[OTR-dev] Allow OTR to use one of my OpenPGP sub/keys?

Hans-Christoph Steiner hans at guardianproject.info
Wed Nov 6 11:12:30 EST 2013


On Wed, 06 Nov 2013 12:37:48 +0000
Ximin Luo <infinity0 at gmx.com> wrote:

> On 06/11/13 12:31, Ximin Luo wrote:
> > On 06/11/13 12:22, cypherpunks.boxy at xoxy.net wrote:
> >>
> >> Any thoughts on allowing OTR to grab a key from an OpenPGP cert?  
> >>
> >> It might restrict the keys it grabs to those with a uid matching
> >> the account.
> >>
> >> That would allow us to manage our own keys, instead of generating
> >> scads of new ones; and it would allow OTR to be leveraged by the
> >> WoT.
> >>
> >> /DA
> >>
> >> (Not a dev here.  Forgive me if the question's been asked.)
> >>
> > 
> > See this discussion[1] and subsequent messages.
> > 
> > TL;DR version is yes you can do it, and some of us want to do it.
> > The least problematic workflow that is most compatible with
> > existing workflows is:
> > 
> > - have a tool, e.g. some extension to monkeysphere, that creates an
> > Authentication-use subkey with the critical notation that says
> > something like "for OTR use only"

We have ideas about this in an app idea we're calling Clean Room:
https://dev.guardianproject.info/projects/psst/wiki/CleanRoom

> > - have another (or the same) tool to convert this PGP subkey into
> > an OTR subkey, and installs it in the right place.

We have this working to a rudimentary degree in our KeySync app.
Exporting to lots of OTR formats works well, but the parsing from the
GPG key is quite minimal now.  (patches welcome :)

https://guardianproject.info/apps/keysync/
 
> I should add a third component too:
> 
> - have yet another tool that scans your otr application for collected
> public keys, and tries to verify their validity against your PGP
> trust database, optionally downloading missing keys from keyservers.
> 
> (monkeysphere has analogues of all these already, but for SSH keys).

This is something that we want to implement in keysync as well, but
nothing is done past the thinking stage.


> > There also needs to be some research on which specific cipher
> > algorithms we can/can't use, because PGP/OTR uses different ones
> > IIRC.
> > 
> > X
> > 
> > [1]
> > http://lists.cypherpunks.ca/pipermail/otr-users/2013-June/002211.html

Good point here. We've haven't played with it enough to encounter
issues here yet.

.hc


-- 
PGP fingerprint: 5E61 C878 0F86 295C E17D 8677 9F0F E587 374B BE81
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 904 bytes
Desc: not available
URL: <http://lists.cypherpunks.ca/pipermail/otr-dev/attachments/20131106/f61ba641/attachment.pgp>


More information about the OTR-dev mailing list