Re: GPG
- From: Daniel James <wastebasket@xxxxxxxxxxxxxxxx>
- Date: Sat, 15 Nov 2008 14:20:56 -0000
In article news:<gfm6jh$va9$1@xxxxxxxxxxxxxxxxxxx>, 1Pw wrote:
3.) Alice may encrypt/sign her text, so that it becomes a cyphertext,
using Bob's public key. In a practical sense, only Bob may decrypt
the email back into plaintext with his PGP/GPG. Bob may be quite
certain that the email came from Alice. The man in the middle's
only possible interference /might/ be to intercept the message from
Alice on the way to Bob and prevent it from reaching Bob. However,
the man in the middle would not reasonably ever me able to know the
deciphered content of the email.
Not quite ...
Alice may encrypt the message with Bob's public key, she may sign the
message with her own private key, or neither, or both. She cannot sign
with Bob's key, and her encrypting with Bob's key does not allow Bob to
determine that the message came from Alice.
Encrypting the message with Bob's public key ensures that only Bob --
the only holder of Bob's private key can read the message. This assumes
that Bob has taken adequate measures to ensure that nobody else has
learned his private key and that the entire GPG cryptosystem hasn't been
broken in some way (such as a breakthrough in the mathematics behind it
or the discovery of a serious bug in the code) -- but in general these
things may safely be assumed.
Note that Bob's public key is, in general, known to many people so the
fact that Alice has chosen to encrypt the message does not in any way
guarantee that Alice is the sender. Alice must, however, be sure that
the key she uses does indeed belong to Bob, and not some eavesdropper
(who is conventionally referred to as "Eve") otherwise it will be the
eavesdropper (and not Bob) who can decrypt the message.
In signing the message Alice does not in any way alter or obscure the
content of the message, she merely appends a digital signature -- a
block of data that depends on the content of the message and on the
value of Alice's private key. Annyone who receives the message can read
it, and anyone who has Alice's public key can verify that the message
has not been altered in any way, and that Alice was indeed the sender.
In general Alice's public key is well-known, so anyone can verify these
things. Note that having the ability to verify the signature does not
imply having the ability to alter the message and re-create it. A
private key and its corresponding public key are a complementary pair,
and neither can be used to perform the tasks of the other.
Not that for this to be meaningful Bob must be quite sure that the key
he believes to be Alice's is genuine. If there is any possibility that
some other party -- Eve, say -- has published a bogus key in Alice's
name and tricked Bob into believing that the bogus key is the correct
one then it will be possible for Eve to alter Alice's message, sign it
with the bogus key, and pass it on to Bob to whom it will appear
genuine.
PGP/GPG has mechanisms to allow the user to attach a "level of trust" to
every other user's public key held on his keyring. If Bob has received
Alice's key directly from Alice then he will presumably trust it
absolutely, if he has received it from some other person whom he
personally knows he will possibly trust it only a little less (because
he cannot be quite so certain of the key's provenance), but if he has
received it via a casual acquaintance or colleague he will trust it much
less. If he receives the key directly in an unsecured EMail from Alice,
whom he has never met, he should not trust it at all, because the EMail
might actually be from Eve.
This PGP key management scheme works well among relatively limited
groups of which all the members know at least some of the others, so
that a ring of trust can be established.
In the more general case, where Alice and Bob are complete strangers who
have a need to communicate securely, it is usual to employ a different
scheme, making use of the services of a "Trusted Third Party"
(conventionally known as Trent). In such a scheme Alice and Bob (along
with many others) each generate their private and public keys, and each
send their public keys to Trent. Trent creates a 'certificate' for each
of them -- a digital record of their identity and their public key,
signed by Trent -- and returns it to them. Trent then makes his own
public key widely known (and arranges for it to be distributed widely by
the likes of Microsoft, Apple, Mozilla, etc., so that every computer
user in the land will have copy). Alice and Bob can then provide each
other with copies of their public key certificates, and as each trusts
Trent they both trust that the keys are genuine.
For this to work, Trent must establish his credentials as a trustworthy
intermediary. He must demonstrate that he performs some degree of
checking of the credentials presented to him by Alice and Bob (and all
the others) before issuing their certificates. He must demonstrate that
his own private key, which is used to sign the certificates, is managed
securely and is not liable to become known to Eve (or anyone else). He
will probably have to support his claim to trustworthiness by offering
financial compensation to any user of his certificates who nevertheless
suffers loss through fraud -- and for this he will probably have to pay
a hefty insurance premium. The issuing of secure and trustworthy
certificates is big business, and there is a charge for certificates
issued by commercial Certification Authorities, the actual cost
depending on the effort put into the checking of credentials and the
amount of insurance offered.
Cheers,
Daniel.
.
- References:
- Prev by Date: Re: GPG
- Next by Date: Re: GPG
- Previous by thread: Re: GPG
- Next by thread: Re: GPG
- Index(es):
Relevant Pages
|
