[OTR-dev] OTR keys as OpenPGP subkeys

Ian Goldberg ian at cypherpunks.ca
Fri Nov 11 08:00:07 EST 2011


On Thu, Nov 10, 2011 at 09:37:02PM -0500, Hans-Christoph Steiner wrote:
> 
> I'm working on a project as part of the Guardian Project that aims to make it really easy for people to keep their encryption keys in sync across the devices they use, as well as making it easy to verify the keys of the people who are on the other side of the communication.
> 
> First off, I'm not a cryptographer.  I am a hacker who focuses on making software that is as simple as possible to use while not obscuring meaningful details.  I'm currently exploring the idea of storing OTR keys as OpenPGP subkeys. So I want to ask, is it crazy to think about linking in OTR keys into an OpenPGP identity?
> 
> And for my next step, I'm trying to find ways to export the keys from the otr.private_key and otr.fingerprint files.  Any tips on the file format and how to convert the keys to a widely understood format, like x509 or OpenPGP?

This idea comes up every so often.  The tricky bit is that, given an AIM
id (otr4ian) for example, how should the OTR software know which key in
your gpg keyring to use for that?  At some point, you're going to have
to manually acknowledge that aim:otr4ian is the same person as owns the
iang at cs.uwaterloo.ca gpg key.  If you have a good UI solution for that,
we'd be happy to help this along, but no one's presented one yet.

I guess if you don't care so much about the buddy authentication, but
just getting all your keys in one place, it's less of a problem.  [Isn't
the guardian stuff on mobile devices, though?  Do they use the same
otr.private_key file format?]

   - Ian



More information about the OTR-dev mailing list