The Call of the Open Sidewalk

From a place slightly to the side of the more popular path

User Tools

Site Tools

pgpfan:downgrade

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revisionPrevious revision
Next revision		Previous revision
pgpfan:downgrade [2020/06/12 19:42] – index b.walzerpgpfan:downgrade [2020/07/11 15:05] (current) – wrong identity case b.walzer
Line 4: Line 4:
  
 When PGP is used in a unidirectional application like email a downgrade attack is impossible for the simple reason that any sort of negotiation of the method to be used is impossible. Negotiation would require some sort of reverse channel which in this case doesn't exist. When PGP is used in a unidirectional application like email a downgrade attack is impossible for the simple reason that any sort of negotiation of the method to be used is impossible. Negotiation would require some sort of reverse channel which in this case doesn't exist.
 +
 +If you want to send someone an encrypted message using PGP you need one of their PGP identities. If that  identity is, say, based on 2048 bit RSA encryption then you have to use 2048 bit encryption to encrypt that message. If you use any other type of encryption your correspondent will not be able to decrypt it as they will not have the corresponding private key.
 +
 +If you can trick someone into sending a message to the wrong PGP identity then you would not have to bother with a downgrade attack. You could just have them send the message to one of your PGP identities.
  
 Any preference information is embedded in the PGP identity (public key). This is the preference information from an identity generated from a recent version of GnuPG: Any preference information is embedded in the PGP identity (public key). This is the preference information from an identity generated from a recent version of GnuPG:
Line 17: Line 21:
 The preference information is in the secure part of the identity. That means that it is signed by the public key also embedded in the identity. This is the public key that will be used to encrypt the email so the preferences are linked to the public key in a way that means that you would have to break the underlying encryption to modify the preferences. If you could do that then you would not have to bother with a downgrade attack. The preference information is in the secure part of the identity. That means that it is signed by the public key also embedded in the identity. This is the public key that will be used to encrypt the email so the preferences are linked to the public key in a way that means that you would have to break the underlying encryption to modify the preferences. If you could do that then you would not have to bother with a downgrade attack.
  
-Ultimately this all works because the type of public key cryptography (e.g. RSA, ECDH, ECDSA) is entirely determined by the type of public key in the identity. If you don't have the ability to generate your message using that particular type of public key cryptography then you can't send a message to the owner of that identity. There is no way to request a different method short of asking your correspondent to generate another identity.+You can think of this as secure signed message embedded in the PGP identity intended to inform those who want to send you secure messages.
  
 PGP means that you get to choose how you want your messages sent to you. There is no opaque process somewhere in the middle that can override that preference. PGP means that you get to choose how you want your messages sent to you. There is no opaque process somewhere in the middle that can override that preference.
pgpfan/downgrade.1591990956.txt.gz · Last modified: 2020/06/12 19:42 by b.walzer