[OTR-dev] RSA signatures again

Timo Sirainen tss at iki.fi
Sat Aug 24 11:04:06 EDT 2013


On 24.8.2013, at 17.41, Ian Goldberg <ian at cypherpunks.ca> wrote:

>>>>> I was planning to use libotr for a project where I'd need both
>> "normal" asymmetric encryption (RSA probably) and OTR-like encryption.
>> The problem is that I was hoping to use a single public key for both
>> uses, but OTR uses only DSA and I can't do encryption with it. My next
>> thought was to modify libotr to support RSA signatures as well, but
>> since I'm not really a crypto expert I thought I'd ask here first if
>> that's even a good idea? Would it be as simple as changing the
>> DSA-specific code to RSA or are there some deeper problems to solve as well?
>>>> 
>>>> At least it seems to work..
> 
> Wait: you're trying to use the same key for signing messages in OTR and
> for decrypting messages in another protocol?  This is an *extremely* bad
> idea cryptographically.  Or do I misunderstand?

I understood that the DSA public key in OTR are only used to identify the sender during AKE, not sign the actual messages. So if that is replaced by RSA public key, which is also used for encrypting messages in external protocol, is that a bad idea? (The OTR communication isn't encrypted or signed in that protocol.)

My other idea was to use RSA key for the external protocol and keep using DSA for OTR. Then always distribute the DSA public key with the RSA public key. Maybe also sign the DSA key with the RSA key or vice versa. But I don't see how that's different from just using the same RSA key also in OTR?




More information about the OTR-dev mailing list