Re: [Openpgp-dt] v5 keys and hardware tokens (issue #63)
Daniel Kahn Gillmor <dkg@fifthhorseman.net> Fri, 01 April 2022 18:41 UTC
Return-Path: <dkg@fifthhorseman.net>
X-Original-To: openpgp-dt@ietfa.amsl.com
Delivered-To: openpgp-dt@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 66AC13A1855 for <openpgp-dt@ietfa.amsl.com>; Fri, 1 Apr 2022 11:41:23 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.109
X-Spam-Level:
X-Spam-Status: No, score=-2.109 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=neutral reason="invalid (unsupported algorithm ed25519-sha256)" header.d=fifthhorseman.net header.b=G2QyvDLx; dkim=pass (2048-bit key) header.d=fifthhorseman.net header.b=quvNY2VX
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 3cMCvUvxTw2a for <openpgp-dt@ietfa.amsl.com>; Fri, 1 Apr 2022 11:41:18 -0700 (PDT)
Received: from che.mayfirst.org (che.mayfirst.org [IPv6:2001:470:1:116::7]) (using TLSv1.2 with cipher ADH-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 12DD53A1869 for <openpgp-dt@ietf.org>; Fri, 1 Apr 2022 11:41:17 -0700 (PDT)
DKIM-Signature: v=1; a=ed25519-sha256; c=relaxed/simple; d=fifthhorseman.net; i=@fifthhorseman.net; q=dns/txt; s=2019; t=1648838475; h=from : to : cc : subject : in-reply-to : references : date : message-id : mime-version : content-type : from; bh=iQ4uRJHsZuzHHG1GBGhS6Az64ulYbtK1LiSwBG+9Qm0=; b=G2QyvDLxGDnsDRxTV1ZCQZHU7WDtmAyaDWXbDuXvFtfTN9S2dtKwC4N8vKntM3tYZ4xxY Btemos2Ng4+0I62CQ==
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=fifthhorseman.net; i=@fifthhorseman.net; q=dns/txt; s=2019rsa; t=1648838475; h=from : to : cc : subject : in-reply-to : references : date : message-id : mime-version : content-type : from; bh=iQ4uRJHsZuzHHG1GBGhS6Az64ulYbtK1LiSwBG+9Qm0=; b=quvNY2VXSspO9rBfpk5zD0Y4bySMHHlGogWs72sS6Ye3O0fPtdvw/VQw3bAdEhLssJgOD 8EW5c4d/RWuvJqmqbMucO4E/3ud6wGka2uP+hD+lykvqSU0dorE4h9804gYaExxuQCvtp/T tATjeiPqTFS1ai25O0GIWkqhEY8u1Y4hbxg2U9qH0dPWPfQu5Np8732dzPsL2gK4gK+0mwS TtMW4gM5KWRcagruYv+W3+/d92haXu9ftqGO1pe78xtLCrLIvvn4vkbWKMXq5y/9F+LttgR SdtJKwFT28VbdXZQj92pBeBz2YLUtkDTBHYghqhvb9co/RN0N95nJ6fzMUCg==
Received: from fifthhorseman.net (lair.fifthhorseman.net [108.58.6.98]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-384) server-digest SHA384) (No client certificate requested) by che.mayfirst.org (Postfix) with ESMTPSA id C3C58F9AE; Fri, 1 Apr 2022 14:41:15 -0400 (EDT)
Received: by fifthhorseman.net (Postfix, from userid 1000) id B56D62079F; Fri, 1 Apr 2022 14:11:47 -0400 (EDT)
From: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
To: NIIBE Yutaka <gniibe@fsij.org>
Cc: openpgp-dt@ietf.org
In-Reply-To: <87ee32ozuh.fsf@jumper.gniibe.org>
References: <87sfrqthre.fsf@fifthhorseman.net> <87ee32ozuh.fsf@jumper.gniibe.org>
Autocrypt: addr=dkg@fifthhorseman.net; prefer-encrypt=mutual; keydata= mDMEX+i03xYJKwYBBAHaRw8BAQdACA4xvL/xI5dHedcnkfViyq84doe8zFRid9jW7CC9XBiI0QQf FgoAgwWCX+i03wWJBZ+mAAMLCQcJEOCS6zpcoQ26RxQAAAAAAB4AIHNhbHRAbm90YXRpb25zLnNl cXVvaWEtcGdwLm9yZ/tr8E9NA10HvcAVlSxnox6z62KXCInWjZaiBIlgX6O5AxUKCAKbAQIeARYh BMKfigwB81402BaqXOCS6zpcoQ26AADZHQD/Zx9nc3N2kj13AUsKMr/7zekBtgfSIGB3hRCU74Su G44A/34Yp6IAkndewLxb1WdRSokycnaCVyrk0nb4imeAYyoPtBc8ZGtnQGZpZnRoaG9yc2VtYW4u bmV0PojRBBMWCgCDBYJf6LTfBYkFn6YAAwsJBwkQ4JLrOlyhDbpHFAAAAAAAHgAgc2FsdEBub3Rh dGlvbnMuc2VxdW9pYS1wZ3Aub3JnL0Gwxvypz2tu1IPG+yu1zPjkiZwpscsitwrVvzN3bbADFQoI ApsBAh4BFiEEwp+KDAHzXjTYFqpc4JLrOlyhDboAAPkXAP0Z29z7jW+YzLzPTQML4EQLMbkHOfU4 +s+ki81Czt0WqgD/SJ8RyrqDCtEP8+E4ZSR01ysKqh+MUAsTaJlzZjehiQ24MwRf6LTfFgkrBgEE AdpHDwEBB0DkKHOW2kmqfAK461+acQ49gc2Z6VoXMChRqobGP0ubb4kBiAQYFgoBOgWCX+i03wWJ BZ+mAAkQ4JLrOlyhDbpHFAAAAAAAHgAgc2FsdEBub3RhdGlvbnMuc2VxdW9pYS1wZ3Aub3Jnfvo+ nHoxDwaLaJD8XZuXiaqBNZtIGXIypF1udBBRoc0CmwICHgG+oAQZFgoAbwWCX+i03wkQPp1xc3He VlxHFAAAAAAAHgAgc2FsdEBub3RhdGlvbnMuc2VxdW9pYS1wZ3Aub3JnaheiqE7Pfi3Atb3GGTw+ jFcBGOaobgzEJrhEuFpXREEWIQQttUkcnfDcj0MoY88+nXFzcd5WXAAAvrsBAIJ5sBg8Udocv25N stN/zWOiYpnjjvOjVMLH4fV3pWE1AP9T6hzHz7hRnAA8d01vqoxOlQ3O6cb/kFYAjqx3oMXSBhYh BMKfigwB81402BaqXOCS6zpcoQ26AADX7gD/b83VObe14xrNP8xcltRrBZF5OE1rQSPkMNy+eWpk eCwA/1hxiS8ZxL5/elNjXiWuHXEvUGnRoVj745Vl48sZPVYMuDgEX+i03xIKKwYBBAGXVQEFAQEH QIGex1WZbH6xhUBve5mblScGYU+Y8QJOomXH+rr5tMsMAwEICYjJBBgWCgB7BYJf6LTfBYkFn6YA CRDgkus6XKENukcUAAAAAAAeACBzYWx0QG5vdGF0aW9ucy5zZXF1b2lhLXBncC5vcmcEAx9vTD3b J0SXkhvcRcCr6uIDJwic3KFKxkH1m4QW0QKbDAIeARYhBMKfigwB81402BaqXOCS6zpcoQ26AAAX mwD8CWmukxwskU82RZLMk5fm1wCgMB5z8dA50KLw3rgsCykBAKg1w/Y7XpBS3SlXEegIg1K1e6dR fRxL7Z37WZXoH8AH
Date: Fri, 01 Apr 2022 14:11:46 -0400
Message-ID: <87ilrsn065.fsf@fifthhorseman.net>
MIME-Version: 1.0
Content-Type: multipart/signed; boundary="=-=-="; micalg="pgp-sha256"; protocol="application/pgp-signature"
Archived-At: <https://mailarchive.ietf.org/arch/msg/openpgp-dt/erNxEiTZThcRlXE67UHXcjVAzUU>
Subject: Re: [Openpgp-dt] v5 keys and hardware tokens (issue #63)
X-BeenThere: openpgp-dt@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: OpenPGP working group design team <openpgp-dt.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/openpgp-dt>, <mailto:openpgp-dt-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/openpgp-dt/>
List-Post: <mailto:openpgp-dt@ietf.org>
List-Help: <mailto:openpgp-dt-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/openpgp-dt>, <mailto:openpgp-dt-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 01 Apr 2022 18:41:24 -0000
On Wed 2022-03-16 21:18:14 +0900, NIIBE Yutaka wrote:
> If we can assume some constants (like ECDH KDF parameters), OpenPGP
> fingerprint can be derived with raw public key material plus timestamp.
> When I tested in the past (in 2019) for v5 key, I did that.
Thanks, this makes sense. I'm inclined to try to write up a bit of
text, as guidance for implementers dealing with hardware constrained
such that it can't transport v5 fingerprints.
I was thinking of making it a subsection of the "Implementation Nits"
section.
There are a few different ways forward, probably the simplest would be
to document something like my earlier (b) proposal:
assert that the secret key material can be stored in these cards and
used with them, but v5 fingerprints will not be stored. fingerprint
fields for v5 keys will be set to a fixed magic value (maybe 20
octets of 0x05 ?). The cards can only be used if the user can
extract the public key material from the card, formulate a v5 pubkey
from it, and compute the fingerprint directly via local computation,
not on the card.
and suggest how to guess at the likely KDF parameters if the key in
question is in fact ECDH.
(speaking of ECDH KDF parameters, it would be great to test whether
those extension points are actually functional -- i've opened
https://gitlab.com/sequoia-pgp/openpgp-interoperability-test-suite/-/issues/80
in case anyone wants to take a crack at testing them against the
deployed base)
Any preference on how this gets done? Any pointers on how an
implementation should guess at the KDF parameters?
(followup on #63 would also be useful here)
--dkg
- [Openpgp-dt] v5 keys and hardware tokens (issue #… Daniel Kahn Gillmor
- Re: [Openpgp-dt] v5 keys and hardware tokens (iss… NIIBE Yutaka
- Re: [Openpgp-dt] v5 keys and hardware tokens (iss… Daniel Kahn Gillmor
- Re: [Openpgp-dt] v5 keys and hardware tokens (iss… Daniel Kahn Gillmor