Using GPG to create virtual email addresses
Jacob Anawalt
jacob@cachevalley.com
Sat Oct 4 10:41:01 2003
Ingo Klöcker wrote:
>On Thursday 02 October 2003 03:21, Jacob Anawalt wrote:
>
>
>>Jacob Anawalt said:
>>
>>
>>>Maybe there is some
>>>'light signature' option that would work better.
>>>
>>>
>>Let me expand on this idea a little more. It seems that a signature
>>must have something that says what encryption was used and some info
>>that allows the unencoder to know who's signature it is and then an
>>encoded hash of the data it is signing. When I sign a lot of data the
>>signature is large. When I sign very little data, it is small.
>>
>>
>
>That's wrong. The signature has a fixed size because it's just a hash of
>fixed size, e.g. an MD5 hash is always 128 bit and a SHA-1 hash is
>always 160 bit. This means in base64 encoding (which has to be used
>because email header must only contain 7-bit ascii data) the size of
>the signature is at least 22 bytes (MD5) or 27 bytes (SHA-1).
>
You're right. I don't know how I thought I saw what I did. My test
signature seems to have 64 characters, CRLF, 24 characters, CRLF, five
characters. I have no idea which part is the hash and which is the key,
or if it is all a key of the hash. If there were no data to hash, how
small could this be? Only 22/27 bytes smaller?
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
hi
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.3 (GNU/Linux)
iD8DBQE/foF8vdaM6UF7o8YRAlNpAJ4yCyBmuBfCg3zUFMXIU2qe0MH4jwCfV3+e
kvFfNHdoZSOTXm1aSxq2yK8=
=f32U
-----END PGP SIGNATURE-----
>
>
>
>>In
>>either case there seems to be a substantial amount of header data.
>>
>>If we pre-agree on an algorithm and we know externally the claimed
>>'owner' of the signature by looking at the MAIL FROM value, how small
>>can the signature be? Could it fit within (64 - size of GPG id + 1)
>>and be only local-part compliant data?
>>
>>
>
>See above.
>
>
>
>>I would much prefer the double encrypted data idea, but if that is
>>out of the question then I would at least want a piece of signed data
>>accessable by the RCPT TO stage to help show the MAIL FROM was not
>>forged.
>>
>>
>
>For each key that is used for encryption the session key has to be
>encrypted with this key. This means that for each encryption key you
>have to at least add the size of the session key (which is at least
>another 128 bit, i.e. 22 bytes in base64 encoding).
>
So at least 44 of the 64 total bytes are just for the session key. That
doesn't leave much.
In my first email I said that protection of the data is not the issue. I
don't really care if my username is hidden, infact it may be
advantageous if it is not hidden. What I am looking for is a virtual
username (email address local-part) that is unique per sender/reciever
pair, and the identity of that pair is some combination of the two's GPG
information. Short of that, I would like a virtual username that has the
recievers identity and the assurance that the sender is who they say
they are built into it before making the decision to send a 4xx/5xx or
say 250 OK and accept the data portion of the SMTP transaction.
Somehow I would like to use or tie back into the PGP/GPG trust system.
Maybe I need to think of some parallel system where virtual email
mapings are stored and somehow those mappings are signed by the users.
>
>
>
>>There hasn't been a response yet so I wonder if I'm asking in the
>>wrong place or if people are reading this and rolling their eyes.
>>Even a quick note to say I'm way off base or looking in the wrong
>>direction would be appreciated. ;)
>>
>>
>
>Check out http://www.ietf.org/rfc/rfc2440.txt for more information.
>
>
This full scope of this document is a bit beyond my comprehension at the
moment. That is why I asked on this list. I am having a hard time
gleaning the answer to my question(s) from it. I did read that
implementations should not assume that the key ID is unique, so I won't
count on that.
Am I just hoping for something that isn't going to work?
--
Jacob