gnutls_openpgp_crt_verify_self and key fingerprint
Ilari Liusvaara
ilari.liusvaara at elisanet.fi
Wed Dec 30 23:50:06 CET 2009
I'm writing new protocol implementation that utilizes TLS-OpenPGP
and GnuTLS and I am not completely sure what I'm doing with
authentication is safe thing to do:
Does gnutls_openpgp_crt_verify_self() verify OpenPGP certificate
throughly enough that the gnutls_openpgp_crt_get_fingerprint()
output can be trusted not to be forgeable by grabbing certificate
(without stealing/deriving corresponding private keys) with desired
fingerprint and tampering with it?
The scenario I'm most worried about is attacker using unauthorized
subkey (missing/invalid main->subkey signature) to pass TLS signature
checks. If that is not caught, the fingerprint value will be
completely untrustworthy (since AFAIK fingerprint comes from the
main key and does not directly cover subkeys). I'm guessing whole
purpose of ...verify_self() is to catch trickery like that (if not,
what it is for?)
I have tried to search for information wheither what I'm doing
is safe or not, but I haven't come up with information either
way. And looking at documentation and OpenPGP RFCs was not
very helpful.
And no, gnutls_openpgp_crt_verify_ring() is effectively not an
option (I don't go into details why here).
-Ilari
More information about the Gnutls-help
mailing list