Fingerprint useless if not self-signed key?
Grant Olson
kgo at grant-olson.net
Sun Jan 2 23:13:10 CET 2011
On 1/2/2011 11:04 AM, takethebus at gmx.de wrote:
> And thankfully David Shaw answerd:
>
>>> By default, yes. You can override this,
>>> but it is not a good idea.
>
> Thus the answer to the question, whether one needs to check whether the key is self-signed is conneced with the word "override". What did he mean with that? Changing the source code of my version of gnuPG on my hard disk and recompiling or changing some sort of configuration file on my hard disk?
gpg provides many options for backward compatibility and
interoperability with other OpenPGP implementations. I'm presuming
David is talking about this:
<snip from 'man gpg'>
-allow-non-selfsigned-uid
Allow the import of keys with user IDs which are not self-signed.
This is only allows the import - key validation will fail and you have
to check the validity of the key my other means. This hack is needed for
some German keys generated with pgp 2.6.3in. You should really avoid
using it, because OpenPGP has better mechanics to do separate signing
and encryption keys.
</snip>
> If that's the case, then I don't need to advise people to check whether a key is self-signed, because an attacker needes access to my hard disk to override the self-sign-check. But if he already has access to my hard disk, he can as well to worse things like installing a keylogger or something. Thus in this case I'm beaten already, isn't that so?
>
As you've said, I'm not sure how plausible it is to worry about that
attack scenario. If someone is in a position gto modify your gpg.conf,
there are much easier ways to attack you than modifying that setting and
tricking you into loading an non-self-signed key years later.
>
> EXPLANATION
> The fingerprint is a hash value of the public master signing key only, NOT of the public subordinate encryption key. Only if that public subordinate encryption key is self-signed, I can be sure the owner of the private key wanted it to belong to his public key. Otherwise it might have been placed there by an attacker.
>
That's technically correct-- the best kind of correct. If I were
writing an introduction to OpenPGP, I'd focus on the purpose of the
fingerprint, and not the implementation details of keys and subkeys and
signing, and all that.
A fingerprint:
1) Allows you to verify that the key you have is the one you think you
have, and it hasn't been forged or modified.
2) Is only useful if obtained via an out-of-band channel, such as
meeting in person or over the phone. If someone can forge one email,
they can forge another. Same with webpages or keyservers.
3) Only authenticates the key itself. It doesn't do anything to
authenticate the user. It doesn't prove that jack_bauer at ctu.gov is who
he says he is. That's up to you.
--
Grant
"Can you construct some sort of rudimentary lathe?"
More information about the Gnupg-users
mailing list