Encrypt & Sign

Neil Williams linux at codehelp.co.uk
Sat Jan 15 00:30:10 CET 2005 

On Friday 14 January 2005 8:32 pm, Atom 'Smasher' wrote:
> On Fri, 14 Jan 2005, Vishal Rao wrote:
> > Also, is there a legal significance of signing clear data rather than
> > encrypted data? (Signer clearly knows what he signed) With OpenPGP or
> > PKI?
>
> ===================
>
> in a techno-philosophical sense, you never *really* know what you're
> signing unless you do the math by hand...

That's disingenious Atom - the premise of the article is a rogue program. 
Isn't that why we use free software? That's why we verify GnuPG carefully 
before installing, why we have the source code to inspect to allay precisely 
these fears.

Despite what the article says, it is NOT possible for someone else to sign 
this email with this key. Anyone who has had their key signed by my key(s) 
will be able to determine that I consented to the signature made on this 
email and it's content.

The whole point of the WoT is to tie the person to the key. Tying the person 
to the key ties the person to the computer used to access the key and hence 
the circle is complete.

I would challenge anyone to prove that I did not sign and consent to the 
precise and complete content of the signed component of this message.

Just because someone else can create a *similar* key with no passphrase that 
can be used to sign anything, doesn't mean that MY signature is any less 
valid. It relies on my key being trusted. A false key can never duplicate the 
trust - that is why there was so much discussion about the GD keyserver, 
anything that affects key signatures is of concern. The WoT is fundamental to 
how GnuPG and PGP work. If the GD had threatened to weaken the WoT, the fuss 
was fully justified. As it happens, the discussion has still raised important 
issues.

> Solving this problem requires a trusted signing computer

Not true. It requires trust in the key and the person identified in the key. 
It also requires that you update that key to check for revocation.

I can sign my email from any computer to which I copy my secret key. Part of 
trusting a key is trusting that the key holder won't do something stupid like 
copy their secret key to a public location. That's why face-to-face 
verification is so useful, it allows time to discuss issues and make that 
assessment.

All that is needed to be trusted is the key holder - that s/he can be trusted 
to manage their key properly and carefully and to take reasonable precautions 
against leaving their secret key somewhere that anyone else has access.

> Digital signatures prove, mathematically, that a secret value known as the 
> private key was present in a computer at the time Alice's signature was 
> calculated. It is a small step from that to assume that Alice entered that 
> key into the computer at the time of signing. But it is a much larger step 
> to assume that Alice intended a particular document to be signed.

That step is covered by revocation. 

> Because the computer is not trusted, I cannot rely on it to show me what it 
> is doing or do what I tell it to. 

The computer does not need to be trusted, it's the keyholder and his/her 
behaviour that is trusted by those who have signed the key. Both parties can 
trust the code because the code can be inspected.

> And  
> without a tamperproof computer trusted by Alice,

Access to the secret key doesn't equate to compromise of the key - there's 
still the passphrase. Or is he asserting that a keyboard sniffer is also 
required now?

How's that different to someone copying a written signature and taking 
measures, in advance, to get a usable copy?

> you can expect "digital  
> signature experts" to show up in court contesting a lot of digital 
> signatures.        

All he's saying, in a lengthy and confused fashion, is that you can't trust a 
signature made by an untrusted key. Wow, big news.

The key isn't trusted, so why should you trust the signatures???? You can't!

All these emails that show up in yellow in KMail (signature mathematically 
valid but key untrusted) - the signatures are nice but cannot be trusted as 
the key is untrusted.

I sign emails because there are people out there who HAVE signed my key and 
had their key signed with mine. They are the only ones who can truly say that 
my signatures are genuine and reliable. They know me, they have all met me 
(those who are cross-signed) and all talked about how keys are handled and 
used. Others on this list will be able to trust my key because of people they 
have met. For everyone else (including you, Atom), my signatures are useful 
but cannot be used to prove that I sent it - only that the signature is valid 
but you cannot trust the key.

It isn't enough that I can encrypt to those people, they need to know that it 
is ME sending the information, not just that someone has got their public key 
and chosen to encrypt the content with it. That's why I sign and encrypt to 
those people - I know only they can read it, they know only I could have sent 
it.

None of that is possible without keysignings and the WoT.

> Why Digital Signatures Are Not Signatures
> http://www.schneier.com/crypto-gram-0011.html#1

It IS better than a physical signature - he makes the point himself that a 
written signature still has to be verified by an external authority - be it 
the person under oath or a handwriting expert - to prove that it is a genuine 
signature. Handwritten signatures are easily copied. Digital signatures 
cannot be copied.

Having a perfect digital reproduction of my written signature could get you 
into all kinds of situations in my place. Having a perfect digital 
reproduction of my digital signature gets you nowhere.

(Some people put images of their written signature in their keys - seemed 
crazy to me, as if trying to certify the key with a weaker form of 
verification!)

If you've been signed by my key, my digital signature is better than any 
written signature. No-one can hide the content of this email from me before 
signing (as you can with paper), no-one can tamper with this email and change 
the content without the signature being broken (as you can with paper). You 
have to know me pretty well to recognise my written signature - I sign so 
many things it often changes (as my bank can testify)! 

Nothing is completely secure, but the combination of the WoT and digital 
signatures CAN be used to prove that a document was knowingly signed by an 
identifiable, physical person who has been independently verified by multiple 
other people and who is named in the key that made the signature.

What paper signature can do the same?

Of course this is a signature, it is a verifiable and tamper-proof seal 
created uniquely by me and which can be uniquely tied to me as a physical 
person - no matter what computers were used in the generation process.

The fact that you are not currently one of those people who CAN trust my key 
is not for want of trying, you don't seem to have many signatures on your 
key. I'm doing my bit, are you?

-- 

Neil Williams
=============
http://www.dcglug.org.uk/
http://www.nosoftwarepatents.com/
http://sourceforge.net/projects/isbnsearch/
http://www.williamsleesmill.me.uk/
http://www.biglumber.com/x/web?qs=0x8801094A28BCB3E3

-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
Url : /pipermail/attachments/20050114/9cbda653/attachment.pgp

More information about the Gnupg-users mailing list