mirror of
https://codeberg.org/openpgp/notes.git
synced 2024-11-27 01:52:06 +01:00
Add input from Wiktor
This commit is contained in:
parent
3ef4f265d1
commit
eef2a11842
4 changed files with 63 additions and 9 deletions
|
@ -13,6 +13,8 @@
|
||||||
|
|
||||||
https://en.wikipedia.org/wiki/Cryptographic_hash_function
|
https://en.wikipedia.org/wiki/Cryptographic_hash_function
|
||||||
|
|
||||||
|
Note: hashes are sometimes called "digests".
|
||||||
|
|
||||||
## Symmetric-key cryptography
|
## Symmetric-key cryptography
|
||||||
|
|
||||||
[Symmetric-key cryptography](https://en.wikipedia.org/wiki/Symmetric-key_algorithm) uses the same cryptographic key for both encryption and decryption. Symmetric-key cryptographic systems support *encryption/decryption* operations.
|
[Symmetric-key cryptography](https://en.wikipedia.org/wiki/Symmetric-key_algorithm) uses the same cryptographic key for both encryption and decryption. Symmetric-key cryptographic systems support *encryption/decryption* operations.
|
||||||
|
@ -25,6 +27,10 @@ Participants in symmetric-key operations need to exchange the shared secret over
|
||||||
- visualization? (maybe a black key icon, following wikipedia's example?)
|
- visualization? (maybe a black key icon, following wikipedia's example?)
|
||||||
```
|
```
|
||||||
|
|
||||||
|
Symmetric-key cryptography is much faster than public-key cryptography. Also, unlike traditional public-key mechanisms, symmetric-key cryptography is quantum-resistant.
|
||||||
|
|
||||||
|
So there is a trade-off: Symmetric-key has major benefits, but exchanging the shared secret is a problem that needs to be solved separately. [Hybrid cryptosystems](hybrid_cryptosystems) are one common approach.
|
||||||
|
|
||||||
### Symmetric-key cryptography in OpenPGP
|
### Symmetric-key cryptography in OpenPGP
|
||||||
|
|
||||||
Symmetric cryptography is used in OpenPGP as part of a [hybrid cryptosystem](https://en.wikipedia.org/wiki/Hybrid_cryptosystem).
|
Symmetric cryptography is used in OpenPGP as part of a [hybrid cryptosystem](https://en.wikipedia.org/wiki/Hybrid_cryptosystem).
|
||||||
|
@ -33,6 +39,11 @@ Where symmetric keys are used in OpenPGP, they are referred to as "session keys.
|
||||||
|
|
||||||
### Authenticated encryption with associated data (AEAD)
|
### Authenticated encryption with associated data (AEAD)
|
||||||
|
|
||||||
|
```{admonition} TODO
|
||||||
|
:class: warning
|
||||||
|
|
||||||
|
- AEAD solves the problem of malleability.
|
||||||
|
```
|
||||||
|
|
||||||
## Public-key, or asymmetric cryptography
|
## Public-key, or asymmetric cryptography
|
||||||
|
|
||||||
|
@ -50,6 +61,13 @@ In many places, we'll deal with asymmetric cryptographic key pairs:
|
||||||
An asymmetric cryptographic key pair
|
An asymmetric cryptographic key pair
|
||||||
```
|
```
|
||||||
|
|
||||||
|
```{admonition} VISUAL
|
||||||
|
:class: warning
|
||||||
|
|
||||||
|
- Wiktor notes: red-green color-blindness affects 8,5% of the population.
|
||||||
|
- Heiko: maybe use colors + distinct shapes for the two key halves?
|
||||||
|
```
|
||||||
|
|
||||||
An asymmetric cryptographic key pair consists of a public and a private part. In this document, we'll show the public part of key pair in green, and the private part in red.
|
An asymmetric cryptographic key pair consists of a public and a private part. In this document, we'll show the public part of key pair in green, and the private part in red.
|
||||||
|
|
||||||
We'll usually visualize cryptographic key pairs in this more compact form:
|
We'll usually visualize cryptographic key pairs in this more compact form:
|
||||||
|
@ -77,6 +95,7 @@ OpenPGP makes heavy use of public-key cryptography.
|
||||||
|
|
||||||
Note that, for historical reasons, OpenPGP often uses the terms "public/secret" instead of "public/private." The OpenPGP RFC and other documentation often use the non-standard term "secret key" instead of the more common "private key."
|
Note that, for historical reasons, OpenPGP often uses the terms "public/secret" instead of "public/private." The OpenPGP RFC and other documentation often use the non-standard term "secret key" instead of the more common "private key."
|
||||||
|
|
||||||
|
(hybrid_cryptosystems)=
|
||||||
## Hybrid cryptosystems
|
## Hybrid cryptosystems
|
||||||
|
|
||||||
[Hybrid cryptosystems](https://en.wikipedia.org/wiki/Hybrid_cryptosystem) combine public-key cryptosystems with symmetric-key cryptosystems in a way that makes use of their respective advantages.
|
[Hybrid cryptosystems](https://en.wikipedia.org/wiki/Hybrid_cryptosystem) combine public-key cryptosystems with symmetric-key cryptosystems in a way that makes use of their respective advantages.
|
||||||
|
|
|
@ -13,11 +13,11 @@ First, without additional context, the word "key" can refer either to public, or
|
||||||
|
|
||||||
Independent of the distinction between private and public keys, in OpenPGP, the term "key" is used to refer to three different layers, all related but distinct:
|
Independent of the distinction between private and public keys, in OpenPGP, the term "key" is used to refer to three different layers, all related but distinct:
|
||||||
|
|
||||||
- A (bare) "cryptographic key" (without additional metadata). Those might be the private and/or public parameters that form a key, e.g., in case of an RSA private key, the exponent `d` along with the prime numbers `p` and `q`.
|
1. A (bare) "cryptographic key" (without additional metadata). Those might be the private and/or public parameters that form a key, e.g., in case of an RSA private key, the exponent `d` along with the prime numbers `p` and `q`.
|
||||||
- An OpenPGP *component key*: Either an "OpenPGP primary key", or an "OpenPGP subkey". A component key is one building block of an OpenPGP certificate. It consist of a (bare) cryptographic keypair combined some invariant metadata (e.g. key creation time).
|
2. An OpenPGP *component key*: Either an "OpenPGP primary key", or an "OpenPGP subkey". A component key is one building block of an OpenPGP certificate. It consist of a (bare) cryptographic keypair combined some invariant metadata (e.g. key creation time).
|
||||||
- An "OpenPGP key", or "OpenPGP certificate": Consists of a number of component keys plus additional elements, such as identity information. (OpenPGP "key servers" serve this type of object).
|
3. An "OpenPGP certificate" (or "OpenPGP key"): Consists of a number of component keys plus additional elements, such as identity information. (e.g. OpenPGP "key servers" serve this type of object).
|
||||||
|
|
||||||
In the following section, we'll look at these different layers.
|
In the following section, we'll look at two OpenPGP-specific layers (2 and 3).
|
||||||
|
|
||||||
|
|
||||||
## Structure of OpenPGP certificates
|
## Structure of OpenPGP certificates
|
||||||
|
@ -30,7 +30,7 @@ An OpenPGP certificate (or "OpenPGP key") is a collection of an arbitrary number
|
||||||
|
|
||||||
All elements of an OpenPGP certificate are structured around one central element: the *OpenPGP primary key*. The primary key acts as a personal CA for the key's owner: It can make cryptographic statements about subkeys, identities, expiration times, revocation, ...
|
All elements of an OpenPGP certificate are structured around one central element: the *OpenPGP primary key*. The primary key acts as a personal CA for the key's owner: It can make cryptographic statements about subkeys, identities, expiration times, revocation, ...
|
||||||
|
|
||||||
Note that OpenPGP certificates are typically long-lived and may be changed (typically by their owner), over time. Components can be added and invalidatedm, over the lifetime of a certificate
|
Note that OpenPGP certificates are typically long-lived and may be changed (typically by their owner), over time. Components can be added and invalidated, over the lifetime of a certificate
|
||||||
|
|
||||||
### OpenPGP component keys
|
### OpenPGP component keys
|
||||||
|
|
||||||
|
@ -58,7 +58,7 @@ Besides a cryptographic keypair, an OpenPGP component key contains additional me
|
||||||
An OpenPGP component key
|
An OpenPGP component key
|
||||||
```
|
```
|
||||||
|
|
||||||
For each OpenPGP component key, an *OpenPGP fingerprint* can be derived from the combination of the public key material and metadata:
|
For each OpenPGP component key, an *OpenPGP fingerprint* can be derived from the combination of the public key material and creation timestamp (plus additional algorithm parameters, for [ECDH Keys](https://www.ietf.org/archive/id/draft-ietf-openpgp-crypto-refresh-10.html#name-algorithm-specific-part-for-ecd)):
|
||||||
|
|
||||||
```{figure} diag/fingerprint.png
|
```{figure} diag/fingerprint.png
|
||||||
---
|
---
|
||||||
|
@ -77,12 +77,13 @@ The "OpenPGP primary key" has the same structure as all other component keys. Bu
|
||||||
- Its fingerprint is used as the unique identifier for the full OpenPGP certificate.
|
- Its fingerprint is used as the unique identifier for the full OpenPGP certificate.
|
||||||
- In addition, it is used for lifecycle operations (e.g. adding or invalidating subkeys or identities in a certificate)
|
- In addition, it is used for lifecycle operations (e.g. adding or invalidating subkeys or identities in a certificate)
|
||||||
|
|
||||||
|
(The OpenPGP primary key has historically also sometimes informally been referred to as "master key".)
|
||||||
|
|
||||||
#### Subkeys
|
#### Subkeys
|
||||||
|
|
||||||
In addition to the primary key, modern OpenPGP certificates can contain "subkeys" in addition to the primary key.
|
In addition to the primary key, modern OpenPGP certificates can contain "subkeys" in addition to the primary key.
|
||||||
|
|
||||||
Subkeys have the same structure as the primary key, but play a subtly different role in the certificate.
|
Subkeys have the same structure as the primary key, but play a subtly different role in the certificate. Subkeys are cryptographically linked with the primary key (more on this below).
|
||||||
|
|
||||||
```{figure} diag/with_subkeys.png
|
```{figure} diag/with_subkeys.png
|
||||||
---
|
---
|
||||||
|
@ -109,6 +110,8 @@ Only the primary key can perform "certification" operations. All other operation
|
||||||
|
|
||||||
It is considered good practice to have separate component keys for each type of operation (specifically: to allow only *Certification* operations for the primary key, and to have separate *Signing*, *Encryption* and *Authentication* subkeys).
|
It is considered good practice to have separate component keys for each type of operation (specifically: to allow only *Certification* operations for the primary key, and to have separate *Signing*, *Encryption* and *Authentication* subkeys).
|
||||||
|
|
||||||
|
(Aside: with ECC algorithms, it's actually not possible to share encryption functionality with the signing-based functionalities, e.g.: ed25519 used for signing; cv25519 used for encryption.)
|
||||||
|
|
||||||
### Identity components
|
### Identity components
|
||||||
|
|
||||||
#### User IDs
|
#### User IDs
|
||||||
|
@ -187,6 +190,8 @@ Linking a User ID to an OpenPGP certificate
|
||||||
|
|
||||||
## Revocations
|
## Revocations
|
||||||
|
|
||||||
|
Note: certification signatures [can be made irrevocable](https://www.ietf.org/archive/id/draft-ietf-openpgp-crypto-refresh-10.html#name-revocable).
|
||||||
|
|
||||||
### Hard vs. soft revocations
|
### Hard vs. soft revocations
|
||||||
|
|
||||||
|
|
||||||
|
@ -216,6 +221,10 @@ Minimized versions, merging, effective "append only" semantics, ...
|
||||||
|
|
||||||
### Metadata Leak of Social Graph
|
### Metadata Leak of Social Graph
|
||||||
|
|
||||||
|
### Adding unbound User IDs to a certificate
|
||||||
|
|
||||||
|
Some OpenPGP subsystems may add User IDs to a certificate, which are not bound to the primary key by the certificate's owner. This can be useful to store local identity information (e.g. sequoia's public store).
|
||||||
|
|
||||||
## Zooming in: Package structure
|
## Zooming in: Package structure
|
||||||
|
|
||||||
To use OpenPGP, we need "(OpenPGP) keys."
|
To use OpenPGP, we need "(OpenPGP) keys."
|
||||||
|
@ -364,6 +373,13 @@ A minimal OpenPGP key, visualized
|
||||||
|
|
||||||
Let's compare this with the same certificate seen as an armored "public" certificate (that is, a variant of the key above, but without the private key material. An OpenPGP user might give such a certificate to a communication partner, so that the remote party could send encrypted messages to the user):
|
Let's compare this with the same certificate seen as an armored "public" certificate (that is, a variant of the key above, but without the private key material. An OpenPGP user might give such a certificate to a communication partner, so that the remote party could send encrypted messages to the user):
|
||||||
|
|
||||||
|
|
||||||
|
```{admonition} TODO
|
||||||
|
:class: warning
|
||||||
|
|
||||||
|
Show packet dump invocations.
|
||||||
|
```
|
||||||
|
|
||||||
```
|
```
|
||||||
-----BEGIN PGP PUBLIC KEY BLOCK-----
|
-----BEGIN PGP PUBLIC KEY BLOCK-----
|
||||||
Comment: 6D10 0EB0 444D 1648 DAD9 A0EE DE83 CCF4 A204 F957
|
Comment: 6D10 0EB0 444D 1648 DAD9 A0EE DE83 CCF4 A204 F957
|
||||||
|
|
|
@ -8,4 +8,19 @@
|
||||||
- using revoked certificate?
|
- using revoked certificate?
|
||||||
- using expired subkey?
|
- using expired subkey?
|
||||||
- using revoked subkey?
|
- using revoked subkey?
|
||||||
```
|
```
|
||||||
|
|
||||||
|
## Advanced topics
|
||||||
|
|
||||||
|
### Selecting decryption key
|
||||||
|
|
||||||
|
- Trying PKESKs until one works out
|
||||||
|
- consider "smart" strategies
|
||||||
|
|
||||||
|
additional wrinkle: hidden intended decryption key (`gnupg --throw-keyid`)
|
||||||
|
|
||||||
|
also see:
|
||||||
|
|
||||||
|
https://www.ietf.org/archive/id/draft-ietf-openpgp-crypto-refresh-10.html#pkesk-notes
|
||||||
|
|
||||||
|
> An implementation MAY accept or use a Key ID of all zeros, or an omitted key fingerprint, to hide the intended decryption key
|
|
@ -1 +1,5 @@
|
||||||
# Compression
|
# Compression
|
||||||
|
|
||||||
|
## Zooming in: Package structure and internals
|
||||||
|
|
||||||
|
### Decompression yields a 'wrapped' openpgp packet stream
|
||||||
|
|
Loading…
Reference in a new issue