Re: Secret key transport
David Shaw <dshaw@jabberwocky.com> Tue, 18 April 2006 23:24 UTC
Received: from [10.91.34.44] (helo=ietf-mx.ietf.org) by megatron.ietf.org with esmtp (Exim 4.43) id 1FVzYP-00063x-Cs for openpgp-archive@lists.ietf.org; Tue, 18 Apr 2006 19:24:17 -0400
Received: from balder-227.proper.com ([192.245.12.227]) by ietf-mx.ietf.org with esmtp (Exim 4.43) id 1FVzYP-0005dU-0K for openpgp-archive@lists.ietf.org; Tue, 18 Apr 2006 19:24:17 -0400
Received: from balder-227.proper.com (localhost [127.0.0.1]) by balder-227.proper.com (8.13.5/8.13.5) with ESMTP id k3IMump0030995; Tue, 18 Apr 2006 15:56:48 -0700 (MST) (envelope-from owner-ietf-openpgp@mail.imc.org)
Received: (from majordom@localhost) by balder-227.proper.com (8.13.5/8.13.5/Submit) id k3IMumNI030994; Tue, 18 Apr 2006 15:56:48 -0700 (MST) (envelope-from owner-ietf-openpgp@mail.imc.org)
X-Authentication-Warning: balder-227.proper.com: majordom set sender to owner-ietf-openpgp@mail.imc.org using -f
Received: from foobar.cs.jhu.edu (foobar.cs.jhu.edu [128.220.13.173]) by balder-227.proper.com (8.13.5/8.13.5) with ESMTP id k3IMul2R030987 for <ietf-openpgp@imc.org>; Tue, 18 Apr 2006 15:56:48 -0700 (MST) (envelope-from dshaw@jabberwocky.com)
Received: from walrus.hsd1.ma.comcast.net (walrus.hsd1.ma.comcast.net [24.60.132.70]) by foobar.cs.jhu.edu (8.11.6/8.11.6) with ESMTP id k3IMuhk08130 for <ietf-openpgp@imc.org>; Tue, 18 Apr 2006 18:56:44 -0400
Received: from grover.jabberwocky.com (grover.jabberwocky.com [172.24.84.28]) by walrus.hsd1.ma.comcast.net (8.13.6/8.13.5) with ESMTP id k3IMw8cD021872 for <ietf-openpgp@imc.org>; Tue, 18 Apr 2006 18:58:08 -0400
Received: from grover.jabberwocky.com (grover.jabberwocky.com [127.0.0.1]) by grover.jabberwocky.com (8.13.1/8.13.1) with ESMTP id k3IMubdS011907 for <ietf-openpgp@imc.org>; Tue, 18 Apr 2006 18:56:37 -0400
Received: (from dshaw@localhost) by grover.jabberwocky.com (8.13.1/8.13.1/Submit) id k3IMub4V011906 for ietf-openpgp@imc.org; Tue, 18 Apr 2006 18:56:37 -0400
Date: Tue, 18 Apr 2006 18:56:37 -0400
From: David Shaw <dshaw@jabberwocky.com>
To: OpenPGP <ietf-openpgp@imc.org>
Subject: Re: Secret key transport
Message-ID: <20060418225637.GA11827@jabberwocky.com>
Mail-Followup-To: OpenPGP <ietf-openpgp@imc.org>
References: <20051214135609.GA22783@jabberwocky.com> <59A2A036-CFF5-4C28-9B84-9345BD5EBC0F@callas.org> <20060418214155.GA5012@epointsystem.org>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Disposition: inline
In-Reply-To: <20060418214155.GA5012@epointsystem.org>
OpenPGP: id=99242560; url=http://www.jabberwocky.com/david/keys.asc
User-Agent: Mutt/1.5.11
Sender: owner-ietf-openpgp@mail.imc.org
Precedence: bulk
List-Archive: <http://www.imc.org/ietf-openpgp/mail-archive/>
List-Unsubscribe: <mailto:ietf-openpgp-request@imc.org?body=unsubscribe>
List-ID: <ietf-openpgp.imc.org>
X-Spam-Score: 0.0 (/)
X-Scan-Signature: 0a7aa2e6e558383d84476dc338324fab
On Tue, Apr 18, 2006 at 11:41:55PM +0200, Daniel A. Nagy wrote:
>
> On Tue, Apr 18, 2006 at 12:40:00PM -0700, Jon Callas wrote:
> > On 14 Dec 2005, at 5:56 AM, David Shaw wrote about secret keys
> > [snipped]
> > Since no one has said anything in months, I'm declaring that the
> > answer is, "no, this is not something that needs a line or two of text."
>
> I think, this problem merits a little bit of discussion, as there are some
> interoperability issues at stake.
>
> Firstly, I think that 5.5.1.3. should make it clear that secret key packets
> are standardized for the purposes of exporting and importing secret key
> material. As far as interoperability is concerned, fully OpenPGP-compliant
> implementations may store private keys any way they like.
I don't think anyone was arguing otherwise. My original mail was
simply noting that there is not a single word in the standard of how
to export a secret key. Export, not store.
> As for importing and exporting, a major player (namely WK's GnuPG) rejects
> private key blocks that do not contain binding self-signatures for UIDs and
> subkeys.
I think there is some misunderstanding here about what happens on
secret key import in GnuPG. GnuPG, like PGP, tries to automatically
convert a secret key to a public key on import if the public key
doesn't already exist in the keyring. They can do this because secret
key packets are essentially a public key packet with the secret data
stuck on the end. This isn't mandated (or even mentioned) by the
standard, of course, but is a convenience.
The difference is that GnuPG prints a warning when it could not do
this automatic conversion because of missing self-signatures. PGP is
(probably more appropriately) quiet. I think you are interpreting
that warning message as a rejection.
> Moreover, the required binding signatures bind the material in
> question to the corresponding PUBLIC key, not the private one. I am not sure
> why they chose to do it this way, but I am strongly opposed to mandating
> this behavior in the standard, as it would make some other existing
> implementations non-compliant.
All binding signatures bind to the public key. There is no such thing
as a secret key binding signature.
Here's a minimal-change proposal:
Rename section 10.1 from "Transferable Public Keys" to "Transferable
Keys", and add to the end of the section:
Secret keys may be transferred in the same manner and format as
public keys by replacing any public key packets with the
corresponding secret key packets and and public subkey packets with
the corresponding secret subkey packets.
David
- Secret key transport David Shaw
- Re: Secret key transport Jon Callas
- Re: Secret key transport Daniel A. Nagy
- Re: Secret key transport David Shaw
- Re: Secret key transport Jon Callas
- Re: Secret key transport Daniel A. Nagy
- Re: Secret key transport Jon Callas