ietf-openpgp
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: OpenPGP key fingerprints and stuff

1999-08-30 15:19:08
from [Dave Del Torto] [Permanent Link] 
At 4:12 PM -0400 1999-08-30, John S. Bucy wrote:

I'm in the process of developing a system that uses the OpenPGP message
format to encode messages sent over the network and have run into the
following issue:  The spec (RFC2440) states that signatures should contain
a "issuer's key ID" hashed subpacket.  I don't understand why this packet
wasn't defined to be an "issuer's key fingerprint" instead.  It seems to
me like it would save a huge amount of effort that implementations have to
go to to avoid problems with key ID collisions.


Well, but that collision problem is computationally non-existent,
since an OpenPGP implementor should use the full 64-bit keyID
internally. What you display for the user is a simplified 32-bit
version, which _would_ be vunlerable, as has been proved by the fact
that the new versions of PGP are *still* (arrgh) vulnerable to the
"0xDEADBEEF" attack (duplicate keyID in the UI).

For more info on that, ask Lutz Donnerhacke
<lutz(_at_)taranis(_dot_)iks-jena(_dot_)de> about his recent "mkhash" code.


It would make my code substantially simpler if I could have a "signer's
key fingerprint" instead.  And as the spec stands, I have to define my own
subpacket type for it.  Since the ID can be directly derived from the
fingerprint and they both have distinct, fixed lengths, it seems to me
like you could unambiguously use either one or the other in the same
subpacket without any other indication of which it was; if the length is 8
bytes, its the ID, if its 20 bytes, its the fingerprint. ...


Only the last 8 bytes of the 20-byte fingerprint match the (UI) keyID
(and only with the newer DSS/DH keytype).

   dave

____________________________________________________________________________
 Dave Del Torto, security architect               "Have keys, will travel."
 <mailto:Dave(_at_)DelTor(_dot_)to>     (air) +1.415.730.3583   (wire) 
+1.415.334.5533
 PGP/DH:  <http://pgp.surfnet.nl:11371/pks/lookup?op=get&search=0x28C029AF>
 Fingerprint: 9b29 031d 70de f566 e076 b108 904d fea3 28c0 29af  Size: 4096
 PGP/RSA: <http://pgp.surfnet.nl:11371/pks/lookup?op=get&search=0xD263D819>
 Fingerprint: c51f 47a9 30ae f132 27eb 5e75 2390 47c5            Size: 2048
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  OpenPGP key fingerprints and stuff, John S. Bucy
Previous by Thread:  OpenPGP key fingerprints and stuff, John S. Bucy
Indexes:  [Date] [Thread] [Top] [All Lists]