Anyone know whether PGP has plans for session key extractor

Chris Ritson C.R.Ritson at newcastle.ac.uk
Thu, 27 Jul 2000 10:03:29 +0100 

>On Wed, 26 Jul 2000, Robert Guerra wrote:
>
>> b. GnuPG, www.gnupg.org -> an independant implenetation of the openpgp
>> specs (ie. not by PGP/NAI). it's developper, Werner Koch is in Germany..and
>> hence might be appealing to the europeans.
>
>I have not followed this ML very closely for the last weeks, so I'd
>appreciate if someone can tell what kind of feature you need and why.
>I have always refused to add code especially to cope with proposed
>laws - however if there is nothing to stop the politicans I will help
>to ensure that we can find a way to protect our privacy as far as we
>can.
>
>I guess you need a utility to just extract the session key and which
>can decrypt a message given the session key?

Although It was not my suggestion on this list, I had already suggested the
following summer project (not taken up) which might provide a starting
point for a change request. The main point of this suggestion, having
re-read it, is to extract a single encryption sub-key without its
signatures; then to put it into a new PGP key (containing a different and
possibly non-functional signature sub-key), which could be exported as
ascii and handed over. The sub-key would automatically be revoked, with
this revokation certificate being uploaded to approriate servers without
further user interaction. The point of doing it this way, rather than
working with session keys (even though that is preferable from many users
point of view) is that it is then possible to give PLOD exactly what is
required in the warrant, and no more, without requiring him to use
non-standard decryption software. It would then be good practice to work
with relatively short life encryption keys, (say 1 week to 1 year), which
are deleted as a matter of routine a suitable period after expiry. If
nothing else, the RIP bill is going to encourage good cryptographic
practice...

     Proposed government legislation - the "Regulation of
     Investigatory Powers" bill may require people to surrender, under
     warrant, cryptgraphic keys in their possession. References:-

	http://www.homeoffice.gov.uk/oicd/ripbill.htm
	http://www.fipr.org/rip/parliament.html

     PGP6 uses a random symmetric
     session key (eg 3-DES) to encrypt a message and then encrypts that
     session key with the recipient's public Diffie-Hellman encryption key
     and sends it with the message. The session key and hence the message is
     recovered using the associated private Diffie-Hellman decryption key.
     The Diffie-Hellman encryption/Decryption key is intimately bound with a
     Distributed Signature Standard signature key and both are stored in a
     PGP key-ring encrypted under a key derived from a user passphrase. If
     served with a key-access warrant it may (SHOULD in my optinion) be
     acceptable to law enforcement officials to surrender the session key or
     possibly a single Diffie Hellman decryption key, rather than to
     surrender the entire DH/DSS key or the private key ring. Surrendering
     either of the latter two items will cause the person served with the
     warrant much more inconvenience to put it mildly. Design and write a
     program (initially command line based, a graphical interface being
     optional) to chop up and extract either or both of a session key or a
     single DH decryption key and put it into a form in which it will be
     useful to law enforcement personnel, while at the same time revoking
     this key and causing as little co-lateral damage as possible.

Chris Ritson
--
EMAIL: C.R.Ritson@newcastle.ac.uk  POST: Chris Ritson,
PHONE: +44 191 222 8175                  Department of Computing Science,
FAX  : +44 191 222 8232                  University of Newcastle upon Tyne,
ROOM : 618 Claremont Bridge (the Mill)   United Kingdom NE1 7RU.