[tor-bugs] #9443 [BridgeDB]: Generate and secure pgp keys for bridges.tpo
Tor Bug Tracker & Wiki
blackhole at torproject.org
Fri Sep 27 23:29:20 UTC 2013
#9443: Generate and secure pgp keys for bridges.tpo
--------------------------+----------------------------
Reporter: sysrqb | Owner: isis
Type: task | Status: assigned
Priority: major | Milestone:
Component: BridgeDB | Version:
Resolution: | Keywords: bridgedb-email
Actual Points: | Parent ID: #5463
Points: |
--------------------------+----------------------------
Comment (by isis):
I created two version of the same key. I haven't uploaded either anywhere
yet, because I haven't decided which is better.
'''Version 1:'''
16384-bit certification-only primary key with a 4096-bit signing-only
subkey and another 4096-bit encryption-only subkey.
{{{
pub 16384R/55A22E5EAC57022E created: 2013-09-11 expires: never
usage: C
trust: ultimate validity: ultimate
sub 4096R/FD419C960FAC24C5 created: 2013-09-11 expires: 2014-09-11
usage: S
sub 4096R/15BC38E8CF01816F created: 2013-09-11 expires: 2014-09-11
usage: E
[ultimate] (1). BridgeDB <bridges at bridges.torproject.org>
}}}
It looks like this:
{{{
∃!isisⒶwintermute:(build/2.1.0-beta3-16384b)~/code/sources/gnupg/gnupg2.1.0-b3_2/bin
∴ pgpdump bdb-16kC-SEsub.pub
Old: Public Key Packet(tag 6)(2061 bytes)
Ver 4 - new
Public key creation time - Wed Sep 11 08:24:59 UTC 2013
Pub alg - RSA Encrypt or Sign(pub 1)
RSA n(16384 bits) - ...
RSA e(17 bits) - ...
Old: User ID Packet(tag 13)(41 bytes)
User ID - BridgeDB <bridges at bridges.torproject.org>
Old: Signature Packet(tag 2)(2336 bytes)
Ver 4 - new
Sig type - Positive certification of a User ID and Public Key
packet(0x13).
Pub alg - RSA Encrypt or Sign(pub 1)
Hash alg - SHA512(hash 10)
Hashed Sub: notation data(sub 20)(71 bytes)
Flag - Human-readable
Name - verified at torproject.org
Value - DB983958F184F3C6F9F348D555A22E5EAC57022E
Hashed Sub: notation data(sub 20)(78 bytes)
Flag - Human-readable
Name - bridges at bridges.torproject.org
Value - DB983958F184F3C6F9F348D555A22E5EAC57022E
Hashed Sub: policy URL(sub 26)(41 bytes)
URL - https://bridges.torproject.org/policy.txt
Hashed Sub: key flags(sub 27)(1 bytes)
Flag - This key may be used to certify other keys
Hashed Sub: features(sub 30)(1 bytes)
Flag - Modification detection (packets 18 and 19)
Hashed Sub: key server preferences(sub 23)(1 bytes)
Flag - No-modify
Hashed Sub: signature creation time(sub 2)(4 bytes)
Time - Wed Sep 11 08:58:51 UTC 2013
Hashed Sub: preferred symmetric algorithms(sub 11)(3 bytes)
Sym alg - Camellia with 256-bit key(sym 13)
Sym alg - AES with 256-bit key(sym 9)
Sym alg - Twofish with 256-bit key(sym 10)
Hashed Sub: preferred hash algorithms(sub 21)(3 bytes)
Hash alg - SHA512(hash 10)
Hash alg - SHA384(hash 9)
Hash alg - SHA256(hash 8)
Hashed Sub: preferred compression algorithms(sub 22)(3 bytes)
Comp alg - ZLIB <RFC1950>(comp 2)
Comp alg - ZIP <RFC1951>(comp 1)
Comp alg - Uncompressed(comp 0)
Hashed Sub: preferred key server(sub 24)(38 bytes)
URL - https://bridges.torproject.org/key.asc
Sub: issuer key ID(sub 16)(8 bytes)
Key ID - 0x55A22E5EAC57022E
Hash left 2 bytes - 66 bd
RSA m^d mod n(16384 bits) - ...
-> PKCS-1
Old: Public Subkey Packet(tag 14)(525 bytes)
Ver 4 - new
Public key creation time - Wed Sep 11 08:59:00 UTC 2013
Pub alg - RSA Encrypt or Sign(pub 1)
RSA n(4096 bits) - ...
RSA e(17 bits) - ...
Old: Signature Packet(tag 2)(2947 bytes)
Ver 4 - new
Sig type - Subkey Binding Signature(0x18).
Pub alg - RSA Encrypt or Sign(pub 1)
Hash alg - SHA512(hash 10)
Hashed Sub: signature creation time(sub 2)(4 bytes)
Time - Wed Sep 11 08:59:00 UTC 2013
Hashed Sub: notation data(sub 20)(71 bytes)
Flag - Human-readable
Name - verified at torproject.org
Value - DB983958F184F3C6F9F348D555A22E5EAC57022E
Hashed Sub: notation data(sub 20)(78 bytes)
Flag - Human-readable
Name - bridges at bridges.torproject.org
Value - DB983958F184F3C6F9F348D555A22E5EAC57022E
Hashed Sub: policy URL(sub 26)(41 bytes)
URL - https://bridges.torproject.org/policy.txt
Hashed Sub: key flags(sub 27)(1 bytes)
Flag - This key may be used to sign data
Hashed Sub: key expiration time(sub 9)(4 bytes)
Time - Thu Sep 11 08:59:00 UTC 2014
Sub: issuer key ID(sub 16)(8 bytes)
Key ID - 0x55A22E5EAC57022E
Sub: embedded signature(sub 32)(663 bytes)
Ver 4 - new
Sig type - Primary Key Binding Signature(0x19).
Pub alg - RSA Encrypt or Sign(pub 1)
Hash alg - SHA512(hash 10)
Hashed Sub: signature creation time(sub 2)(4 bytes)
Time - Wed Sep 11 08:59:00 UTC 2013
Hashed Sub: notation data(sub 20)(78 bytes)
Flag - Human-readable
Name - bridges at bridges.torproject.org
Value - B5EEDA1783ACA9D80B4F752EFD419C960FAC24C5
Hashed Sub: policy URL(sub 26)(41 bytes)
URL - https://bridges.torproject.org/policy.txt
Sub: issuer key ID(sub 16)(8 bytes)
Key ID - 0xFD419C960FAC24C5
Hash left 2 bytes - 04 a8
RSA m^d mod n(4096 bits) - ...
-> PKCS-1
Hash left 2 bytes - ff a9
RSA m^d mod n(16384 bits) - ...
-> PKCS-1
Old: Public Subkey Packet(tag 14)(525 bytes)
Ver 4 - new
Public key creation time - Wed Sep 11 09:05:16 UTC 2013
Pub alg - RSA Encrypt or Sign(pub 1)
RSA n(4096 bits) - ...
RSA e(17 bits) - ...
Old: Signature Packet(tag 2)(2281 bytes)
Ver 4 - new
Sig type - Subkey Binding Signature(0x18).
Pub alg - RSA Encrypt or Sign(pub 1)
Hash alg - SHA512(hash 10)
Hashed Sub: signature creation time(sub 2)(4 bytes)
Time - Wed Sep 11 09:05:16 UTC 2013
Hashed Sub: notation data(sub 20)(71 bytes)
Flag - Human-readable
Name - verified at torproject.org
Value - DB983958F184F3C6F9F348D555A22E5EAC57022E
Hashed Sub: notation data(sub 20)(78 bytes)
Flag - Human-readable
Name - bridges at bridges.torproject.org
Value - DB983958F184F3C6F9F348D555A22E5EAC57022E
Hashed Sub: policy URL(sub 26)(41 bytes)
URL - https://bridges.torproject.org/policy.txt
Hashed Sub: key flags(sub 27)(1 bytes)
Flag - This key may be used to encrypt communications
Flag - This key may be used to encrypt storage
Hashed Sub: key expiration time(sub 9)(4 bytes)
Time - Thu Sep 11 09:05:16 UTC 2014
Sub: issuer key ID(sub 16)(8 bytes)
Key ID - 0x55A22E5EAC57022E
Hash left 2 bytes - b4 df
RSA m^d mod n(16383 bits) - ...
-> PKCS-1
}}}
------------------------------------------------------
'''Version 2:'''
Same 16384-bit primary key, though with no subkeys. Instead, it signed a
totally separate keypair. This second keypair has it's secret primary key
removed so that it can live online, and it has the signing and encryption
subkeys instead. They look like this:
{{{
pub 16384R/68BD0B28290C50A5 created: 2013-09-11 expires: never
usage: C
trust: ultimate validity: ultimate
[ultimate] (1). BridgeDB (Offline ID Key) <bridges at bridges.torproject.org>
pub 4096R/0C35CEC9FA6FA175 created: 2013-09-11 expires: 2014-09-11
usage: C
trust: unknown validity: full
sub 4096R/9F07296D8220C992 created: 2013-09-11 expires: 2014-09-11
usage: S
sub 4096R/3678E38022DC427B created: 2013-09-11 expires: 2014-09-11
usage: E
[ full ] (1). BridgeDB <bridges at bridges.torproject.org>
}}}
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/9443#comment:6>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list