searching for keys: hkpms

kardan kardan at riseup.net
Thu Jul 18 20:43:07 CEST 2013


Hi,

I reuse the thread as this topic is quite related.

From the parcimonie [1] manual one sentence hit my brain: "if using
hkps:// (which would be our second choice behind hkpms://)". To be
honest, this is the first time I heard of hkpms, despite I am a reading
some lists and try to keep up with security topics.

As Wikipedia has no article [2] on this yet by this (eventually I find
time in some quite night hour) I try to summarize my finding in case
others find this useful or are keen to add something.

[1] https://gaffer.ptitcanardnoir.org/intrigeri/code/parcimonie/
[2] http://en.wikipedia.org/wiki/HKPMS

This the parcimonie manual does say:
>    hkpms://
>        We recommend using hkpms; see http://web.monkeysphere.info/
> for details. When a hkpms:// keyserver is being used, one needs to do
> two additional steps since gpgkeys_hkpms does not work in the
> torsocks wrapped environment parcimonie uses by default to run gpg.
> 
>        Torify gpgkeys_hkpms
> 
>        Just add the following line to gpg.conf:
> 
>            keyserver-options http-proxy=socks://127.0.0.1:9050
> 
>        Hey, parcimonie, gpg is already torified
> 
>        Pass the --gnupg-already-torified switch to the parcimonie
> daemon command-line. parcimonie will then rely on the
> keyserver-options previously added to gpg.conf, and won't attempt to
> torify gpg connections itself.

< http://www.gossamer-threads.com/lists/gnupg/users/60543
in the nearer term, you could also use msva-perl with hkpms (if you want
to verify remote hosts via the OpenPGP web of trust).

< https://tails.boum.org/contribute/design/
Monkeysphere's hkpms:// support will be used as soon as possible in
place of the hierarchical X.509 certification model.
hkpms is available in Debian: msva-perl

< http://packages.debian.org/jessie/msva-perl
"Cryptographic identity validation agent"
 The Monkeysphere Validation Agent offers a local service for tools to
validate certificates (both X.509 and OpenPGP) and other public keys.
This package contains a perl implementation of a Monkeysphere

< http://web.monkeysphere.info/FAQ/
In addition, this project being what it is, there is now also a
Monkeysphere-enabled hkps ("hkpms") module provided with the
Monkeysphere validation agent package (msva-perl in Debian). This uses
the users monkeysphere validation agent, if running, to confirm the
identify of the keyserver. The Monkeysphere developers have signed the
host key of keys.mayfirst.org¸ so if you have a trust path to the
Monkeysphere developers you can try using hkpms://keys.mayfirst.org.

I found that Kristian's key is signed for hkpms too, while the manual
also recommends to use a different pool server for parcimonie than
for daily requests.
>        You may want parcimonie to use a different keyserver than the
> one your usual GnuPG invocations do. This can be achieved by passing
> to parcimonie a command-line option such as:
> 
>                --gnupg-extra-arg
>                "--keyserver=hkps://zimmermann.mayfirst.org

> pub  4096R/40F3D015 2012-10-06 hkps://keys.kfwebs.net
>                                hkpms://keys.kfwebs.net
>                                https://keys.kfwebs.net
>                                hkps://hkps.pool.sks-keyservers.net
>                                hkpms://hkps.pool.sks-keyservers.net
>                                https://hkps.pool.sks-keyservers.net
> Fingerprint=29D2 ED98 74EE 2B60 3CE3  648E 8BF5 AD41 40F3 D015 

To use hkpms with the above I add to ~/.gnupg/gpg.conf
keyserver hkpms://hkps.pool.sks-keyservers.net
keyserver-options http-proxy=socks://127.0.0.1:9050

$ gpg --search cia
gpg: searching for "cia" from hkpms server hkps.pool.sks-keyservers.net
gpgkeys: protocol `hkpms' not supported
gpg: no handler for keyserver scheme `hkpms'
gpg: keyserver search failed: keyserver error

Of course! How should gpg know how to handle monkeysphere requests if
it is not installed. So we need to install msva-perl.

$ gpg --search cia
Requesting a socks proxy for hkpms, but LWP::Protocol::socks is not
installed. This will likely fail.
Received
'ca-cert-file=/etc/ssl/certs/sks-keyservers.netca.pem' as an
option, but gpgkeys_hkpms does not implement it. Ignoring... HTTPS
error: 501 Protocol scheme 'socks' is not supported

Currently msva-perl recommends liblwp-protocol-socks-perl but I usually
drop recommendations by config due to limited disk space. So I also
installed liblwp-protocol-socks-perl (maybe it should become a
dependency of msva-perl in future versions).

$ gpg --search cia
gpg: searching for "cia" from hkpms server hkps.pool.sks-keyservers.net
gpg: error reading key: public key not found
Monkeysphere HKPMS Certificate validation failed:
  Failed to validate "https://hkps.pool.sks-keyservers.net" through the
OpenPGP Web of Trust. HTTPS error: 500 Can't call method
"http_configure" on an undefined value gpg: key "cia" not found on
keyserver

This often puzzles me with gnupg. Gpg tells 'public key not found' which
in the first place confuses me to think that no key CAN be found.
Instead it would be better to suppress the info due to the connection
issues. But it understand is sometimes hard to implement this for all
unforeseen errors with underlaying connection layers.

Ok. Now I need to understand and setup monkeysphere. What is it and
what do I need to do?

Have you ever thought: What about having a list of trusted IP addresses?
Trusted means, I think the admins of this server are knowledged and
responsible enough to take care, that all the applications on that
server are not vulnerable for spambots, trojans, arbitrary code
execution and other kind of remote usage. In other words: How to
designate a host to only do "good" thinks.
This is what Monkeysphere helps with. Monkeysphere manages your trusted
ssh servers/clients stored in .ssh. Also it will keep a list of trusted
TLS certificates.

From the FAQ:
> On a more generalized scale, the CA architecture is
> obviously flawed, it isn't just us monkeys who think this. A number of
> other people also complain about the problem of centralized authority
> and wish there was something else. We would like to think that we are
> creating a rallying point around this issue. We've learned
> significantly handling things via the monkeysphere model. We've
> started with ssh and https, but we definitely have hopes to extend
> this reach. The project has proceeded one step at a time starting
> with openssh and then we broadened the project to usurp the dominant
> X.509 PKI for TLS/HTTPS authentication.

How does it work?
http://web.monkeysphere.info/doc/

To summarize what I have learned:

The hkpms protocol provides monkeysphere authenticated secured
connections for gpg key searches. As I send them through the TOR
network they are also anonymized. This is quite quite as by this I can
be sure, that no one can log which keys I am searching for, that they
keep updated and even in case Kristian or any server in the pool is an
evil eavesdropper, they do not know my WoT. (I hope somebody tells me,
if I misunderstood or missed something.)

This also is an issue for ssh. From /etc/monkeysphere/monkeysphere.conf:
# Set whether or not to check keyservers at every monkeysphere
# interaction, including all ssh connections if you use the
# monkeysphere ssh-proxycommand.  Leave unset for default behavior
# (see KEYSERVER CHECKING in monkeysphere(1)), or set to true or false.
# NOTE: setting CHECK_KEYSERVER explicitly to true will leak
# information about the timing and frequency of your ssh connections
# to the maintainer of the keyserver.
#CHECK_KEYSERVER=true

So something like parcimonie for gpg keys would be useful then as well.

Finally I would like to ask in the round, if this evaluation from the
FAQ is still uptodate:

> Q: Do you have a keyserver you can recommend?
> 
> The Monkeysphere developers currently recommend the SKS pool
> hkp://pool.sks-keyservers.net. The SKS pool isn't perfect: there is
> currently no encrypted transport between SKS servers, they don't yet
> authenticate the gossip peers or integrity check the data streams, and
> they sadly chew up a lot of ram in the face of connections with an
> AWOL server. However, in our experience of trying other keyservers,
> SKS so far is the best and it has good momentum behind it. Right now
> it doesn't have gnutls bindings, but if you know ocaml, we'd love to
> talk to you so that SKS (which is written in ocaml) can use gnutls for
> OpenPGP certificates for TLS authentication, which would be a nice
> thing to have.

I'm curious about your corrections.
Kardan

-- 
Kardan <kardan at riseup.net>
Encrypt your email: http://gnupg.org/documentation
Public GPG key 9D6108AE58C06558 at hkp://pool.sks-keyservers.net
fpr: F72F C4D9 6A52 16A1 E7C9  AE94 9D61 08AE 58C0 6558
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 620 bytes
Desc: not available
URL: </pipermail/attachments/20130718/39cfdd39/attachment.sig>


More information about the Gnupg-users mailing list