[tor-talk] Server / Browser html PGP Encryption

Darren Allen darreneallen at gmail.com
Fri Sep 25 07:38:08 UTC 2015


Apologies, it was a thought based solely on usage of the Tor browser and
Onion websites, I should have read the documentation before suggesting.

Regards,

Darren

On Fri, Sep 25, 2015 at 5:18 AM, Ken Cline <cline at frii.com> wrote:

> What are you trying to accomplish?
>
> First note that hidden servers already use RSA, the public key algorithm
> at the heart of OpenPGP.  The jumble of characters in the hidden service
> name is actually the fingerprint (or equivalent) of the service's public
> key.  The service sends you its full public key and your Tor client
> verifies its fingerprint, allowing you to authenticate the server's
> identity and send it messages that imposters are unable to intercept.  The
> extra features of OpenPGP (the protocol behind PGP, GPG, etc) don't add
> value here, at least not that I can see.
>
> All of this is on top of the strong encryption of the Tor circuit which
> connects you to the server.
>
> Going in the other direction, why do you want to provide an OpenPGP key to
> the server?  If it is for authentication,
>
> Conversely, providing an OpenPGP across multiple session serves to
> identify you to the server(s) involved.  If this is what you want and you
> are using TLS (e.g. https), then a client certificate might be the right
> approach since it is already built into TLS.  I say might, because I
> haven't used client certs myself and don't know whether TorBrowser can be
> easily configured to use them.
>
>
> > On 24 Sep 2015, at 2:58 PM, Darren Allen <darreneallen at gmail.com> wrote:
> >
> > Once a user has joined an Onion web server, they download the servers PGP
> > Public Key, and upload their own PGP Public Key.
> > All HTML commication, .jpg images, etc are then encoded by the server
> using
> > the user's Public Key.
> >
> > The user has their private key attached the to Tor Browser, (The browser
> > could generate a random PGP key set for each Onion site), which then
> > decrypts the incoming communication back into HTML etc to be displayed in
> > the browser.
> >
> > All new page requests, sent by the user, are likewise encrypted using the
> > Onion sites Public Key, and decrypted by the server.
>
>
> --
> tor-talk mailing list - tor-talk at lists.torproject.org
> To unsubscribe or change other settings go to
> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
>
>


More information about the tor-talk mailing list