integrating OTR keys into PGP key

Daniel Kahn Gillmor dkg at fifthhorseman.net
Wed Nov 2 14:54:23 CET 2011


On 11/02/2011 01:35 AM, Hans-Christoph Steiner wrote:
> 
> As part of the Guardian Project, I am starting work on a 6 month project =
> around keeping keys in sync across phone and laptop and am currently =
> thinking about extending gnupg to handle OTR keys. I've talked a bit =
> with DKG about it, and I am beginning to think that this is a possible =
> workable approach for us. Things are still in the exploratory phase, so =
> things are somewhat vague, including use cases and threat models.
> 
> Right now, I am interested in people's opinion on how useful, feasible, =
> and how much time it would take to integrate IM accounts and OTR keys =
> into PGP keys, working towards the idea that the PGP key becomes the =
> central repository of digital identity.

fwiw, i don't think that gnupg is the thing that would need to be
extended here -- it's more that OTR would need to be able to fetch and
store keys in gnupg's keyring, rather than maintaining its own keystore.
 (for both secret key material of the OTR operator, as well as for
public key and identity material of the operator's peers).

gnupg already permits quite a bit of flexibility in terms of what it can
do, so i think the bulk of work in this project would be extending and
integrating the key management capabilities for OTR.

	--dkg

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 1030 bytes
Desc: OpenPGP digital signature
URL: </pipermail/attachments/20111102/1ca2ccfc/attachment-0001.pgp>


More information about the Gnupg-devel mailing list