PGP implements Key Recovery today!
PGP has provided a key recovery option for several years. You can either use the EncryptToSelf option, or use multiple recipients, one of which is your favorite backup service (or yourself, perhaps one of your other keys.) Works fine, and you can use it to recover the session key when you want. Keep a backup copy of your private key on a floppy in your safe deposit box, and maybe keep your passphrase on a yellow sticky (:-) and you're all set. Now, if PGP had a single-DES option for encryption, they could apply for an export permit...... # Thanks; Bill # Bill Stewart, +1-415-442-2215 stewarts@ix.netcom.com # You can get PGP outside the US at ftp.ox.ac.uk Imagine if three million people voted for somebody they _knew_, and the politicians had to count them all.
I was actually working on a message saying something similar, under the working title of "Trusted First Parties". The idea is to generate a separate key pair to be used for recovery purposes, and then place the private key in a trusted, off-line location (much easier to arrange than if the key is to be kept on-line). The key should probably be encrypted using a symmetric algorithm keyed of a pass phrase, but since the pass phrase will only ever be used once, it's the kind of thing that might end up being forgotten, especially in those 'what's that tree doing in the middle of my machine room?' key recovery moments. Because the TFP key is protected other keys, the key length should be such as to give a work factor equal or greater than that needed to force the keys that will be protected by it. TFP can be used to weaken forward secrecy by encrypting the ephemeral session key under the TFP key and sending it with the message stream. You don't have real forward secrecy, because if the TFP key is cracked,all prior session keys will be exposed; however this setup is still somewhat better than straight RSA key exchanges using your regular key, as the private TFP key is less exposed. Simon --- Huge taxi cabs now! Huge spelling cuts now! Balance the budgie now!
Bill Stewart <stewarts@ix.netcom.com> writes:
PGP has provided a key recovery option for several years. You can either use the EncryptToSelf option, or use multiple recipients,
For a press worthy hack, it would be fun to extract an NSA RSA public key from some GAKked software, and format it as a PGP key. Then people can use key escrow if they wish (second recipient NSA). And they can feed the NSA misinformation, stegoed data, double encrypted PGP messages, anti GAK flames, and they might even feel obliged to decrypt, and read it all :-) I read some time ago about Lotus Notes which uses RSA and has GAK, was this press release fodder, or does the product currently exist in it's GAKked form? Are the other GAKked products? Is there anyone with a GAKked product, and the patience to reverse engineer for the GAK key? I guess if you do get an RSA key for the NSA, then you can choose an email for them to put on the PGP keyid: NSA <dirnsa@nsa.gov> (a real working email address would be better, if that one isn't good), and get it signed by a timestamping service (persuade the owner to sign in the form of a key certification). Adam -- #!/bin/perl -sp0777i<X+d*lMLa^*lN%0]dsXx++lMlN/dsM0<j]dsj $/=unpack('H*',$_);$_=`echo 16dio\U$k"SK$/SM$n\EsN0p[lN*1 lK[d2%Sa2/d0$^Ixp"|dc`;s/\W//g;$_=pack('H*',/((..)*)$/)
Adam Back wrote: | I guess if you do get an RSA key for the NSA, then you can choose an | email for them to put on the PGP keyid: | | NSA <dirnsa@nsa.gov> bigbrother@dockmaster.ncsc.gov Adam -- "Every year the Republicans campaign like Libertarians, and then go to Wasthington and spend like Democrats." Vote Harry Browne for President. http://www.harrybrowne96.org
No, this is too simple for the mindless bureaucrats! The next thing Al Bore will ask will be for them to be copied on every message and the private key stored with government trusted (read stooges) key escrow. It has been at least 130 years since any federal omnipotent 'Judge Roy Bean, Law West of Pecos' sack of coal walking on water has ever considered the original intent: "...it is better than 100 guilty go free, than 1 innocent man be convicted." Seems to me someones last words were: "...give me liberty of give me death." However, I will graciously step aside so you can jump first from the gallows. I'll stick around, and be a pain in the arse! In <199610081636.MAA10922@attrh1.attrh.att.com>, on 10/08/96 at 09:37 AM, stewarts@ix.netcom.com said: .PGP has provided a key recovery option for several years. .You can either use the EncryptToSelf option, or use multiple recipients, one .of which is your favorite backup service (or yourself, .perhaps one of your other keys.) Works fine, and you can use it to recover .the session key when you want. Keep a backup copy .of your private key on a floppy in your safe deposit box, .and maybe keep your passphrase on a yellow sticky (:-) .and you're all set. [snip...>|]
participants (5)
-
Adam Back -
Adam Shostack -
attila -
Simon Spero -
stewarts@ix.netcom.com