Anyone know whether PGP has plans for session key extractor

Anthony Naggs cryptlist at ubik.demon.co.uk
Wed, 26 Jul 2000 23:41:17 +0100 

In message <GFniHeGNdyf5EAVD@turnpike.com>, Richard Clayton
<richard@turnpike.com> wrote
>Hash: SHA1
>
>In article <20000726191025.L19455@djebel.openit.de>, Werner Koch
><wk@gnupg.org> writes
>>
>>I have not followed this ML very closely for the last weeks, so I'd
>>appreciate if someone can tell what kind of feature you need and why.
>
>The way that Part III of RIP is written, in the unusual circumstances
>where a Chief Constable (or a Brigadier or other Important Person)
>requires you to divulge a key to enable protected information to be
>divulged - then you may divulge ANY key that allows access.
>
>The obvious key to divulge is the session key since that will be (if PGP
>is working properly!) unique to that message. ie: no other messages can
>be decrypted with that key.

Yes.

>>I have always refused to add code especially to cope with proposed
>>laws - however if there is nothing to stop the politicans I will help
>>to ensure that we can find a way to protect our privacy as far as we
>>can.
>>
>>I guess you need a utility to just extract the session key 
>
>yes

[snip Turnpike related stuff]

>>and which
>>can decrypt a message given the session key?
>
>You could write this program if you wished ! However I suspect GTAC have
>set aside some of their budget for producing this software themselves :)

This would not be good enough.  Remember the user served with the order
will have to unlock their private key with their password in order to
decrypt the session key!

I think most people receiving such an order would rather use an
independently written utility, that is preferably open to public review,
than a program developed by/for GCHQ.

IMO a variant of PGP's ASCII armoured would be the best format.  Tags
around the armouring will identify it as a session key, the armouring
will allow a choice of medium to convey the session key: disk; email or
for the size of data involved, even hardcopy.

Within the Session Key file things can be pretty minimal, basically it
needs to convey what cipher the key was used with and the actual session
key.


A law enforcement/security agency supplied program may be suspected
naughty things like: conveying your private key instead of the session
key; leaking part of your private key; or leaking information about
other private keys you have in your keyring files.


Regards.
-- 
Anthony Naggs