hiding possession of secret key - PGP

This is a discussion on hiding possession of secret key - PGP ; Suppose I need to generate a keypair for nym posts, invisiblog, etc, but I will not want anyone to be able to prove that I am the owner. (for example by getting my usual keyring and listing the contents.) I ...

+ Reply to Thread
Results 1 to 6 of 6

Thread: hiding possession of secret key

  1. hiding possession of secret key

    Suppose I need to generate a keypair for nym posts,
    invisiblog, etc, but I will not want anyone to be able to
    prove that I am the owner. (for example by getting my
    usual keyring and listing the contents.)

    I am thinking of keeping the ``controversial'' secret key
    on a special keyring encrypted (symmetrically or to my
    normal key?) on a floppy. When I want to use it, I mount
    the floppy, edit the document, decrypt the keyring file
    and use gpg --secret-keyring /mnt/floppy/... to sign the
    document. When I've sent it, I encrypt the file and the
    keyring, wipe the unencrypted files (using srm on Unix)
    and umount the floppy.

    Comments, suggestions?

    How I get gpg --gen-key to create the new key on the
    ``extra'' keyring only?

    thanks!

  2. Re: hiding possession of secret key

    -----BEGIN PGP SIGNED MESSAGE-----
    Hash: RIPEMD160

    "edo" wrote in message
    news:6760a42c315de6e3847f8b802c98bc3f@cryptorebels .net...

    [...]

    > I am thinking of keeping the ``controversial'' secret key
    > on a special keyring encrypted (symmetrically or to my
    > normal key?) on a floppy. When I want to use it, I mount
    > the floppy, edit the document, decrypt the keyring file
    > and use gpg --secret-keyring /mnt/floppy/... to sign the
    > document. When I've sent it, I encrypt the file and the
    > keyring, wipe the unencrypted files (using srm on Unix)
    > and umount the floppy.
    >
    > Comments, suggestions?
    >
    > How I get gpg --gen-key to create the new key on the
    > ``extra'' keyring only?


    a possible way (there may be other quicker simpler ways) is to:

    have 2 floppies,

    one with your 'real' keys in your keyrings, but with the nym key deleted,

    the second one with only the nym key, with all the other keys deleted


    hth,

    vedaal

    -----BEGIN PGP SIGNATURE-----
    Version: 6.5.8ckt http://www.ipgpp.com/
    Comment: { Acts of Kindness better the World, and protect the Soul }
    Comment: KeyID: 0x6A05A0B785306D25
    Comment: Fingerprint: 96A6 5F71 1C43 8423 D9AE 02FD A711 97BA

    iQEVAwUBP1jbL2oFoLeFMG0lAQNTMggAuM61aqGR3V4N9I8tGm JCMpFMhsuHkFBz
    YnBgYn0MQY+Sd8Hm35XTBqa2Ys7nuWMjRfqFiHB8zdzHLQpnR0 zvswAcsMfWUYK2
    vbgX8xWOvj6O9ozQHjiAFatY+i5Mpb6DBD38mB5Hf9E5GfwI9z auHvIsN40JG0+z
    ojpCNkcz13Zs/+DO8NVvEeHUy9ENtpxTlIrYtSbPAlekBlSWh2XpAP1RNAXpBR8 d
    IHHRodnNQJ+iwlBIC2Ky0AGJirhlBKWCSU57DXkSha81HLT+qb iGMjn7oeDjbQIl
    2hs5/1JvIYGzfDBvxLlklBWm9kLbInyfwuw4GBtrDkXGZGIVcxcy3w= =
    =oj92
    -----END PGP SIGNATURE-----



  3. Re: hiding possession of secret key

    On Fri, 5 Sep 2003, edo wrote:
    >Suppose I need to generate a keypair for nym posts,
    >invisiblog, etc, but I will not want anyone to be able to
    >prove that I am the owner. (for example by getting my
    >usual keyring and listing the contents.)
    >
    >I am thinking of keeping the ``controversial'' secret key
    >on a special keyring encrypted (symmetrically or to my
    >normal key?) on a floppy. When I want to use it, I mount
    >the floppy, edit the document, decrypt the keyring file
    >and use gpg --secret-keyring /mnt/floppy/... to sign the
    >document. When I've sent it, I encrypt the file and the
    >keyring, wipe the unencrypted files (using srm on Unix)
    >and umount the floppy.
    >
    >Comments, suggestions?
    >
    >How I get gpg --gen-key to create the new key on the
    >``extra'' keyring only?
    >
    >thanks!


    ?

    gpg --homedir /mnt/floppy/ --gen-key

    ?














  4. Re: hiding possession of secret key

    >>How I get gpg --gen-key to create the new key on the
    >>``extra'' keyring only?
    >>
    >>thanks!

    >
    > ?
    >
    > gpg --homedir /mnt/floppy/ --gen-key
    >
    > ?


    aha! I wasn't aware of that option but I've found it
    in the documentation now and it's just what I need.

    thanks!






  5. Re: hiding possession of secret key

    -----BEGIN PGP SIGNED MESSAGE-----
    Hash: SHA1

    "edo" wrote in message
    news:6760a42c315de6e3847f8b802c98bc3f@cryptorebels .net...
    > Suppose I need to generate a keypair for nym posts,
    > invisiblog, etc, but I will not want anyone to be able to
    > prove that I am the owner. (for example by getting my
    > usual keyring and listing the contents.)


    Eh? Surely the whole idea of signing messages is so that you can prove they
    came from you
    >
    > I am thinking of keeping the ``controversial'' secret key
    > on a special keyring encrypted (symmetrically or to my
    > normal key?) on a floppy. When I want to use it, I mount
    > the floppy, edit the document, decrypt the keyring file
    > and use gpg --secret-keyring /mnt/floppy/... to sign the
    > document. When I've sent it, I encrypt the file and the
    > keyring, wipe the unencrypted files (using srm on Unix)
    > and umount the floppy.
    >
    > Comments, suggestions?
    >
    > How I get gpg --gen-key to create the new key on the
    > ``extra'' keyring only?
    >

    Rename sekring.gpg for this session, generate a new one and generate the
    controversial secret key on it, then move sekring to floppy and rename the
    old one back.

    -----BEGIN PGP SIGNATURE-----
    Version: 6.5.8ckt http://www.hn.org/drno/pgp.shtml

    iQA/AwUBP2ickLHlcSptAz1hEQKSVwCfQaDT7liSvVcVff07teaHKw g3Kr8AniUG
    Y+kVLu1FXTLotKwTJyubTFkn
    =G9o+
    -----END PGP SIGNATURE-----




  6. Re: hiding possession of secret key

    >> Suppose I need to generate a keypair for nym posts,
    >> invisiblog, etc, but I will not want anyone to be able to
    >> prove that I am the owner. (for example by getting my
    >> usual keyring and listing the contents.)

    >
    > Eh? Surely the whole idea of signing messages is so that you can prove
    > they came from you


    Yes, but not necessarily the way you mean. ;-)

    Take a look at www.invisiblog.com (what the OP referred to), or look
    for information on pseudonymous software publishing. Signing a series
    of documents with the same key proves that they were signed by the
    same person who created that key (or at least by someone else
    authorized by him/her).

    I can create a key and put anything I want (such as "Mikey Donaghy")
    in the user description, but it would have a different key ID and
    fingerprint from yours. Your signature on your post proves only that
    it was signed by the person in possession of key 0x6D033D61 -- if we
    meet and I'm convinced that the description of you in that key is
    correct, then I'll sign your key with mine and anyone who trusts me to
    sign keys will trust that key as correctly described.

    Here's an example of a situation where someone would need to conceal
    possession of a secret key:

    Suppose Fred develops some illegal but useful open-source software
    (e.g. DMCA violation). He creates a key with a pseudonym in the
    user ID and signs the first release. You like the software. When
    the second version comes out, how do you know it's really from the
    same source? It's signed with the same key. Unless the key has been
    compromised you know that the second release has been authorized by
    the author of the first -- without anyone being able to pin down
    the author's physical identity.

    The FBI suspects Fred and searches his computer. Unless they
    torture him into revealing his passphrase, they can't sign their
    own spyware versions of the program. But just typing
    $ gpg --list-secret-keys
    will show that he has the secret key for this pseudonymous
    identity, and more or less prove their case that he is the author
    of the illegal software.

    HTH.


+ Reply to Thread