lørdag 27. september 2014

Trying to understand keybase.io

I have recently been invited to keybase.io, and to increase my understanding of how this works, I will try to accomplish the same as keybase provides, but manually using the gpg commandline.;/p>

The goal of keybase.io is to create links between public keys and online identities. For example, I have a public pgp key which can be downloaded from here: https://pgp.mit.edu/pks/lookup?op=vindex&search=0xDC82662DC1136424

To fetch my key into your gpg keyring, use:

gpg --recv-keys 0xdc82662dc1136424

This key is combined with a certificate where I claim that my email-address i rolf.ness(at)pvv.org. Using gpg you can check that this claim was made by someone controlling the private part of the key referred above. However, you cannot check if this claim is actually true. I'll get back to this later, but some other examples first.

Let's take a look at this blogspot account and make some claims about this:

My name is Rolf Rander Næss
I control the blogspot-account: rolfn.blogspot.no (a.k.a. rolfn.blogspot.com)
I have a pgp-key with id: 0xdc82662dc1136424
The key fingerprint is: 5D18 257C 9F45 7108 DFA6  AD51 DC82 662D C113 6424
This message is signed with this key

Now I can sign this message, proving possession of the corresponding private key, and by posting it here, I also prove that I control this blogspot account.

The signed message is below, it is formatted in binary (and the converted to ascii with base64) to avoid errors due to formatting, charset or copy-paste-errors.

-----BEGIN PGP MESSAGE-----

owGbwMvMwMF4pylN96BwigrjWka1JOGknPz04oL8Et3knMTM3GK9koqSELXqSt9K
hbzE3FSFzGKFoPycNIWgxLyU1CIFv8PLiot5uTwVkvPzSorycxRKMlIV4EYkJifn
l+aVWCkAZdLy9GDienn5ChqJetl6iXroMsn5uZog4zISy1IVEhUK0gt0s1MrFcoz
SzIUMlOsFAwqUpItjMzMjFKSDQ2NzUyMTHi5QoBWghSlZealpxYVFGXmlQCdaaVg
6mJooWBkau6sYOlmYqpgbmhgoeDi5mimoODoYmqo4OJsYaQANMlFwRlolALMLKAH
c1OLixPTwX4tzkzPS02B2F8CkgNaxMvVySjDwsDIwcDGygQKGwYuTgFYIPacZP/v
c2u1XP3Nswc5AyZaG/LpZ+Yc8xD5MO191gTXzY4zmd51SU8pcVy3z+XE8m7vI64f
LnQuLHlXv3plwM74Q/JWi5ZvMtYP9uHtbWivjLppy5ju9Obw39AQz5WxPFrSSne4
mW91sE7SiJZYZWZ49sn+XcVC8VN+yy7rfPbQNeJkxnROef6TqbLmXW/awurnJT6N
NDtdr1c3J0zf2I7H5OFaS3lNQ5u/npddpmTuWuS6y9PGwvOMbm+XemJX3DktZaFl
ESuvqKkVCvw+oHmcWSb2Z7OmZdUGFbZmjhNOYf5+/yY9ct4xW2nqo4Tgiz8KX6ZM
EL1ZPrX3YNTWtjax/19OZ+gfu88qKr7v19ovegA=
=DCLD
-----END PGP MESSAGE-----

So, by posting this here, I have created a two-way link between my blogspot-account and my private key. (However, in this particular case it is not worth much, because blogspot doesn't support https, so a man-in-the-middle could change this message before it reached your browser).

If you have my key imported, you can paste this message (including "BEGIN" and "END") into gpg, and gpg will tell you that the signature is good (i.e., that it was made by someone controlling the key). You should check that the fingerprint in the message and the fingerprint reported by gpg match.

Lets try the same for twitter, which is slightly more useful. Here is a statement with a similar set of claims:

My name is Rolf Rander Næss
I control the twitter-account: @rolfrander
I have a pgp-key with id: 0xdc82662dc1136424
The key fingerprint is: 5D18 257C 9F45 7108 DFA6  AD51 DC82 662D C113 6424
This message is signed with this key

The binary-encoded, signed, ascii-armoured version is:

-----BEGIN PGP MESSAGE-----

owGbwMvMwMF4pylN96BwigrjWkamJKGS8sySktQi3eScxMzcYr2SipIQtZo+30qF
vMTcVIXMYoWg/Jw0haDEvJTUIgW/w8uKi3m5PBWS8/NKivJzFEoyUhVgJiQmJ+eX
5pVYKTgAZdKKwDpAajMSy1IVEhUK0gt0s1MrFYCqMxQyU6wUDCpSki2MzMyMUpIN
DY3NTIxMeLlCgOaBFKVl5qWnFhUUZeaVAN1gpWDqYmihYGRq7qxg6WZiqmBuaGCh
4OLmaKag4Ohiaqjg4mxhpAA0yUXBGWiUAswsoOtzU4uLE9PBHinOTM9LTYHYXwKS
A1rEy9XJKMPCwMjBwMbKBPI4AxenACyANixj/ytd1Xtd8ZtSfORNsTlL+Z+r+7+I
+iWw+n+TvLKiRvl1dnOW8JSHhY16IV7vfocJep8+udOGK9Ot8NmJJPsuA+XFjRu/
Bjy5emDeDzW5l643dpStSGqe1fX106JVCyvqn5qJ6x7+o3dzmUvYm3aGH+Gzsia4
7zk9+XjC5L2T5ae7fX9y75fHtNjT3V9ykkSO7enZZaJ3QoZJcp7BFRWn/Uv/Fr+z
jNvw1aznhGYgn/Ax1o+q/x+F+G3nzf1z0ni595Tfth8uJSw9MsXRbgI/X7lw+Myu
fvllK+/VTreZdMBYX/LCUh8Jq43+za5GiUw+AcqW/n+aXm4PCT4lblXKsHHLyl6l
CrUfu3asltS8/R4A
=pG8g
-----END PGP MESSAGE-----

As before, this proves that the person making these claims possess the private part of the key with this fingerprint. Now, if I could post this to twitter, I would also prove that I control the twitter account and thus provide a two-way link. However, twitter only allows 140 chars, so the message above is to large. To get around this, I only post a hash of this message to twitter. The hash must be constructed from the binary encoded message, again to avoid formatting or cut-and-paste issues. Starting with the pgp-message, the hash can be obtained by piping the message into this command:

gpg 2>/dev/null | openssl sha256 -binary | openssl base64

which returns NMTiZ2clKwsuQnRFQjFxuL1oTL6NE+R2doBG3ohPThA=

now chech twitter: https://twitter.com/rolfrander/status/515794922851827712

since twitter use https, you can trust (within reason) that no man-in-the-middle has changed this message before it reached your browser.

Now, there are some pieces of software and quite a few organizations you need to trust to be able to trust this key, but I'll get back to that in a later post...

So, given the steps (and caveats) above, you have now established, within reasonable doubt, that:

  • the person controlling the private part of key 0xdc82662dc1136424
  • also controls the address rolfn.blogspot.no
  • and controls the twitter-account @rolfrander

However, what you have not done, is to prove anything about who I really am. To do that, you have to meet me in person (and possible check some government issued ID, depending on your usecase). If we meet, I can provide some data which enables you to connect my real-life identity to my key. Previously this would mean me giving you a hash of my key, which you could check. However, now that we have established a connection between my twitter-handle and my key, I only need to give you my twitter-handle, which is much easier for you to remember.

This is basically what keybase.io does, but it is wrapped in a nice user interface and with a tool which makes it easier to handle. I addition, they have the added functionality of "tracking", I will get back to that later.

Edit: I just realized that the command for computing the hash above really just hash the message, not the signature, which keybase hash message+signature. I don't think this has any security implications, but there could be some corner case I havent seen yet.

Anyway, the message signed by keybase includes other security measures as well, such as the current time, so I really recommend using keybase as opposed to doing this yourself.

And I am on keybase as well: https://keybase.io/rolfn

Edit 2: oh, and one more thing: I promised to get back to the email example. My pgp-key (as posted on keybase and on the network of public keyservers) contain one or more email-addresses. How can you be sure that these are accurate? First of all, we need a precise formulation of what this is:

  • The key contains a claim about my email-address
  • This claim is signed with my private key (verifiable with the public key), thus it contains proof that I posess the private key

Now, what we want to check is that I also control the email-address. This can be done using challenge-response authentication. For example, if you email me some unique data (such as a random number), encrypted with my public key, I need access to my private key to decrypt. Then I can sign this number with my private key and return to you. If I was able to decrypt correctly and sign verifiably, this proves that I have the correct private key. Since this was done through my email address, it also proves that I control the email-address.

But do note that you still don't know for sure who I am, you just know that the email-address and the private key are controled by the same entity. To prove you are talking to me, we need to meet in person.

kl. Ingen kommentarer:

mandag 2. juni 2014

Re: Client Feedback On the Creation of the Earth

Regarding:
http://www.mcsweeneys.net/articles/client-feedback-on-the-creation-of-the-earth

Dear Mike, thank you for this thorough feedback. I will run this by my engineering team, but I can give some preliminary feedback on the issues you point out.

1. Please note that "day" and "night" are just handles we use internally. Wording and translation to different languages is the customer responsibility, and we have provided a configuration system for this purpose. Please see clause 5b in the contract.

2. Well, you didn't provide any strict requirements regarding color, but you had quite a few requirements regarding the composition of the atmosphere and the fact that carbon-based life were to be able to live on "earth" without external support systems. Finding the right balance here turned out to be quite a challenge, but I believe we found a good tradeoff between cost and functionality. The color is really just a consequence of the composition of the atmosphere and there is nothing we can do about this so late in the process.

3. Unfortunately it is not possible to make life out of carbon alone, you also need fluid to transport stuff around (sorry about this simple explanation, my engineers can get back to you with more details if necessary). Water turned out to be the most stable fluid available. I realize that the amount of water might seem excessive, but it is really necessary to get everything working.

4. I'm not sure where you are getting at. You specifically wanted carbon-based life. Now, your definition of "life" might differ from the generally accepted meaning in the industry, but some sort of "reproduction" is usually regarded as a key ingredient. The "seeds" and "fruits" (these are your terms, our internal, technical terms are more refined) are needed for reproduction.  Thus no "seeds"; no life.

5. This is really a cost issue. It turned out that creating a source of light was far, far more expensive than expected. Thus we only created one. The second source you see at night is really just a reflection of the primary source. We considered adding more reflections like this, but it soon became unstable and crashed.

6. As I explained above, we need sea to get life. The fact that the life also spreads to the sea is a side-effect of life. (Actually it was the other way around, it turned out that the easiest way of bootstrapping the life-process was by starting it at sea, but this doesn't matter. Even if we had started the life on land it would have spread to the sea eventually)

7. The birds was just an add-on, really. One of our engineers thought it would be a fun idea and added it. I believe it adds more drama and movement and overall makes the system more rewarding to use.

8. You can regulate the amount of animals by adjusting the amount of plants available. Please see the users manual.

9. They aren't really made "in my image", that is just something the keep telling themselves to boost their own ego and sense of superiority. But they are really at the top of the food-chain, and that means the can pretty much do what they like. I understand that this can be a PITA, but life is usually structured like this, with one species on top, and everything else is really just a consequence of this.

10. Please see note about life above (pt 4). Mankind, being at the top of the food-chain, cannot be expected to figure out the most rational way to behave by themselves. Everyone else on "earth" is hunted by someone else and will adapt the behavior necessary to avoid extinction. Previous trials show that this doesn't work with the species on top, and they need to be told what to do. If not given explicit instructions to "be fruitful and multiply", they will just vanish after a few generations. Please note that we tried to put this as delicately as possibly, using the euphemism "fruitful" instead of more explicit terms.

Working on sunday is a no-go, but I will gladly bring my chief architect to go over these issues with you and your stakeholders on monday.

regards
God

kl. Ingen kommentarer:
Abonner på: Innlegg (Atom)