Re: [openpgp] Encryption and signature context parameter (Was: OpenPGP encryption block modes)
Ángel <angel@16bits.net> Mon, 03 October 2022 00:24 UTC
Return-Path: <angel@16bits.net>
X-Original-To: openpgp@ietfa.amsl.com
Delivered-To: openpgp@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 2C178C14F607 for <openpgp@ietfa.amsl.com>; Sun, 2 Oct 2022 17:24:46 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.108
X-Spam-Level:
X-Spam-Status: No, score=-2.108 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=neutral reason="invalid (unsupported algorithm ed25519-sha256)" header.d=16bits.net header.b=qISz8DVP; dkim=pass (2048-bit key) header.d=16bits.net header.b=YmGl6NR8
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id P7IcyzWebJL9 for <openpgp@ietfa.amsl.com>; Sun, 2 Oct 2022 17:24:41 -0700 (PDT)
Received: from mail.direccionemail.com (mail.direccionemail.com [199.195.249.9]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange ECDHE (P-256) server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 6897CC14F723 for <openpgp@ietf.org>; Sun, 2 Oct 2022 17:24:40 -0700 (PDT)
DKIM-Signature: v=1; a=ed25519-sha256; c=relaxed/relaxed; d=16bits.net; s=ec2208; t=1664756678; bh=cYRDuFOoDNhSmVOnTwaDA/HYM4R4ooQ4IBet8YpKMuw=; h=Subject:From:To:Date:In-Reply-To:References:Content-Type: Content-Transfer-Encoding:MIME-Version; b=qISz8DVPNwwV2KOM4p0CLzUXkZ1obHjd/r3Ue0Kj/TWnJfuHcvlW1pehByjN++vDe w84B8+LRYNz1eAZLPwnCQ==
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=16bits.net; s=rsa2208; t=1664756678; bh=cYRDuFOoDNhSmVOnTwaDA/HYM4R4ooQ4IBet8YpKMuw=; h=Subject:From:To:Date:In-Reply-To:References:Content-Type: Content-Transfer-Encoding:MIME-Version; b=YmGl6NR8OjxIUggMwg2sDyqDzeuKUSmyooD57b5+FfNgDPDs6OuhlkKPrS+5aOi2X /2H+1BuoDc323PhJtbi3NUYJTlEacBUJzs8NVr7KYTuNIymZQSs4cjEz8hGpoQoDc0 aV8mF4ZWZcrJH4oj1fe0Ch3MuE51GZQpawYbHLF61DKB+9lABdXguMsP38A7Xo6GCT OFl4Nt09WrSTSI+ASJipHs799mgOXRuYSN/tGPnJbLOYjfUiHynqahkiCGSR6d196R vGdecv4B/bK8Pd4p1uLNwSzZ15+E6ysfboe+hd7WXi+v4oLv3hXCscwgjG12t5LXuA HbKq0y6WlPZhA==
Message-ID: <cc86c7af342e281d84e168b893e5419d8eb9effb.camel@16bits.net>
From: Ángel <angel@16bits.net>
To: openpgp@ietf.org
Date: Mon, 03 Oct 2022 02:24:37 +0200
In-Reply-To: <53ECC178-1B3D-40AE-A684-6469BEBB1426@rub.de>
References: <TTJa-QE7jZWshZLtu4wDR8N6DRYsKWd1S6cV-ze8q9DVO8wzAm5T4fpIEXNsoEU2Psq2oG9HWnH_0bfbzBFVvk2ROMwPNXwlinPnnKw57pM=@protonmail.com> <53ECC178-1B3D-40AE-A684-6469BEBB1426@rub.de>
Content-Type: text/plain; charset="ISO-8859-15"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
Archived-At: <https://mailarchive.ietf.org/arch/msg/openpgp/7VqJGyh6zJrV5TFJe0HG3NnYago>
Subject: Re: [openpgp] Encryption and signature context parameter (Was: OpenPGP encryption block modes)
X-BeenThere: openpgp@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: "Ongoing discussion of OpenPGP issues." <openpgp.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/openpgp>, <mailto:openpgp-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/openpgp/>
List-Post: <mailto:openpgp@ietf.org>
List-Help: <mailto:openpgp-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/openpgp>, <mailto:openpgp-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 03 Oct 2022 00:24:46 -0000
On 2022-08-18 at 01:12 +0200, Marcus Brinkmann wrote: > Yes, and we limited our investigation to email encryption only > because that was a nicely scoped academic research task. Even just > adding some mime type, file ending, or any other meaningful label as > context parameter would be useful to disable potential attacks that > exploit context confusion across different application domains (for > example stuffing email ciphertexts into OpenOffice documents should > they support public key document encryption in the future). For the record, it is already possible to encrypt OpenOffice documents (i.e. OpenDocument) using OpenPGP keys, in what might be a LibreOffice extension: https://conference.libreoffice.org/assets/Conference/Rome/Slides/libocon2017gpg4libre.pdf It seems like a "normal" password-encrypted document where the key is available through OpenPGP. META-INF/manifest.xml looks like this: <?xml version="1.0" encoding="UTF-8"?> <manifest:manifest xmlns:manifest="urn:oasis:names:tc:opendocument:xmlns:manifest:1.0" manifest:version="1.2" xmlns:loext="ur n:org:documentfoundation:names:experimental:office:xmlns:loext:1.0"> <loext:keyinfo> <loext:encrypted-key> <loext:encryption-method loext:PGPAlgorithm=" http://www.w3.org/2001/04/xmlenc#rsa-oaep-mgf1p"/> <loext:KeyInfo> <loext:PGPData> <loext:PGPKeyID>{base64 of ASCII fingerprint of the main key}</loext:PGPKeyID> <loext:PGPKeyPacket>{base64 of ASCII fingerprint of the main key}</loext:PGPKeyPacket> </loext:PGPData> </loext:KeyInfo> <loext:CipherData> <loext:CipherValue>{OpenPGP encryypted data}</loext:CipherValue> </loext:CipherData> </loext:encrypted-key> </loext:keyinfo> <manifest:file-entry manifest:full-path="/" manifest:version="1.2" manifest:media-type="application/vnd.oasis.opendocument.t ext"/> <manifest:file-entry manifest:full-path="styles.xml" manifest:media-type="text/xml" manifest:size="12337"> <manifest:encryption-data manifest:checksum- type="urn:oasis:names:tc:opendocument:xmlns:manifest:1.0#sha256-1k" manifest:ch ecksum="4AfV2B3IFXUKhnXhd8dH3xD1kyrxL1nHKmHLVyTwKYQ="> <manifest:algorithm manifest:algorithm-name=" http://www.w3.org/2001/04/xmlenc#aes256-cbc" manifest:initialisation- vector="{base64 of IV}"/> <manifest:key-derivation manifest:key-derivation-name="PGP"/> </manifest:encryption-data> </manifest:file-entry> <manifest:file-entry manifest:full-path="settings.xml" manifest:media- type="text/xml" manifest:size="12055"> ... </manifest:file-entry> </manifest:manifest> Regards
- Re: [openpgp] Encryption and signature context pa… Daniel Huigens
- Re: [openpgp] Encryption and signature context pa… Marcus Brinkmann
- Re: [openpgp] Encryption and signature context pa… Daniel Huigens
- Re: [openpgp] Encryption and signature context pa… Marcus Brinkmann
- Re: [openpgp] Encryption and signature context pa… Daniel Huigens
- Re: [openpgp] Encryption and signature context pa… Marcus Brinkmann
- Re: [openpgp] Encryption and signature context pa… Ángel
- Re: [openpgp] Encryption and signature context pa… Daniel Kahn Gillmor
- Re: [openpgp] Encryption and signature context pa… Daniel Huigens
- Re: [openpgp] Encryption and signature context pa… Marcus Brinkmann
- Re: [openpgp] Encryption and signature context pa… Daniel Kahn Gillmor
- Re: [openpgp] Encryption and signature context pa… Michael Richardson
- Re: [openpgp] Encryption and signature context pa… Marcus Brinkmann