So I thought I'd ask a PGP question.

Lets say I have 3 PGP users "A", "B" and "C".

B sends A their public key, which A signs and returns.

Now "B" and "C" dont have each other's public keys, but they do have "A"s.

If "B" signs a message that is sent to "C", but "C" only has "A"s public key, can "C" verify "B"s message without asking for "B"s public key?

I thought the answer was yes, but I'n not sure now...

...δεσ∩

... I don't deserve this, but I have arthritis and I don't deserve that either --- SBBSecho 3.11-Linux
* Origin: I'm playing with ANSI+videotex - wanna play too? (21:2/116)

If "B" signs a message that is sent to "C", but "C" only has "A"s public key, can "C" verify "B"s message without asking for "B"s public key?

Just so I'm understanding the question correctly, we're talking about some
sort of signature where you can decode it by using that user's public key, correct?

Thus you somehow have to have B's signature, which was encrypted with B's private key, become unencrypted by something other than B's public key?

That seems to be against the very idea of how a signature is supposed to
work. But maybe I'm missing something in the question.

And we're not counting things like A sending B's public key to C, right? Because A could do that; it's just that you have to trust A to be sending the correct public key, and not having just impersonated B the first time with
the signature.

--- Mystic BBS v1.12 A45 2020/02/18 (Linux/64)
* Origin: Storm BBS (21:2/108)

Re: Re: PGP question
By: Adept to alterego on Mon Jun 08 2020 07:23 am

Just so I'm understanding the question correctly, we're talking about some sort of signature where you can decode it by using that user's public key, correct?
Thus you somehow have to have B's signature, which was encrypted with B's private key, become unencrypted by something other than B's public key?

No, no decoding, nor encryption involved. With PGP, you can "digitally sign" a piece of text, that somebody can verify with a public key.

That seems to be against the very idea of how a signature is supposed to work. But maybe I'm missing something in the question.

Perhaps... Since I'm not talking about "encryption", but rather "digital signature", I'm wondering is it possible to validate that the message came from "B", because "A" signed "B"'s key and "C" has "A"s key...

SSL works the same way. A certificate on my website is validated by the fact that your browser trusts the root certificate that is an ancestor of my certificate. (The difference is, you also get my public certificate, so I may have answered my own question...)

IE: I'm wanting to verify that "B" send a message, when "C" receives it, and "C" doesnt have "B"s public key - but has "A"s and "A" also signed "B"s key.

...δεσ∩

... Youth doesn't excuse everything. Dr. Janice Lester stardate 5928.5.
--- SBBSecho 3.11-Linux
* Origin: I'm playing with ANSI+videotex - wanna play too? (21:2/116)

Hello δεσ∩!

** On Monday 08.06.20 - 14:11, alterego wrote to All:

So I thought I'd ask a PGP question.

Lets say I have 3 PGP users "A", "B" and "C".

B sends A their public key, which A signs and returns.

Now "B" and "C" dont have each other's public keys, but they do have "A"s.

If "B" signs a message that is sent to "C", but "C" only has "A"s public key, can "C" verify "B"s message without asking for "B"s public key?

I thought the answer was yes, but I'n not sure now...

You need the public key of the person who signed the message to verify
that message.



--- OpenXP 5.0.44
* Origin: Key ID = 0x5789589B (21:4/106.21)

On 08 Jun 2020, alterego said the following...

No, no decoding, nor encryption involved. With PGP, you can "digitally sign" a piece of text, that somebody can verify with a public key.

Since PGP is inherently peer to peer, there's no central authority that controls it. You would need a directory or listing of other people's public keys.

This is where the idea of a pgp key repository comes in. Perhaps the most famous is the one operated by mit at:

https://pgp.mit.edu

If you go to that site, you're able to submit your own public key & look up
the public keys of others.

You can then configure PGP clients to search one or more repositories if you don't happen to have their public key locally.

Of course for this to work all parties involved would need to be using the
same repositor(y|ies).

If you didn't want to use a repository, you would then need to make sure each client had each other's public key locally.


Jay

--- Mystic BBS v1.12 A45 2020/02/18 (Windows/32)
* Origin: Northern Realms BBS | bbs.nrbbs.net | Binbrook, ON (21:3/110)

Hello Warpslide!

** On Monday 08.06.20 - 11:19, Warpslide wrote to alterego:

This is where the idea of a pgp key repository comes in. Perhaps the most famous is the one operated by mit at:

https://pgp.mit.edu

When was the last time you used that one? The search function seems to be broken for nearly a year now. After a long delay, it still reports:

Proxy Error

The proxy server received an invalid response from an upstream server.
The proxy server could not handle the request GET /pks/lookup.

Reason: Error reading from remote server

If you go to that site, you're able to submit your own public key & look
up the public keys of others.

Maybe submission works, but I haven't tried it.

Of course for this to work all parties involved would need to be using the same repositor(y|ies).

I don't think that's true. I can fetch the public keys from anywhere, and you can fetch the same keys from somewhere else.


--- OpenXP 5.0.44
* Origin: Key ID = 0x5789589B (21:4/106.21)

No, no decoding, nor encryption involved. With PGP, you can "digitally sign" a piece of text, that somebody can verify with a public key.

Perhaps I'm still not following, but my understanding of a PGP signature is that I encrypt something (generally a hash) using my private key, and then
you decrypt it using the public key and see if it matches that something.

It's the reverse of encrypting a message, where I'd use your public key, and you'd decode with your private key.

Is that _not_ what a PGP signature is? How do you create something that's trustworthy as someone's signature without using encryption?

of my certificate. (The difference is, you also get my public
certificate, so I may have answered my own question...)

That would make sense, then.

With your example, it seems like you can see that A signed something, and if you trust A's signature, then that's good enough even without B's actual signature.

--- Mystic BBS v1.12 A45 2020/02/18 (Linux/64)
* Origin: Storm BBS (21:2/108)

Re: Re: PGP question
By: Warpslide to alterego on Mon Jun 08 2020 11:19 am

Since PGP is inherently peer to peer, there's no central authority that controls it. You would need a directory or listing of other people's public keys.

So the only value of cross-signing keys is to increase trust (of the public key). IE: If Alice and Bill signed Cindy's key, and I receive something from Cindy it must be Cindy (not somebody protending to bre Cindy) becase I know Alice and Bill and trust them...

(But Cindy also needs to give you her cross signed public key by Alice and Bill
right?)

If you didn't want to use a repository, you would then need to make sure each client had each other's public key locally.

Ahh, OK, I thought cross signing might mitigate that - but then you confirmed my doubts, tks.

...δεσ∩

... Gossip is when you hear something you like about someone you don't.
--- SBBSecho 3.11-Linux
* Origin: I'm playing with ANSI+videotex - wanna play too? (21:2/116)

Re: Re: PGP question
By: Adept to alterego on Mon Jun 08 2020 08:22 pm

Perhaps I'm still not following, but my understanding of a PGP signature is that I encrypt something (generally a hash) using my private key, and then you decrypt it using the public key and see if it matches that something.

With PGP, you can choose to encrypt something - so that only the receipent can see it, or you can choose to sign something - which proves you are the only person that sent it.

When you "sign" it does not have to be encrypted. IE: I can clear sign a piece of text, that anybody can read, but the signature below it will only be validated with my public key, prooving it came from me.

...δεσ∩

... Don't force it, get a larger hammer.
--- SBBSecho 3.11-Linux
* Origin: I'm playing with ANSI+videotex - wanna play too? (21:2/116)

Re: Re: PGP question
By: Adept to alterego on Mon Jun 08 2020 08:22 pm

Perhaps I'm still not following, but my understanding of a PGP
signature is that I encrypt something (generally a hash) using
my private key, and then you decrypt it using the public key
and see if it matches that something.

With PGP, you can choose to encrypt something - so that only the
receipent can see it, or you can choose to sign something - which
proves you are the only person that sent it.

When you "sign" it does not have to be encrypted. IE: I can clear
sign a piece of text, that anybody can read, but the signature
below it will only be validated with my public key, prooving it
came from me.

I'm pretty sure Adept is right here, a signature (the little bit down
the bottom) is an encrypted hash of the message, which has been
encrypted using the private key so it can be decrypted with the public
key and that's how verification of the (unencrypted) message works.

Andrew


--- MagickaBBS v0.15alpha (Linux/x86_64)
* Origin: HappyLand - telnet://magickabbs.com:2023/ (21:1/126)

When you "sign" it does not have to be encrypted. IE: I can clear sign a piece of text, that anybody can read, but the signature below it will
only be validated with my public key, prooving it came from me.

I get that.

The thing is, you sign using PGP by applying your private key to it. Since
it's a symmetric key, whether you use the public or private key doesn't
matter, because one encodes, and the other decodes. It doesn't matter which.

Mind you, it'd be pretty easy to break if you only encrypted using your
private key, because anyone can unencrypt it.

But that's exactly what happens with a signature. It's literally applying the private key to something, which the public key decodes.

It's a signature because it requires using the private key that
(theoretically) no one else has access to, and thus you know that it's a signature because your public key, and only your public key, validates it.

I found a couple of pages on it, and maybe those explanations would make more sense for you.

https://www.docusign.com/how-it-works/electronic-signature/digital-signature/ digital-signature-faq

and

https://www.quora.com/What-is-a-PGP-signature

--- Mystic BBS v1.12 A45 2020/02/18 (Linux/64)
* Origin: Storm BBS (21:2/108)

I'm pretty sure Adept is right here, a signature (the little bit down
the bottom) is an encrypted hash of the message, which has been

Thanks. Hopefully your explanation makes sense to them.

--- Mystic BBS v1.12 A45 2020/02/18 (Linux/64)
* Origin: Storm BBS (21:2/108)

Re: Re: PGP question
By: apam to alterego on Tue Jun 09 2020 09:17 am

I'm pretty sure Adept is right here, a signature (the little bit down
the bottom) is an encrypted hash of the message, which has been
encrypted using the private key so it can be decrypted with the public
key and that's how verification of the (unencrypted) message works.

Actually, I wasnt 100% sure that it was - hence why I started down this path.

My doubts where two fold:
* Encrypting something is done from public key -> private key (ie: encrypt with the public key, de-crypt with the private key), and private key (it can encrypt and decrypt). I didnt think you could encrypt with your private key, and the public key can decrypt it.

* So I was thinking the "little bit at the bottom", is not something encrypted, but rather something that is base64 encoded of the result of a computation. It is the hash of the message, using the public key portion of your key (your public key provides the nonce), that somebody else with your public key can come to the same calculation. And thus if they do, it was from you.

So I was wondering if the "little bit at the bottom" also had other key computation results (because your key is signed by somebody else), and thus with that other public key, while I cant directly validate the message can from you, I can indirectly, because I also have that "other public key" and can validate that hash. (Did I loose you...?)

But Oli said, you cant do that validation without the original public key at all, so perhaps I've got my answer. It was good to talk through it though.

...δεσ∩

... Committee work is like a soft chair...easy to get into but hard to get out --- SBBSecho 3.11-Linux
* Origin: I'm playing with ANSI+videotex - wanna play too? (21:2/116)

On 09 Jun 2020, alterego said the following...

So the only value of cross-signing keys is to increase trust (of the public key). IE: If Alice and Bill signed Cindy's key, and I receive something from Cindy it must be Cindy (not somebody protending to bre Cindy) becase I know Alice and Bill and trust them...

Exactly, cross-signing is only for increasing the trust level for that key.

When I was playing around with PGP many years ago there was this web-of-trust thing still happening. (It might still be?)

I met a couple of people in a downtown coffee shop & we all showed each other our drivers licenses (this was before smartphones, so there was no risk of
them taking a picture of the ID), we had a coffee and a few hours later I got an email saying they had signed my key, and I signed theirs.

I don't know that really made it any more "trustworthy". Now-a-days you can publish your public key in DNS, and if you happen to have DNSSEC enabled you can trust the response hasn't been tampered with.

e.g: If there was a PGP public key published as a TXT record at:

alterego._pka.alterant.leenook.net

And it contained
"v=pka1;fpr=<PGP key fingerprint>;uri=https://alterant.leenook.net/alterego.pub.txt"

Assuming the DNS answer was signed with DNSSEC and the URI pointed to an
https site, I would trust that key just as much as of it were signed by 300 random strangers.

(But Cindy also needs to give you her cross signed public key by Alice
and Bill right?)

Exactly, each time your key is signed, it would need to be re-published.

Jay

--- Mystic BBS v1.12 A45 2020/02/18 (Windows/32)
* Origin: Northern Realms BBS | bbs.nrbbs.net | Binbrook, ON (21:3/110)

On 09 Jun 2020, alterego said the following...

I met a couple of people in a downtown coffee shop & we all showed
each other our drivers licenses (this was before smartphones, so
there was no risk of them taking a picture of the ID), we had a
coffee and a few hours later I got an email saying they had signed
my key, and I signed theirs.

You probably don't even need to exchange IDs to "prove" who you are to each other. What would the paper IDs really prove anyway? Documents can be faked.

Instead, when you are all meeting in person, just announce that you (person A) just sent an encrypted message to person B with the string "321" or something. When person B receives that and verifies a few seconds later then you have confirmation that you just "identified" the sender.

Btw.. did anyone wonder about the asymetrical pattern that was used on the parachute for the recent Mars landing?

"Clark, a crossword hobbyist, came up with the idea two years ago. Engineers wanted an unusual pattern in the nylon fabric to know how the parachute was oriented during descent. Turning it into a secret message was ôsuper fun,ö he said Tuesday."
--- SBBSecho 3.13-Linux
* Origin: The Rusty MailBox - Penticton, BC Canada (21:4/106.1)