E-mail with deniable authentication
Mario Castelán Castro
marioxcc.MT at yandex.com
Sun Sep 3 04:18:27 CEST 2017
On 01/09/17 08:31, Andrew Gallagher wrote:
> On 31/08/17 03:35, Mario Castelán Castro wrote:
>> Writer and recipient have a Diffie-Hellman key over the same group and
>> know each other's public key.
>>
>> The writer computers the shared secret per the DH algorithm
>
> This is the real trick though - the DH algorithm requires two-way
> synchronisation in advance of sending the payload. This is easy enough
> with a realtime connection, but much harder with email.
Diffie-Hellman may be used interactively, but it is not necessary.
See the specification of Diffie-Hellman over an elliptic curve emplyed
for *encryption* in OpenPGP as described in RFC 6637
<https://tools.ietf.org/html/rfc6637#section-8>). There is a summary of
the protocol in page 8. Note how it requires no “two-way
synchronization”. As described here, the sender generates an ephemeral
key. If the sender uses *his* ECDH key instead of an ephemeral one then
the shared secret can be used to derive the key of a MAC algorithm and
used for deniable authentication.
Obviously there is the requirement that the receiver knows that the key
used by the sender really belongs to the sender and not an impersonator.
This is a general requirement in public key cryptography also applicable
for digital signatures.
> And as others have pointed out, plausible deniability isn't a panacea.
> It's only really useful in the case where your adversary must prove
> their assertions to an independent fourth party beyond reasonable doubt.
> It might keep you out of jail in a well-functioning democracy, but it
> won't save you from the mafia, the CIA or Kim Jong Un.
I am well aware of that. Although deniable encryption is not a panacea
it is an improvement. It gives less power to the correspondent to blackmail.
--
Do not eat animals; respect them as you respect people.
https://duckduckgo.com/?q=how+to+(become+OR+eat)+vegan
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 228 bytes
Desc: OpenPGP digital signature
URL: </pipermail/attachments/20170902/410cb118/attachment.sig>
More information about the Gnupg-users
mailing list