dh key exchange via ascii email?
Peter Lebbing
peter at digitalbrains.com
Sat Mar 23 11:24:17 CET 2013
On 23/03/13 04:16, Ileana wrote:
> I am curious if there is a built-in or optional way to do a
> diffie-hellman key exchange over PGP encrypted email. Such that
> subsequent emails could be forward secret?
I find it a really funny idea, in a positive way. "Hey, I've never thought about
it that way!". But it also sounds cumbersome. The e-mail clients will need to
retain a shared secret. If you regularly use multiple computers, you need to
distribute that secret, and it should probably be encrypted itself (protected by
a passphrase) depending on your scenario.
So the really obvious question is: what's wrong with the hybrid crypto offered
by OpenPGP? Why not just use public keys?
Peter.
PS: Regarding "a simple program to write"; implementing crypto yourself is never
simple. The devil is in the details. Unless you implement an e-mail carrier for
the TLS packets to exchange and use OpenSSL or GnuTLS, I /think/ your
implementation comes close enough to cryptographic primitives to warrant the
credo "never implement crypto on your own".
--
I use the GNU Privacy Guard (GnuPG) in combination with Enigmail.
You can send me encrypted mail if you want some privacy.
My key is available at <http://digitalbrains.com/2012/openpgp-key-peter>
More information about the Gnupg-users
mailing list