this post was submitted on 26 Jul 2023
33 points (100.0% liked)

Ask Science

8694 readers
16 users here now

Ask a science question, get a science answer.


Community Rules


Rule 1: Be respectful and inclusive.Treat others with respect, and maintain a positive atmosphere.


Rule 2: No harassment, hate speech, bigotry, or trolling.Avoid any form of harassment, hate speech, bigotry, or offensive behavior.


Rule 3: Engage in constructive discussions.Contribute to meaningful and constructive discussions that enhance scientific understanding.


Rule 4: No AI-generated answers.Strictly prohibit the use of AI-generated answers. Providing answers generated by AI systems is not allowed and may result in a ban.


Rule 5: Follow guidelines and moderators' instructions.Adhere to community guidelines and comply with instructions given by moderators.


Rule 6: Use appropriate language and tone.Communicate using suitable language and maintain a professional and respectful tone.


Rule 7: Report violations.Report any violations of the community rules to the moderators for appropriate action.


Rule 8: Foster a continuous learning environment.Encourage a continuous learning environment where members can share knowledge and engage in scientific discussions.


Rule 9: Source required for answers.Provide credible sources for answers. Failure to include a source may result in the removal of the answer to ensure information reliability.


By adhering to these rules, we create a welcoming and informative environment where science-related questions receive accurate and credible answers. Thank you for your cooperation in making the Ask Science community a valuable resource for scientific knowledge.

We retain the discretion to modify the rules as we deem necessary.


founded 1 year ago
MODERATORS
 

I saw that people on the dark web would sign their posts with a PGP key to prove that their account has not been compromised. I think I understand the concept of how private and public keys work but I must be missing something because I don't see how it proves anything.

I created a key and ran gpg --export --armor fizz@... and I ran that twice and both blocks were identical. If I posted my public key block couldn't someone copy and paste that under their message and claim to be me?

top 26 comments
sorted by: hot top controversial new old
[–] [email protected] 30 points 1 year ago* (last edited 1 year ago)

What you are doing is exporting your key. Your public key is indeed something you can (and should) share as it enables others to verify that you are indeed who you claim to be (or more accurately, that you're in control of the private key that's linked to that public key). So while you should share your public key, your private key must remain private.

What these people on the dark web are doing is one step further: they sign their messages with their private key. This creates a cryptographic signature that's different for each message (changing a single character in the message will generate a wildly different signature). Anyone with the public key can simply copy that message including the signature and validate it. If even a single character of the message was changed, the signature will not be valid. Thus ensuring others that the person who posted the message is indeed in control of the private key.

Signing is different from encrypting: while encryption renders your message totally unreadable to anyone without the correct key, signing doesn't change the message itself. It simply appends a signature allowing others to check that the message wasn't tampered with.

[–] [email protected] 8 points 1 year ago (1 children)

The short answer is no. A bit longer of an answer is that with the public key, anybody can encrypt data. Only the owner(s) of the private key can decrypt the data. That is a key point: encrypted data by itself is meaningless. If you were to attempt to decrypt random data (or change one single character of valid encrypted data), you’d get literal garbage output. But, valid encrypted data and the corresponding private key can always unencrypt back into the original format.

This is why emphasis is always made to never share or expose your private key. Couple the private key with the always-available public key and you’ve got a man-in-the-middle (MitM) attack. This is where an attacker could decrypt the data with the private key, change it, re-encrypt it with the public key, and send it along to the destination without anybody knowing it was altered.

I hope this helps.

[–] [email protected] 3 points 1 year ago

This and the other comments in the thread help a lot. It's very cool technology

[–] [email protected] 6 points 1 year ago (2 children)

I am probably at a similar experience level to OP and have wondered the following: is there a commonly used, or agreed upon repository for identity verification with PGP or similar? It would be a useful thing to use, the problem is that if you're posting something to a public space, not everyone may have access to your public key for verification. Including the key in the message doesn't seem like it would help much, since someone else could just generate two new keys and still claim to be you without any affiliation. Am I wrong about this? Thanks.

[–] [email protected] 5 points 1 year ago* (last edited 1 year ago) (1 children)

If this is some kind of messaging board, you'd probably put your public key in your profile (I assume that since OP is talking about the dark web that the posters there would rather not share their actual identity).

Let's talk about Alice, Bob and Eve. Alice is an active poster on a dark web forum. She puts her public key on her profile and uses the corresponding private key to sign her messages. If Eve wants to pretend to be Alice, Eve can simply put her own public key on her profile and sign messages with her own private key. But Bob is smart. Rather than just looking at the profile of the poster and copying their key every time, Bob saved it in his key store and assigned it to Alice (possibly even marked it as trusted). When Bob sees a post by Eve, he'll try to validate it. This validation might succeed (if Bob has access to Eve's public key), but it will be clear that the message wasn't signed by Alice's key.

Of course, this all assumes that Bob has quite some knowledge of how this works and is vigilant enough to perform all these validations correctly.

As for the regular internet, there are some services where you can share your public key: keys.openpgp.org is one of these. Of course, as /u/[email protected] says, there's still the matter of trust. You need to make sure that the public key you're using is actually from the right person.

[–] [email protected] 1 points 1 year ago

That's exactly my point. The gold standard would be a key signing party, but given that humans don't tend to talk to each other in meat space much these days, it's more of a rare occurrence than it used to be. I don't really know what the ideal solution would be that would be a good mix of trust, privacy, and ease of use though.

[–] [email protected] 5 points 1 year ago* (last edited 1 year ago)

Key signing parties used to be the thing to do at conferences - imagine a line of people, sheets of paper listing all their key fingerprints, and people showing ID to each other.

[–] [email protected] 3 points 1 year ago* (last edited 1 year ago) (1 children)

EDIT: changed encryption / decryption to signing / veryfing. Thanks for the corrections

Not an expert, those who know more please correct me.

From what I understand, what they post is not a PGP key, but the same content published in clear text signed with their private key. That way anyone can verify it with the author's public key to check it has been generated with the private one (that only one person should have).

[–] [email protected] 3 points 1 year ago (2 children)

You’ve got it backward. You encrypt with the public key, and decrypt with the private key. Otherwise, you’re spot on.

[–] [email protected] 3 points 1 year ago

For signing, it’s backwards - you encrypt with the private key, and then everyone else can decrypt with the public key. If that doesn’t work, they know that the message wasn’t signed by the private key paired with the public key they have, and therefore is invalid and is not to be trusted.

Signing proves authenticity (only the private key holder can sign), encryption provides privacy (only the private key holder can read)

[–] [email protected] 2 points 1 year ago (1 children)

Isn't that for when you want to send a message to someone so only the recipient can read it?

If I understand correctly, OP is asking about signatures to prove the posted content comes from a specific source.

Anyway, thanks for the review!

[–] [email protected] 2 points 1 year ago (1 children)

In a digital signature system, a sender can use a private key together with a message to create a signature. Anyone with the corresponding public key can verify whether the signature matches the message, but a forger who does not know the private key cannot find any message/signature pair that will pass verification with the public key

https://en.m.wikipedia.org/wiki/Public-key_cryptography

[–] [email protected] 0 points 1 year ago* (last edited 1 year ago) (2 children)

Sorry, but I still think I'm saying the same thing as in that paragraph:

[from your link] a sender can use a private key together with a message to create a signature

  • [from my post] the same content published in clear text encrypted with the[ir] private key

[from your link] Anyone with the corresponding public key can verify

  • [from my post] anyone can decrypt it with the author's public key
[–] sotolf 3 points 1 year ago (1 children)

Look at the words you used, encryption is not the same as a signature, with a signature you can prove that a person with access to the private key wrote the message.

What you're talking about in your message is encryption, and you have it the wrong way around, messages gets encrypted with the public key, and can only be read with the private key.

[–] [email protected] 1 points 1 year ago* (last edited 1 year ago) (1 children)

We may be getting somewhere...

what they post is not a PGP key, but the same content published in clear text ~~encrypted~~ with their private key.

So they are not excrypting it, but do we agree that with signatures the author uses their private key + the clear message to generate "something"?

That way anyone can ~~decrypt~~ it with the author's public key to check it has been ~~encrypted~~ with the private one (that only one person should have).

... so then anyone can use the author's public key to check that "something" against the clear mesage to confirm the author's identity?

If that's the case, then my error is that the operation to generate the signature is not an encryption. So, may I ask... what is it? A special type of hash?

Thanks again. I will edit my original comment with the corrections once I understand it correctly.

[–] sotolf 3 points 1 year ago (1 children)

So they are not excrypting it, but do we agree that with signatures the author uses their private key + the clear message to generate "something"?

Yeah sure, and I think the person you are arguing with is saying as much as well, it's just that this is not encrypting it, when you encrypt something you obfuscate it in a way that is possible to deobfuscate, think the caesar cipher as a simple encryption, a hash/signature on the other hand is something that is generated from the clear text using your private key, which is not possible to decrypt, think very simplified that the person would just put the amount of each letter of the alphabet used in in the text, then add the length of the thread, and then multiplied by your private key. This way it's proven that the holder of the private key is the person writing the text, and that the text hasn't changed since the signature was generated.

... so then anyone can use the author's public key to check that "something" against the clear mesage to confirm the author's identity?

They can confirm that the person holding the private key (not identity, just that they have the key) and also that nobody changed it since they signed it (like the person adminning the forum or a moderator or something)

If that's the case, then my error is that the operation to generate the signature is not an encryption. So, may I ask... what is it? A special type of hash?

It's basically a hashing function yeah.

[–] [email protected] 2 points 1 year ago

Thanks, now it's clear.

I corrected my original comment.

[–] [email protected] 2 points 1 year ago (1 children)

You’re not though. You said encryption occurs with the public key and decryption occurs with the private. That’s the opposite of what happens and what the quoted text says.

From the same source:

In a public-key encryption system, anyone with a public key can encrypt a message, yielding a ciphertext, but only those who know the corresponding private key can decrypt

[–] [email protected] 0 points 1 year ago (1 children)

You said encryption occurs with the public key and decryption occurs with the private

I'm sad that I edited some typos on my original message because now you will probably think I changed it. But I said the opposite.

Anyway, there is probably some missunderstanding here and I don't think this conversation is useful.

Thanks for the feedback.

[–] [email protected] 2 points 1 year ago (2 children)

Funny story: you didn’t change the wrong info. The sad part is that you’re spreading misinformation and unwilling to hear otherwise. This is more dangerous than helpful.

[–] [email protected] 1 points 1 year ago (1 children)

How is Crul wrong in anything other than the terminology? You sign a document with your private key - generating basically a hash of the document entangled with your key information. Anyone holding the public key can then verify that hash with the public key - that the document contents are intact and unchanged (from the hash), and generated by the person holding the private key (entangled key information)

[–] [email protected] 1 points 1 year ago (1 children)

Thanks for mediating!

What I'm getting from this dicussion is that, when signing, the operations are not encryption and decryption, but ... hashing and hash-veryfing?

[–] [email protected] 2 points 1 year ago (1 children)

To help you with the terminology, the names for the two operations are "signing" and "verifying". That's it.

What can you do with...

public key private key
Encryption: encrypt decrypt
Signature: verify sign

"Signing" is not at all the same as "encrypting" with the keys swapped. It is a separate specific sequence of mathematical operations you perform to combine two numbers (the private key and the message) to produce a third - the signature. Signing is not called "hashing". A hash may be involved as part of the signature process, but it is not strictly necessary. It makes the "message" number smaller, but the algorithm can sign the full message without hashing it first, will just require computation for longer time. "Hash-verifying" isn't a thing in this context, you made that name up, just use "verify".

@dohpaz42 is mad because you messed up your terminology originally, and thought you were trying to say that you "encrypt" a message with the private key, which is totally backwards and wrong. He didn't know that in your mind you thought you were talking about "signing" the message. Because honestly no one could have known that.

[–] [email protected] 2 points 1 year ago (1 children)

Thanks! re-corrected again.

[–] [email protected] 2 points 1 year ago
[–] [email protected] 0 points 1 year ago

Sorry, I'm very confused. Both of us seem very confident in our positions, so clearly one of use is c/confidentlyincorrect...

I will wait until a third party helps us identify who is wrong and I will be very happy to correct any mistake if that's the case.

load more comments
view more: next ›