ietf-openpgp
[Top] [All Lists]

Re: processing of "speculative" key ids: MAY -> SHOULD ¦MUST

2000-01-21 06:40:37
Werner Koch <wk(_at_)gnupg(_dot_)org> wrote on Fri, 21 Jan 2000 10:59:10 +0100:

How do you get the passphrases in the secure memory? I see no way to
do this without manual operator action - and this prevents automatic
restart of machines after power failure etc.

On first start-up, the passphrases have to be entered by the
operator manually. Then they are stored in memory and
additionally in symmetrically encrypted form on the disk. The
passphrase for symmetric encryption is derived from machine and
configuration specific data (in a way I do not intend to publish)
to ensure that simply stealing the encrypted password file
is of no help to a thief.

If a power failure has occured, the restarting mail-server reads
the saved table from disk into secure memory and decrypts it. If
decryption fails (e.g. due to a changed machine), the passphrases
for all keys are asked again.

The details are on my website "www.redtenbacher.de/signatur/"
in the section "Die Sicht des Programmierers" (The programmer's
view), sub-section "Passwortverwaltung, -speicherung und
Diebstahlschutz" (Password administration, storage and protection
against theft).

This approach has, of course, some drawbacks:

(a) The protection of the password file depends essentially on a
    secret algorithm - something that will be disliked by any PKI
    purist.
(b) I (as the author of the secret algorithm) would be able to
    steal the passphrases if I ever got physical access to the
    mail-server for long enough to determine all those machine
    and configuration characteristics that are used in
    deriving the symmetric password.

Therefore my solution certainly would not be acceptable to the
research division of a major company or any secret service :-)
It is, however, a very workable approach to ensure safe Internet
transport of non-classified communication between city
administrations and citizens as it guarantees for e-mail at least
the same level of security that currently exists for paper mail.
(The city administrations assume that on the Internet, a high
level of protection is needed whereas inside the house, a
moderate level of protection is okay - see
"www.redtenbacher.de/signatur/intro.htm")

- Wolfgang Redtenbacher

---------------------------------------------------------------------
Redtenbacher Software                Tel.:   +49 7159 17046
Roemerstr. 11/1                      Fax:    +49 7159 17047
D-71272 Renningen                    e-mail: wolfgang(_at_)redtenbacher(_dot_)de
---------------------------------------------------------------------


<Prev in Thread] Current Thread [Next in Thread>
  • Re: processing of "speculative" key ids: MAY -> SHOULD ¦MUST, wolfgang <=