Hockeypuck: Open source GPG keyserver¶
Speaker: | Casey Marshall |
---|---|
Date: | 2013-02-24 |
Site: | http://launchpad.net/hockeypuck |
Intro¶
Public Key Servers to validate identities
GnuPG Keyserver example:
gpg --keyserver ketserver.foo.com --search-keys me@foo.com
Secure email (SMIME), e.g. Thunderbird + enigmail plugin
Verifying software packages (apt, yum, App Store, etc.)
OS packages:
sudo apt-key adv --keyserver keyserver.foo.com --recev 7F0CEB10
Search by name:
gpg --keyserver ks.foo.com --search-keys barack obama gpg: searching for "barack obama" from hkp server ks.foo.com
What is a Key Server?¶
- HKP (HTTP Keyserver Protocol) - RESTful HTTP API
- Read Ops
/pks/lookup?
- ``search={kw} - fingerprint or shortened suffix
op=get
op=index
,op=vindex
- Write Ops
/pks/add
- Merge key material (new sigs, revocations)
- PKS (SMTP Protocol)
SKS: Sync Key Server¶
- Berkley DB storage
- Global distributed db
- SKS global pool, highly distributed and sharded
- Makes it difficult for anyone to control or forge a key
Gazzang zTrustee¶
- Commercial KS, closed source
- Opaque object store
- “You get what you put”
- Built on OpenPGP
- Cannot decrypt
- Multi-factor authorization (email or API)
Hockeypuck¶
- Written in go
- Simplicity, modularity
- “Static duck typing”
- Concurrency
- Backed by MongoDB
- Indexd by reversed fingerprint
- Full-text search
- Pretty fast: 2M keys in ~24 hours
- OpenPGP v3 sigs not yet supported
- Database is the bottleneck (thanks MongoDB)
PGP Self-Signatures¶
- Signature-checking “optional”?
- If you don’t check it, others can add attributes (BAD)
- GPG will throw it out because it is not self-signed and doesn’t match
SKS Reconciliation¶
- Distributed db
- Reperesent db as polynomial, diffs as a ratio
- Share sample points and ... interpolate??
- See: Conflux (github cmars/conflux)
- ...not just for keys anymore!
- Content-addressable things (digitally sign all the things)
- Messages, images, contacts
- File/folder sync
- Location servers
Building Trust¶
- Add multiple factos to a key exch
- rendezvous for key exchange
- identites beyond email (e.g. facebook)
- Keep keyservers distributed
- Promote diversity, avoid monoculture
Identity Management¶
- Certify yourself
- Provide id to ks
- Sign something, upload to an account you control
- Link a public key to OpenID or OAuth accounts?
- Hide yourself
- From all searches?
- Unless search request is signed by X keys?
- Delete yourself!
- Store this key on zero or more keyservers
- “Hey, this key server burned me!”
- Decide for yourself
- Group-level visibility, certifications
SSH¶
Host Authenticity¶
- Trust established the first time you connect (accepting host key)
- SSHFP DNS records
- What about cloud?
- J-PAKE mediated by Hockeypuck
- Secure remote handshaking by intermediary
- Authenticate key out-of-band!
- SSH, shell script wrappers and Hockeypuck
User Authenticity¶
- Some SSH key server you might not know...
- Launchpad (trusted users can see each others SSH keys!)
- GitHub
ssh-import-id gh:cmars lp:kirkland
- Add authenticity with PGP
ssh-import-id pgp:0x44A2D1Db
- “Server-side Monkeysphere”?
Certificate Authorities¶
- ONE KEY TO RULE THEM ALL AND IN THE DARKNESS SIGN THEM (lulz)
- convergence.io protocol, act as notary
- PGP sigs on certs
- “Too big to fail?”
- Translation: “Brings failure to others”
- Or: “Youre’ not trying hard enough”