[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-bugs] #9443 [BridgeDB]: Generate and secure pgp keys for bridges.tpo

#9443: Generate and secure pgp keys for bridges.tpo
--------------------------+----------------------------
     Reporter:  sysrqb    |      Owner:  isis
         Type:  task      |     Status:  assigned
     Priority:  major     |  Milestone:
    Component:  BridgeDB  |    Version:
   Resolution:            |   Keywords:  bridgedb-email
Actual Points:            |  Parent ID:  #5463
       Points:            |
--------------------------+----------------------------

Comment (by isis):

 Also, to facilitate getting smartphone users to actually verify the
 fingerprint, I could put either:

  1. A QR code of the fingerprint as a UID on the primary certification
 key.
  2. A QR code of a link to some webpage, e.g.
 https://bridges.torproject.org/verify.html with instructions for what to
 do and a signed statement containing the fingerprint.

 Option #1 is nice because the people making APG and Gibberbot and similar
 tools have started putting support for scanning QR code to verify
 fingerprints.

 The latter option is nice because it will (hopefully) make our help desk
 have to deal less with helping people with PGP/GPG (which sounds hellish
 to me).

 Actually, it occurs to me that these things can be combined. Here's what I
 am going to do:

   1. Primary keypair:
      - RSA 4096-bit
      - Stored: Offline, not on a smartcard, because apparently we can't
 put it on a smartcard, not even if we reduce it to 3072-bit.
      - Lifetime: indefinite
      - I could make it be an 8192-bit key, though I am not sure how far
 back GnuPG allows this keysize (it's at least a couple years now), and I
 have no idea if PGP or APG will handle it correctly.
      - UID 1: `BridgeDB <bridges@xxxxxxxxxxxxxxxxxxxxxx>`
      - UID 2: photoID, containing QR code of the fingerprint of secret
 portion of Primary keypair
      - Certification Notation: `bridges@xxxxxxxxxxxxxxxxxxxxxx=<primary
 key fingerprint>`
      - Certification Notation:
 `verified@xxxxxxxxxxxxxxxxxxxxxx=<fingerprint of the key we're
 certifying>`
      - Certification Notation:
 `certified.count@xxxxxxxxxxxxxxxxxxxxxx=<number of certifications>`
   2. Signing subkey:
      - RSA 4096-bit
      - Stored: online, on ponticum.
      - Lifetime: 1 year
      - Signature notation: `bridges@xxxxxxxxxxxxxxxxxxxxxx=<primary key
 fingerprint>`
      - Signature notation: `sig.count@xxxxxxxxxxxxxxxxxxxxxx=<number of
 signatures thus far>`
      - Signature notation: `signed.data@xxxxxxxxxxxxxxxxxxxxxx=<filename
 signed>`
   3. Encryption Subkey:
      - Same as signing subkey, without the notations.

-- 
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/9443#comment:5>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
_______________________________________________
tor-bugs mailing list
tor-bugs@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs