of a PGP
    signature is that I encrypt something (generally a hash) using
    my private key, and then you decrypt it using the public key
    and see if it matches that something.

    With PGP, you can choose to encrypt something - so that only the
    receipent can see it, or you can choose to sign something - which
    proves you are the only person that sent it.

    When you "sign" it does not have to be encrypted. IE: I can clear
    sign a piece of text, that anybody can read, but the signature
    below it will only be validated with my public key, prooving it
    came from me.

    I'm pretty sure Adept is right here, a signature (the little bit down
    the bottom) is an encrypted hash of the message, which has been
    encrypted using the private key so it can be decrypted with the public
    key and that's how verification of the (unencrypted) message works.

    Andrew


    --- MagickaBBS v0.15alpha (Linux/x86_64)
    * Origin: HappyLand - telnet://magickabbs.com:2023/ (21:1/126)
  • From Adept@21:2/108 to alterego on Tue Jun 9 02:51:21 2020
    When you "sign" it does not have to be encrypted. IE: I can clear sign a piece of text, that anybody can read, but the signature below it will
    only be validated with my public key, prooving it came from me.

    I get that.

    The thing is, you sign using PGP by applying your private key to it. Since
    it's a symmetric key, whether you use the public or private key doesn't
    matter, because one encodes, and the other decodes. It doesn't matter which.

    Mind you, it'd be pretty easy to break if you only encrypted using your
    private key, because anyone can unencrypt it.

    But that's exactly what happens with a signature. It's literally applying the private key to something, which the public key decodes.

    It's a signature because it requires using the private key that
    (theoretically) no one else has access to, and thus you know that it's a signature because your public key, and only your public key, validates it.

    I found a couple of pages on it, and maybe those explanations would make more sense for you.

    https://www.docusign.com/how-it-works/electronic-signature/digital-signature/ digital-signature-faq

    and

    https://www.quora.com/What-is-a-PGP-signature

    --- Mystic BBS v1.12 A45 2020/02/18 (Linux/64)
    * Origin: Storm BBS (21:2/108)
  • From Adept@21:2/108 to apam on Tue Jun 9 03:02:16 2020
    I'm pretty sure Adept is right here, a signature (the little bit down
    the bottom) is an encrypted hash of the message, which has been

    Thanks. Hopefully your explanation makes sense to them.

    --- Mystic BBS v1.12 A45 2020/02/18 (Linux/64)
    * Origin: Storm BBS (21:2/108)
  • From alterego@21:2/116 to apam on Tue Jun 9 17:12:52 2020
    Re: Re: PGP question
    By: apam to alterego on Tue Jun 09 2020 09:17 am

    I'm pretty sure Adept is right here, a signature (the little bit down
    the bottom) is an encrypted hash of the message, which has been
    encrypted using the private key so it can be decrypted with the public
    key and that's how verification of the (unencrypted) message works.

    Actually, I wasnt 100% sure that it was - hence why I started down this path.

    My doubts where two fold:
    * Encrypting something is done from public key -> private key (ie: encrypt with the public key, de-crypt with the private key), and private key (it can encrypt and decrypt). I didnt think you could encrypt with your private key, and the public key can decrypt it.

    * So I was thinking the "little bit at the bottom", is not something encrypted, but rather something that is base64 encoded of the result of a computation. It is the hash of the message, using the public key portion of your key (your public key provides the nonce), that somebody else with your public key can come to the same calculation. And thus if they do, it was from you.

    So I was wondering if the "little bit at the bottom" also had other key computation results (because your key is signed by somebody else), and thus with that other public key, while I cant directly validate the message can from you, I can indirectly, because I also have that "other public key" and can validate that hash. (Did I loose you...?)

    But Oli said, you cant do that validation without the original public key at all, so perhaps I've got my answer. It was good to talk through it though.

    ...δεσ∩

    ... Committee work is like a soft chair...easy to get into but hard to get out --- SBBSecho 3.11-Linux
    * Origin: I'm playing with ANSI+videotex - wanna play too? (21:2/116)
  • From Warpslide@21:3/110 to alterego on Tue Jun 9 07:36:49 2020
    On 09 Jun 2020, alterego said the following...

    So the only value of cross-signing keys is to increase trust (of the public key). IE: If Alice and Bill signed Cindy's key, and I receive something from Cindy it must be Cindy (not somebody protending to bre Cindy) becase I know Alice and Bill and trust them...

    Exactly, cross-signing is only for increasing the trust level for that key.

    When I was playing around with PGP many years ago there was this web-of-trust thing still happening. (It might still be?)

    I met a couple of people in a downtown coffee shop & we all showed each other our drivers licenses (this was before smartphones, so there was no risk of
    them taking a picture of the ID), we had a coffee and a few hours later I got an email saying they had signed my key, and I signed theirs.

    I don't know that really made it any more "trustworthy". Now-a-days you can publish your public key in DNS, and if you happen to have DNSSEC enabled you can trust the response hasn't been tampered with.

    e.g: If there was a PGP public key published as a TXT record at:

    alterego._pka.alterant.leenook.net

    And it contained
    "v=pka1;fpr=<PGP key fingerprint>;uri=https://alterant.leenook.net/alterego.pub.txt"

    Assuming the DNS answer was signed with DNSSEC and the URI pointed to an
    https site, I would trust that key just as much as of it were signed by 300 random strangers.

    (But Cindy also needs to give you her cross signed public key by Alice
    and Bill right?)

    Exactly, each time your key is signed, it would need to be re-published.

    Jay

    --- Mystic BBS v1.12 A45 2020/02/18 (Windows/32)
    * Origin: Northern Realms BBS | bbs.nrbbs.net | Binbrook, ON (21:3/110)
  • From Ogg@21:4/106.1 to Warpslide on Sat Feb 27 09:35:29 2021
    On 09 Jun 2020, alterego said the following...

    I met a couple of people in a downtown coffee shop & we all showed
    each other our drivers licenses (this was before smartphones, so
    there was no risk of them taking a picture of the ID), we had a
    coffee and a few hours later I got an email saying they had signed
    my key, and I signed theirs.

    You probably don't even need to exchange IDs to "prove" who you are to each other. What would the paper IDs really prove anyway? Documents can be faked.

    Instead, when you are all meeting in person, just announce that you (person A) just sent an encrypted message to person B with the string "321" or something. When person B receives that and verifies a few seconds later then you have confirmation that you just "identified" the sender.

    Btw.. did anyone wonder about the asymetrical pattern that was used on the parachute for the recent Mars landing?

    "Clark, a crossword hobbyist, came up with the idea two years ago. Engineers wanted an unusual pattern in the nylon fabric to know how the parachute was oriented during descent. Turning it into a secret message was ôsuper fun,ö he said Tuesday."
    --- SBBSecho 3.13-Linux
    * Origin: The Rusty MailBox - Penticton, BC Canada (21:4/106.1)