dh key exchange via ascii email?
adrelanos
adrelanos at riseup.net
Sat Mar 23 21:29:39 CET 2013
Ileana:
> Hello,
>
> I am curious if there is a built-in or optional way to do a
> diffie-hellman key exchange over PGP encrypted email. Such that
> subsequent emails could be forward secret?
>
> Is there some program already out there that each party can use to
> generate ascii cut and paste primes and factors? It seems like it
> would be a simple program to write.
>
> Is there any plans to encorporate such functionality in to GNUPG?
>
> Thanks,
>
> Ileana
I find that interesting. It's sad, that gnupg doesn't have forward
secrecy.
Have you found this already?
forward secrecy Forward Secrecy Extensions for OpenPGP, Brown, Back,
Laurie (how to add forward-secrecy to OpenPGP -- forward-secrecy makes
it harder for someone to obtain your private key -- because the
private keys are deleted as soon as practical after use).
http://www.cypherspace.org/openpgp/pfs/openpgp-pfs.txt
It would be interesting to know what the state of that is and awesome
if you push that idea forward.
And alternatively, if adding forward secrecy to GPG fails, have you
thought about applying OTR for e-mail? That way looks even more
attractive to me.
If you can break down OTR for e-mail as simple as "let's meet and
compare our fingerprints", that'd be awesome.
There could be issues, but perhaps nothing you can't solve. As far I
understand OTR is more designed for low latency, but I don't see why
it couldn't be tweaked. Only the dh key exchange happens with low
latency? You could add one button "new session" (or so) and another
one "End this Subject". With each new subject, use another dh key. And
with each new subject, prepare one, two or a few dh keys (in e-mail
text or header, hidden from user). Of course it requires more thought.
Might be useful to propose it on the OTR list in case you find that
interesting.
More information about the Gnupg-users
mailing list