5

I am trying to wrap my head around how Public Key Cryptography can really work in a secure manner.

From what I can gather, you go to example.com and download their PGP/GPG Public Key and add it to your keyring. They then send you a text file (or whatnot) signed with their Private Key or Encrypted with your Public Key; and you can verify its authenticity and/or decrypt it.

What if the attacker modified the website in transit to you and signed their own fake key under their name, and you put it in your key ring? Then you go on to validate and decrypt the tampered file assuming it is valid.

I assume I am talking about MITM tampering of the entire web traffic in between, or something similar. I am just unsure how "signing" can protect against that both the key and the data if they were faked in transit.

Chris S
  • 77,337
  • 11
  • 120
  • 212
Ken R.
  • 63
  • 2

3 Answers3

9

The scenario you describe requires multipe failures in the Web of Trust:

  1. The attacker would have to compromise the keyserver and put a fake copy of your public key there.
    Presumably if you're paranoid enough to use PGP you would have other people sign your key, so the attacker would have to get those people to sign the fake key (or contaminate an entire key chain).

  2. Other users would have to accept the compromised public key for use
    The truly paranoid only take keys physically from their owners. The regular paranoid (like me) only insist on this when signing a key.

  3. The attacker would have to compromise the data stream (decrypting it - the easy part since it's encrypted with their compromised key), modify it, re-encrypt it and sign it with the sender's private key

    Presumably if you're paranoid enough to use PGP you insist that you receive everything signed.
    Signatures are made with the sender's private key, so either the attacker compromised the sender's key or got you to accept a compromised version of their public key which you'll use to check the fake signature.

There is a wonderful book on this subject - Applied Cryptography - which explains more about the kinds of compromises required for this system to break down.

Chris S
  • 77,337
  • 11
  • 120
  • 212
voretaq7
  • 79,345
  • 17
  • 128
  • 213
  • 2
    +1 There's process to using PGP, much more than just blindly downloading and using someone's key; as Vortaq7 has pointed out. It's not terribly complicated, but should be understood before using PGP. – Chris S Aug 01 '11 at 17:14
  • You have answered a lot more than I had thought of to had asked, thank you very much for this insight. I will with great pleasure read the book you had mentioned, never thought of purchasing a resource like this. – Ken R. Aug 01 '11 at 19:15
  • IMHO Applied Cryptography is easily one of the best books on the subject. It won't make you a cryptosystems expert, but it will enable you to sit through dinner with a bunch of them without your eyes glazing over. – voretaq7 Aug 01 '11 at 20:22
5

Generally speaking, you need to be validating keys before you trust them.

In the case that you've outlined, that would mean only trusting the key if it's given to you through a secure channel (validated SSL, for instance), or in some other way that you trust (thumbprint hash communicated through a different means for validation, for instance).

Shane Madden
  • 112,982
  • 12
  • 174
  • 248
  • This satisfies everything, my main content I am serving under SSL, and I can surely serve the keys under it as well for things that aren't under that specific domain. Works for me, thank you. – Ken R. Aug 01 '11 at 16:43
1

Generally speaking for PGP, this is why there are key signing meetups, so that you can actually see the fingerprint in person, verify the other person's ID, and then get the public key itself online.

Aaron
  • 2,968
  • 1
  • 22
  • 36
  • I am one of the paranoid few: If I have not met you in person, shook your hand & verified the fingerprint I will not sign your public key. I have a similar standard for giving out shell accounts on my machines. – voretaq7 Aug 01 '11 at 20:15