-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Joanna Rutkowska wrote:
> On Sat, Mar 07, 2015 at 04:10:10AM +0000, Axon wrote:
>> HW42 wrote:
>>> Axon:
>>>> HW42 wrote:
>>>>> Hi,
>>>
>>>>> I developed (a prototype of) split-gpg for GnuPG 2.1
>>>>> (simply called split-gpg2).
>>>
>>>>> Since the newly released (see [0]) GnuPG version 2.1.0 the
>>>>> private keys are manged by the gpg-agent.
>>>
>>>>> For split-gpg this enables some nice new features:
>>>
>>>>> - you import public keys in the client domain. So no
>>>>> untrusted data in the server domain.
>>>
>>>> So, does this finally allow for signing other people's keys
>>>> without having to import untrusted public key data into the
>>>> trusted backend domain?[4]
>>>
>>> Yes.
>>>
>>>> If so, how does that work, given that gpg-agent can never
>>>> have access to the public key data?
>>>
>>> The key get imported in the frontend domain. I.e. the
>>> PGP-packet parsing etc. is done there. Only the cryptographic
>>> operation that requires the secret key is done in the backend
>>> domain. This is similar like Smartcards/HSMs are working.
>>>
>>> The communication looks like this (frontend >>> backend):
>>>
>>> [...]
>>>
>>> For more details see the documentation of the gnupg-agent
>>> protocol. It might also be helpful to look at the log option of
>>> split-gpg2 and the test.rb in the source repo.
>>>
>
>> Great! Thank you for doing this!
>
>
> [Resending using inline PGP signature, so Google Groups don't break
> it]
>
> There is, however, one advantage of sticking to the current Split
> GPG architecture (which requires import of all the untrusted keys
> into GPG backend VM) over this GPG v2.1 fully split model --
>
> Namely in the current Split GPG architecture the backend VM sees
> the actual document before it gets signed (as well as it sees the
> document once it got decrypted). This allows this backend VM to
> display it to the user, or generate a somehow meaningful log of
> events (for audit) of what documents have been signed and/or
> decrypted. The backend VM might use Disposable VMs to present
> documents-to-be-signed to the user (via qvm-open-in-dvm) to given
> even better control over what the keys are used for to the user.
> (This obviously would not work for git tags signing though).
>
> This is currently not implemented, but I've been thinking of adding
> this at some point, i.e. when-have-more-time (TM). And we can't
> have this when using the new, fully split model, because than the
> backend VM only sees the hash, which is really meaningless.
>
> joanna.
>
One kind of hash value which isn't entirely meaningless is a PGP key's
fingerprint, which is in fact the SHA-1 hash of a subset of the key
data.[1][2] We already rely on these fingerprints to uniquely identify
keys, so if this were the hash value which the backend domain sees,
and if the user could verify that this fingerprint is correct (by
viewing it in the backend domain before signing), she could be
confident that she's signing the correct key.
In fact, this could be taken a step further. There could be a GPG
command which accepts a key fingerprint as an argument, signs it with
a private certification key of the user's choosing, and outputs a
public "detached key signature" file. Anyone who then imports this
file to their public keyring will be adding the signature of the
signing key to any key which bears the fingerprint which was signed.
(Ex hypothesi, there will exist at most one such key.)
This functionality would allow for key signing to occur in isolated
vault VMs as well as on physically air-gapped machines. (It is,
therefore, of interest not only to Qubes users, but to everyone tasked
with safeguarding valuable certification keys.[3])
The best part of this scheme is that absolutely no copying or
transferring of any data onto the secure machine is required (no
qvm-copy, no inter-vm clipboard). In fact, we don't even have to use
split-gpg for this, which makes it ideal for use with a subkey
setup,[4] where the certification key isn't present in the split-gpg
backend domain anyway. The only required input is the target key's
fingerprint, which is manually verified and entered by the user.
[1]
https://tools.ietf.org/html/rfc4880#section-12.2
[2]
https://tools.ietf.org/html/rfc4880#section-5.5.2
[3] Of course, users of physically air-gapped machines don't have the
option of simply using qvm-copy to securely copy the resultant "key
signature" file out of the secure machine. If they use USB drives,
they jeopardize the secure of the air-gapped machine, but if they
write the file to blank disposable media, the situation looks better.
[4]
https://wiki.qubes-os.org/wiki/UserDoc/SplitGpg#Advanced:UsingSplitGPGwithSubkeys
-----BEGIN PGP SIGNATURE-----
iQIcBAEBCgAGBQJU+vY7AAoJEJh4Btx1RPV844cQAO7EN8XyBOMOEUVRU5Ee7/mg
9LU/pLe9O5uzajdL9q7Ps+ZdMLcDCZMe6OZLlApc6HZC0ohDCVxTolJMHzRstY+u
INJa/IOewHPTUSIC7hy6/senC3jIHmYJEMjx2kahjBoj72XyWaMFv0a14ZYKPjGv
hIZzHGG5m/xbKt0eVj4A+czDrzgFmxjDunmZOBlDXV5HzYh/KmYW0agsm6Aqezg6
jddwr+/4aR5DETlvY/ruNcmJ8wwVJkpKVy8kIeM3OYjet+dT+II8hbbIfyVy3e5k
ZMjzPyKlE48IImJSZWzCpoTsrnsWhKHwlYs1zBa3U+LLCx40mvp4NVh6iTnwhR/T
c6zuXdR/AzfW81Uz0pHi1E4AITIXZu5Dkr25Dii6sxZMa6Wsvgjfbb8d3C/dUoId
cTUTdFZ8ww9POUnwZsjoo0JNuadZFaDFSfEK6hD41B+Yg5+nI8kurTd+Np3QVWmx
7/GHpLujR3tJpRVH8ZXxJEri0PazLDUJdUnJA75t8ogKGYRWO5M8JfBVurWLyOXl
3FGONPqA5RdP+nvC6O47iTOy/PZDV5YddBwC0/Gw3GtCJ5v1QYEUA7DVsld4phQy
GOS9GPPUWivxUXVKDB8r5G/m3bBko/vLsr+1FHwszmIljLYl1hLnAQsyXbxcK8n7
+HzJ1Tu5bMwIOJV22o0B
=XWoI
-----END PGP SIGNATURE-----