OpenPGP Secret Key Transfer

Vincent Breitmoser look at my.amazin.horse
Fri Jun 2 14:07:02 CEST 2017


Hi there,

one of the long time unsolved problems we had with OpenKeychain was a
good way to transfer secret keys between devices, particularly between
Desktop and Mobile. We finally came up with a concept based on qr-code
authenticated TLS-PSK via local network, which I implemented this week:

https://github.com/open-keychain/open-keychain/pull/2117

You can see it in action here:

http://valodim.stratum0.net/transfer_active.gif
http://valodim.stratum0.net/transfer_passive.gif

The use of TLS-PSK ensures that data on the wire has no value, except
for participants on the local network who have access to the PSK, and
only during the time of exchange.

The usefulness of this mechanism is of course limited until it is
supported on more platforms, which is why I approached Andre about this
and we discussed the idea together with Werner earlier this week.  Andre
asked me to write a short spec and post it here, to collect feedback:

https://pad.stratum0.org/p/openpgp-skt

I went over this with dkg and worked out some warts, and he also seemed
interested in writing a standalone client.

Special thanks to Oliver Wiese and his students at FU Berlin, who got
this ball rolling!


 - V



More information about the Gnupg-devel mailing list