[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]
Re: [tor-talk] Server / Browser html PGP Encryption
Apologies, it was a thought based solely on usage of the Tor browser and
Onion websites, I should have read the documentation before suggesting.
On Fri, Sep 25, 2015 at 5:18 AM, Ken Cline <cline@xxxxxxxx> wrote:
> What are you trying to accomplish?
> First note that hidden servers already use RSA, the public key algorithm
> at the heart of OpenPGP. The jumble of characters in the hidden service
> name is actually the fingerprint (or equivalent) of the service's public
> key. The service sends you its full public key and your Tor client
> verifies its fingerprint, allowing you to authenticate the server's
> identity and send it messages that imposters are unable to intercept. The
> extra features of OpenPGP (the protocol behind PGP, GPG, etc) don't add
> value here, at least not that I can see.
> All of this is on top of the strong encryption of the Tor circuit which
> connects you to the server.
> Going in the other direction, why do you want to provide an OpenPGP key to
> the server? If it is for authentication,
> Conversely, providing an OpenPGP across multiple session serves to
> identify you to the server(s) involved. If this is what you want and you
> are using TLS (e.g. https), then a client certificate might be the right
> approach since it is already built into TLS. I say might, because I
> haven't used client certs myself and don't know whether TorBrowser can be
> easily configured to use them.
> > On 24 Sep 2015, at 2:58 PM, Darren Allen <darreneallen@xxxxxxxxx> wrote:
> > Once a user has joined an Onion web server, they download the servers PGP
> > Public Key, and upload their own PGP Public Key.
> > All HTML commication, .jpg images, etc are then encoded by the server
> > the user's Public Key.
> > The user has their private key attached the to Tor Browser, (The browser
> > could generate a random PGP key set for each Onion site), which then
> > decrypts the incoming communication back into HTML etc to be displayed in
> > the browser.
> > All new page requests, sent by the user, are likewise encrypted using the
> > Onion sites Public Key, and decrypted by the server.
> tor-talk mailing list - tor-talk@xxxxxxxxxxxxxxxxxxxx
> To unsubscribe or change other settings go to
tor-talk mailing list - tor-talk@xxxxxxxxxxxxxxxxxxxx
To unsubscribe or change other settings go to