dh key exchange via ascii email?

Ileana ileana at fairieunderground.info
Sat Mar 23 20:14:49 CET 2013


Peter,

The basic idea is:
1.  Assume 2 parties both have each others public keys and the keys are
trusted/verified.
2.  Bob sends alice a email message (signed/encrypted w PGP, though
uncessesary) with a suggested g, and g^b.
3. Alice receives and decrypts, and if
she accepts, she sends bob g^a.
5. PGP is used from here one to send symmetric messages using
g^(ab)
6. Bob or alice asks for a new g.
7. The old key is deleted/wiped, and a new exchange started.
8. Forward secrecy is obtained through multiple sessions.

It is assumed in this case you do not want to "save" or be able to
retrieve old emails. 

The primes and exponents could be sent in base-64
messages similar to PGP public key blocks.

If nothing else, either party cut and pastes the values into a separate
simple gui that just generates a and b from dev/random (or uses gcrypt
functions) calculates g^ab, and back and forth from b-64.  A simple
library could be written in a few c files (or any language with
interface to gcrypt I guess). Once a key is selected, it could be used
directly by gnupg for symmetric encryption.

This is just an idea I had.  If using gcrypt or something else, you are
not really doing crypto primitives, and this seems at its simplest, a
simple case.

The issue (of course numerously stated everywhere) is that the weakest
believed link in pk is keeping your secret key secure.  Technically
speaking, that is a limit approaching, but never reaching, infinity.

However keeping symmetric keys secure for short periods of time could
only be easier.  It also would allow you to use a separate
encryption key for different recipients, giving further forward secrecy
as multiple conversations progress.


Just an idea, which of course to some extent would be annoying with all
the emails back and forth.  However possibly less annoying the
generating new PGP keys and sending those back and forth (with over
head of having to sign each new key, and managing multiple throwaway
pgp keys between multiple recipients.)

Ileana

 On Sat, 23 Mar 2013 11:24:17 +0100
Peter Lebbing <peter at digitalbrains.com> wrote:

> 
> I find it a really funny idea, in a positive way. "Hey, I've never
> thought about it that way!". But it also sounds cumbersome. The
> e-mail clients will need to retain a shared secret. If you regularly
> use multiple computers, you need to distribute that secret, and it
> should probably be encrypted itself (protected by a passphrase)
> depending on your scenario.
> 
> So the really obvious question is: what's wrong with the hybrid
> crypto offered by OpenPGP? Why not just use public keys?
> 
> Peter.
> 
> PS: Regarding "a simple program to write"; implementing crypto
> yourself is never simple. The devil is in the details. Unless you
> implement an e-mail carrier for the TLS packets to exchange and use
> OpenSSL or GnuTLS, I /think/ your implementation comes close enough
> to cryptographic primitives to warrant the credo "never implement
> crypto on your own".
> 




More information about the Gnupg-users mailing list