You are not logged in.

#1 2006-12-23 12:11:56

STiAT
Member
From: Vienna, Austria
Registered: 2004-12-23
Posts: 606

PGP signing - where to start?

Hello everyone,

I've thought on gathering information how pgp signing actually works, background, libs, background knowledge.

I've actually never touched the topic pgp signing, and just wanted to ask if anyone of you got interesting links / papers to read?

Thanks,
STi


Ability is nothing without opportunity.

Offline

#2 2006-12-23 12:38:14

mucknert
Member
From: Berlin // Germany
Registered: 2006-06-27
Posts: 510

Re: PGP signing - where to start?

http://en.wikipedia.org/wiki/Asymmetric_key_algorithm - For a general overview on how this things work.
http://en.wikipedia.org/wiki/Gnupg - For a little bit more specific use.

What else? smile


Todays mistakes are tomorrows catastrophes.

Offline

#3 2006-12-23 15:02:36

Leffe
Member
Registered: 2006-05-30
Posts: 47

Re: PGP signing - where to start?

The GNU Privacy Handbook [1] is an interesting and practical read, which obviously focus on the GnuPG implementation of PGP.

[1] http://www.gnupg.org/gph/en/manual.html

Offline

#4 2006-12-23 22:46:46

xterminus
Member
From: Tacoma, WA, USA, Earth, Sol, M
Registered: 2005-10-30
Posts: 93

Re: PGP signing - where to start?

STiAT wrote:

Hello everyone,

I've thought on gathering information how pgp signing actually works, background, libs, background knowledge.

I've actually never touched the topic pgp signing, and just wanted to ask if anyone of you got interesting links / papers to read?

Thanks,
STi

When you refer to signing, do mean creating a signature for some text or a file you created, or establishing a "Web of Trust" via key signing?

Offline

#5 2006-12-23 23:50:37

STiAT
Member
From: Vienna, Austria
Registered: 2004-12-23
Posts: 606

Re: PGP signing - where to start?

xterminus wrote:

When you refer to signing, do mean creating a signature for some text or a file you created, or establishing a "Web of Trust" via key signing?

Creating a signature for a file i created.


Ability is nothing without opportunity.

Offline

#6 2006-12-24 00:58:57

xterminus
Member
From: Tacoma, WA, USA, Earth, Sol, M
Registered: 2005-10-30
Posts: 93

Re: PGP signing - where to start?

STiAT wrote:
xterminus wrote:

When you refer to signing, do mean creating a signature for some text or a file you created, or establishing a "Web of Trust" via key signing?

Creating a signature for a file i created.

Basically, A hash function takes a long string (or 'message') of any length as input and produces a fixed length string as output, usually called a message digest or a fingerprint.  Common hashing algorithms include MD5 and SHA-1.  GnuPG uses other algorithms, but the idea is the same.  (I think) that this resulting hash is then combined with your private key and "hashed" again to produce a signature.

The signature can then be verified for integrity based on a verification of the message digest, and authentication can be verified based on the data of the hashed value of the private key (which the public key can verify).

The idea for all of this has been around since the late 70's, when Rivest, Shavir, and Adlermann developed the first implementation of PKI.  The most obvious problem with generating signatures is that it requires very sensitive key data.  Maintaining the integrity of private keys is a real PITA.

The most likely solution seems to be a credit-card sized smart-card which performs the cryptography/signatures within the card.  So called "Smart Cards" are available for cheap if your really serious about all of this.

Offline

#7 2006-12-24 11:13:54

STiAT
Member
From: Vienna, Austria
Registered: 2004-12-23
Posts: 606

Re: PGP signing - where to start?

I'm aware of current hashing and encryption methods with private public key systems. It seems as if i've been a bit lazy reading the gnupg homepage, since the information i needed was there. Maybe it was since i felt from the beginning the site isn't very well designed.

I'm a bit bored lately, and this seems to be an interesting topic. I've read the above papers (thanks for all the links).

Actually, i found a point to start with, what makes me happy, i get rid of my boredom.

Let's see how far i get implementing this into a certain program. Years since i developed c the last time.

Thank you all,
STi


Ability is nothing without opportunity.

Offline

Board footer

Powered by FluxBB