0

I have a public pgp key, so that users can send me an encrypted message. Ofcourse, any user that wants to send me a message, wants to verify that the public key (s)he has, really belongs to me. From what I have read, one can publish his public key to a trusted third party (for example: the MIT PGP Public Key Server). The MIT PGP server then ensures the user that the key really belongs to me. My problem is: can't everyone forge a key on that server (there is no mail verification)? Isn't the method insecure?

Imagine:

  1. My name is John Doe. My public key is 0xE3D, my mail adress is john@doe.com
  2. An atacker Eve. Eve has a public key 0xA49, and wants to pretend that he is is John Doe
  3. John publishes his public key on his website and registers his key on the PGP server. He states on his website: my key is created on 1/1/15, my key is 0xE3D, my mail is john@doe.com and you can verify my key at the MIT PGP server.
  4. Eve registers his public key (0xA49) on the MIT PGP key server with John his email (after John has published his .
  5. When a user Alice visits John's website, Eve performs a MITM attack and changes the message on the website to: my key is created on 1/2/15, my key is 0xA49, my mail is john@doe.com and you can verify my key at the MIT PGP server.

How can Alice know if the key 0xA49 really is Johns public key? When she looks up John Doe's key, she sees two keys: 0xE3D & 0xA49. How can she knows which key is really posted by John?

user3231622
  • 127
  • 4

1 Answers1

3

And that is why there are key signing parties. They're only parties in name, and not in practice. Except if there exists food and beer. A truism if there ever was one.

munchkin
  • 393
  • 1
  • 5