[H-GEN] Key-signing at Humbug: Saturday, 1st March 2003

Raymond Smith zzrasmit at uqconnect.net
Sun Feb 23 22:21:53 EST 2003 

[ Humbug *General* list - semi-serious discussions about Humbug and     ]
[ Unix-related topics. Posts from non-subscribed addresses will vanish. ]

Greg and Jason have both pointed to comprehensive resources that explain
the ins and outs of GPG. They have both wisely refrained from attempting
to explain things in any less detail than is required to safely, and
correctly use GPG.

I'm not so wise. :-)

New players to GPG need to understand two general concepts: Public Key
Cryptography, and Webs of Trust.

_Public Key Cryptography_ refers to a system with two 'keys' either of
which may be used to encrypt data for latter decryption by the other key.
The trick is to keep one these keys secret (Private Key) while making the
other available to all and sundry (Public Key). What does this buy you?

Well, first, anyone (including you) may use your Public Key to encode a
message which may only be read by you using your Private Key. This has
obvious applications.

Second, you can encode a message with your Private Key which may only be
decoded with your Public Key. This is useful because it can be used to
verify that you sent the message because your Public Key can only decode
messages encoded with your Private Key and your Private Key is only known
to you. This is how digital signatures work - the signature block at the
end of a PGP signed mail is simply an encrypted summary[1].

We are now faced with another problem: how can we know if a particular
Public Key is indeed the Public Key of a particular person?

The _Web of Trust_ is one approach[2] to this problem: we have other
people vouch that a particular Public Key belongs to a particular person.
We do this electronically using the 'digital signature' approach outlined
above. Now when I encounter a new Public Key - identity pair, I can verify
its authenticity by looking at the people who have vouched for it.

(For example, I get given a new Public Key, allegedly for Tony. I look at
it and see that it is signed by Mark Suter. I already know Mark's key, so
I verify his signature and that's enough for me to trust that Tony's key
is authentic[3].)

The basis for the security of this system is that one only vouches for a
Public Key, identity pair when one is absolutely certain of the match
between the two. Hence, the need for these Key Signing Parties[4]: we
meet, face to face, exchange keys and appropriate documentation[5] and
then having verified the relation between keys and people we 'vouch' for
their keys.

The basis for Jason's harsh response to Tony is that vouching for
(signing) GPG Public Keys is a serious matter as others will rely on your
word regarding the authenticity of the relation between Public Key and
person. It should be approached with the same degree of seriousness as a
character reference.

So, to summarise: Public Key Cryptography uses two keys, one kept secret,
the other shared with correspondents. The authenticity of the link between
Public Key and identity of people needs to be established. Webs of Trust
are one mechanism to establish this authenticity. Key Signing Parties are
a way of establishing a web of trust.

There is a lot more to it than this, but hopefully these background
concepts will help your path to understanding when reading TFM[6].

Cheers,

Raymond

[1] These summaries are known as digests in the literature.
[2] There are many others: use SneakerNet to physically copy the Public
    Key from a secure computer; retrieve the Public Key from a central,
    secured authority; have your system configured with a number of
    'known good' Public Keys which are then used to establish a hierarchy
    of trust (this is how SSL Certificates work in Web Browsers)
[3] Of course, Mark Suter himself requires no authentication as he is
    inimitable. :-)
[4] A bloody stupid name IMNSHO - it does not express the gravity of
    signing a Public Key.
[5] It should be noted that you should be convinced of the other persons
    authenticity. If you have a shadow of a doubt, don't sign their key.
[6] with emphasis on the F.

-- 
raymond at humbug.org.au




--
* This is list (humbug) general handled by majordomo at lists.humbug.org.au .
* Postings to this list are only accepted from subscribed addresses of
* lists 'general' or 'general-post'.  See http://www.humbug.org.au/

More information about the General mailing list