Verifying PGP Signatures
pb posted a while back showing how PGP signatures could be integrated into comment systems. It's a slick idea. Of course, as mentioned in the comments on his post, this really only becomes useful if there is a way to verify that the signature is valid, then use a web of trust to determine that the signer is who he says he is.
You can use your desktop PGP client to perform the verification; but what would be really cool is a web-based verification service with a trust web. Verification is easy using my Crypt::OpenPGP perl module:
use Crypt::OpenPGP;
my $pgp = Crypt::OpenPGP->new(
AutoKeyRetrieve => 1,
KeyServer => 'pgp.mit.edu'
);
my $res = $pgp->handle( Data => $data )
or die $pgp->errstr;
print $res->{Validity};
This receives a signed comment in $data, then attempts to verify it using the public key of the user who signed it. The neat thing is that the public key is automatically fetched from a PGP keyserver if it's not already in the local public keyring. So you don't even have to post your public key anywhere to make this work (provided that you have your key in a keyserver, that is), because the signature itself stores your key ID. (That said, though, key distribution could really use some improvements, and it would be great to be able to embed a link to a public key into a <link> tag or something equivalent.)
You can download a script that demonstrates this functionality. You'll need version 1.03 of Crypt::OpenPGP or later (and note that it can be kind of a pain to install all of the prerequisites).
10 Comments
Very cool, if I can actually get Crypt::OpenPGP installed I'll try to follow up on this. I'd love to see this idea catch on.
Ben and Mena, do you see this possibly becoming a feature in future MT releases?
Unless I'm missing something (which seems likely), wouldn't that solve a rather different problem, and one most site owners probably don't want solved? I thought that verifying with a key from a keyserver only told you that the message hadn't been altered since it was signed by whoever it was that uploaded that key. There's nothing to stop me from uploading my own "Dave Winer <dave@userland.com>" key (*rubs hands in gleeful anticipation*), and unless your link to verify says "verify that I haven't altered this comment since it was left by someone, I have no way of knowing who," then you'll just be giving people a false sense of security.
With pb's scheme, if we can manage the "how do I find your key" problem, then you can pop up a window saying "this message validated with a key from scripting.com/pgp_key.txt found linked from scripting.com" or "this message validated with a key from winerlog.inspiredsites.net/davey_key.txt", with maybe some way for people to explore further if they still aren't sure who it really is (since FOAF's my current favorite hammer, I'd vote for following the link tag in the HTML URL to a FOAF file, getting the URL for the key from there, and also getting the list of people that person foaf:knows, so I could explore by saying "well, he says he knows A and A knows him, and I know B who knows A" or "he says he knows A-E, but not one of them knows him, is he real?")
Sorry, should've been clearer. I agree that using a keyserver makes it possible to fake identity--as you said, you can enter anything you want into the identity field of a public key. That's the reason for the web of trust, after all.
The goal with this script was just to demonstrate how key verification can work in a non-desktop-client manner. pb's scheme, as I understand it, covers only the embedding of the signature into a comment on a post. It does not cover verification at all--there is no window to pop up with a "this message validated with a key from scripting.com/pgp_key.txt", because verification is left up to the desktop client. And in the case of a desktop client, if you don't have a public key they often do auto-key-retrieval from a keyserver anyway, so you're not much better off.
Key distribution is very substandard currently. If a distribution method arises that works better than a keyserver and which comes with its own version of a trust web--like the FOAF web that you mentioned--this verification script could easily be modified to take advantage of that. At least, you'd certainly have an easier time modifying this script than a PGP desktop client, I'd imagine. :)
Matt--yes, we definitely foresee some PGP integration in a future MT release. For example, pb's comment signature scheme would be fairly easy to add in and would lay a good groundwork for future work. In terms of verification and some other PGP integration, that may come, too, but we're not sure yet what form it will take.
What would your thoughts be on the ramifications of introducing PGP integration?
What would your thoughts be on the ramifications of introducing PGP integration?
In what sense? On a code or user level?
On a user level, we're (meaning anyone interested in setting up PGP integration in their projects) going to have to make it fairly clear why this is a benefit. Currently, it is fairly easy to sign your mail with a digital signature but for the most part this practice is restricted to a certain subset of geek (for lack of a better word). There needs to be a good amount of education of the general web audience about the benefits of the technology before (or as) it starts being integrated in web services. Otherwise people will either (1) just use it and not know what they are doing and therefore defeating its value (2) just not use it -- what we see happening now.
I've downloaded the freeware and out of everyone I have encountered so far on the internet (since 1997) there's only 2 people that I know of with a PGP Key.
I'm struggling at the moment with encrypting emails although I have managed to email my public key to my friend and I fall into the using but not know what they are doing bracket. I'm going to continue to work away at it and I'll be keeping a record of my developments.
I agree with your points Mena it does seem to be the geek squad with knowledge so lets hope that by raising awareness on the weblog that things will improve.
Here's an additional thought. Make use of a mechanism in commenting that says, please open this snippet of encrypted text with your local pgp private key and give it back to me.
The system would have to know your public key (or hex ID) to start with, you'd have to provide it during some sort of sign up. Or it /could/ be used in an extra text field that was cached (a la 'remember details' cookies).
It'd then have to encrypt something with your key and make it selectable. If you copy some text and use pgp you can decrypt directly from the clipboard. One might imagine using those 'text in picture' sorts of things to increase the complexity. Regardless, you'd then have to provide back some sort of answer. You'd only be able to answer if you'd been able to decrypt the question.
Or perhaps this idea:
http://www.syndic8.com/~wkearney/blogs/syndic8/archives/000117.html
allrighty??? then that's WONDERFUL???? LOL¿¿¿