Skip to content

Latest commit

 

History

History
96 lines (90 loc) · 7.34 KB

File metadata and controls

96 lines (90 loc) · 7.34 KB

GPG vs next-generation crypto

  • What problems does GPG/friends solve?
    • Certifying authorship of source code (git commit signing)
    • Certifying authenticity of packages for package managear
    • Private messages on public channel
      • E.g., emailing political dissidents
      • Less often, these days, due to e2e-encrypted messengers)
  • What building blocks do we use to solve?
  • Practical, how to
  • GPG alternatives:
    • Never encypt email efail, quote replies, nobody knows how to use it anyway.

    • Sending files: Magic Wormhole (point-to-point, synchronous)

    • Signing: minisign, signify

      • Use SSH keys to sign Git commits
      • How to get publisher's public key? What does SSH signing get you?
      • sigstore
        • It's kind of hard to decrypt the Big Tech, Venture Cap, B2B, synergy langauge they use, but once I did, I found this:

          The cosign command requests a certificate from the Sigstore certificate authority, Fulcio.

          [Cool; it hard-depends on a centralized service]

          Note that you don’t need to use a key to sign. Currently, you can authenticate with Google, GitHub, or Microsoft, which will associate your identity with a short-lived signing key.

          [Because those companies would never want to censor anyone, and everyone wants to tie their Google account to their digital identity.]

    • Encrypting files: age

      • age is in the business of integrity and confidentiality, not authentication. This was hotly debated early on, and still is periodically....

        In short, while no one can modify an encrypted age file, anyone can replace it with a completely new encrypted file.

        • remember, recepient's public keys are public
        • minisign/signify - AFAIK the tools and their formats do not support streamed verification, thus they cannot simply be used together with age in command or library form in streaming use cases. It means requiring more storage/passes and opening for TOCTOU vulnerabilities. --- GitHub issue 51 comment

      • This comment on HN comes dangerously close to realizing why we had WoT in the first place.

        The big problem is there are no really good ways to deal with this problem [the switcharoo problem] fully. If you use digital signatures, you have to have a trusted method of distributing the verification keys.

        If you have a secure method of distributing keys, you could also just distribute the encrypted file (or its hash) via that secure method. --- Hackernews comment

        Of course, the last syllogism is false. A and B could have established a secure channel a long time ago, B and C (not necessarily afterwards), C and D, A can rececive D's key with authenticity, but there was never a secure channel from A to D directly.

    • E2e messaging:

      • Matrix, requires always-online server
        • Could be used for more than just chat
      • XMPP + OMEMO
        • Pre-existing chat protocol
      • Signal / OpenWhisper protocol
      • Basically, device-local keys (aka host keys) that sign each other on a server.
    • Soatok's blog

  • Discussion questions: