[tor-bugs] #9443 [BridgeDB]: Generate and secure pgp keys for bridges.tpo
Tor Bug Tracker & Wiki
blackhole at torproject.org
Sun Sep 8 22:40:08 UTC 2013
#9443: Generate and secure pgp keys for bridges.tpo
--------------------------+----------------------------
Reporter: sysrqb | Owner: isis
Type: task | Status: assigned
Priority: major | Milestone:
Component: BridgeDB | Version:
Resolution: | Keywords: bridgedb-email
Actual Points: | Parent ID: #5463
Points: |
--------------------------+----------------------------
Comment (by isis):
Also, to facilitate getting smartphone users to actually verify the
fingerprint, I could put either:
1. A QR code of the fingerprint as a UID on the primary certification
key.
2. A QR code of a link to some webpage, e.g.
https://bridges.torproject.org/verify.html with instructions for what to
do and a signed statement containing the fingerprint.
Option #1 is nice because the people making APG and Gibberbot and similar
tools have started putting support for scanning QR code to verify
fingerprints.
The latter option is nice because it will (hopefully) make our help desk
have to deal less with helping people with PGP/GPG (which sounds hellish
to me).
Actually, it occurs to me that these things can be combined. Here's what I
am going to do:
1. Primary keypair:
- RSA 4096-bit
- Stored: Offline, not on a smartcard, because apparently we can't
put it on a smartcard, not even if we reduce it to 3072-bit.
- Lifetime: indefinite
- I could make it be an 8192-bit key, though I am not sure how far
back GnuPG allows this keysize (it's at least a couple years now), and I
have no idea if PGP or APG will handle it correctly.
- UID 1: `BridgeDB <bridges at bridges.torproject.org>`
- UID 2: photoID, containing QR code of the fingerprint of secret
portion of Primary keypair
- Certification Notation: `bridges at bridges.torproject.org=<primary
key fingerprint>`
- Certification Notation:
`verified at bridges.torproject.org=<fingerprint of the key we're
certifying>`
- Certification Notation:
`certified.count at bridges.torproject.org=<number of certifications>`
2. Signing subkey:
- RSA 4096-bit
- Stored: online, on ponticum.
- Lifetime: 1 year
- Signature notation: `bridges at bridges.torproject.org=<primary key
fingerprint>`
- Signature notation: `sig.count at bridges.torproject.org=<number of
signatures thus far>`
- Signature notation: `signed.data at bridges.torproject.org=<filename
signed>`
3. Encryption Subkey:
- Same as signing subkey, without the notations.
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/9443#comment:5>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list