From hans at guardianproject.info Thu Nov 10 21:37:02 2011 From: hans at guardianproject.info (Hans-Christoph Steiner) Date: Thu, 10 Nov 2011 21:37:02 -0500 Subject: [OTR-dev] OTR keys as OpenPGP subkeys Message-ID: I'm working on a project as part of the Guardian Project that aims to make it really easy for people to keep their encryption keys in sync across the devices they use, as well as making it easy to verify the keys of the people who are on the other side of the communication. First off, I'm not a cryptographer. I am a hacker who focuses on making software that is as simple as possible to use while not obscuring meaningful details. I'm currently exploring the idea of storing OTR keys as OpenPGP subkeys. So I want to ask, is it crazy to think about linking in OTR keys into an OpenPGP identity? And for my next step, I'm trying to find ways to export the keys from the otr.private_key and otr.fingerprint files. Any tips on the file format and how to convert the keys to a widely understood format, like x509 or OpenPGP? .hc ---------------------------------------------------------------------------- I have always wished for my computer to be as easy to use as my telephone; my wish has come true because I can no longer figure out how to use my telephone." --Bjarne Stroustrup (creator of C++) From ian at cypherpunks.ca Fri Nov 11 08:00:07 2011 From: ian at cypherpunks.ca (Ian Goldberg) Date: Fri, 11 Nov 2011 08:00:07 -0500 Subject: [OTR-dev] OTR keys as OpenPGP subkeys In-Reply-To: References: Message-ID: <20111111130007.GR2139@yoink.cs.uwaterloo.ca> On Thu, Nov 10, 2011 at 09:37:02PM -0500, Hans-Christoph Steiner wrote: > > I'm working on a project as part of the Guardian Project that aims to make it really easy for people to keep their encryption keys in sync across the devices they use, as well as making it easy to verify the keys of the people who are on the other side of the communication. > > First off, I'm not a cryptographer. I am a hacker who focuses on making software that is as simple as possible to use while not obscuring meaningful details. I'm currently exploring the idea of storing OTR keys as OpenPGP subkeys. So I want to ask, is it crazy to think about linking in OTR keys into an OpenPGP identity? > > And for my next step, I'm trying to find ways to export the keys from the otr.private_key and otr.fingerprint files. Any tips on the file format and how to convert the keys to a widely understood format, like x509 or OpenPGP? This idea comes up every so often. The tricky bit is that, given an AIM id (otr4ian) for example, how should the OTR software know which key in your gpg keyring to use for that? At some point, you're going to have to manually acknowledge that aim:otr4ian is the same person as owns the iang at cs.uwaterloo.ca gpg key. If you have a good UI solution for that, we'd be happy to help this along, but no one's presented one yet. I guess if you don't care so much about the buddy authentication, but just getting all your keys in one place, it's less of a problem. [Isn't the guardian stuff on mobile devices, though? Do they use the same otr.private_key file format?] - Ian From agl at imperialviolet.org Tue Nov 29 16:37:41 2011 From: agl at imperialviolet.org (Adam Langley) Date: Tue, 29 Nov 2011 16:37:41 -0500 Subject: [OTR-dev] No hash truncation in DSA signatures Message-ID: In http://www.cypherpunks.ca/otr/Protocol-v2-3.1.0.html, it says: "This is the signature, using the private part of the key pubB, of the 32-byte MB (which does not need to be hashed again to produce the signature)." In http://csrc.nist.gov/publications/fips/fips186-3/fips_186-3.pdf, section 4.6: "z = the leftmost min(N, outlen) bits of Hash(M)" Where outlen is the output length of the hash function (256 here) and N is the bit length of q (160 for OTR). libgcrypt doesn't do this and, therefore, not does the OTR protocol. I think it's worth making a note of that - it screwed me up for a while :) Cheers AGL -- Adam Langley agl at imperialviolet.org http://www.imperialviolet.org