[CryptoParty] Idea for verifying software

[Kai Engert]

The following idea came up during discussions at Sigint in Cologne.

As you know, everyone who downloads software should verify signatures or
checksums on software, to make sure you aren't using software that has
been tampered with (contains added backdoors, trojans etc.).

This often requires to make a decision, whether a particular signing key
matches the one that should be expected. It's not sufficient to see a
valid signature, it's also important to know, it's signed using the
expected key.

How about creating a public audit trail, by posting expected keys to
this list?

Below I'll write a bit about verifying the origin Tor project software.

If you have a similar trust chain to creators of other software relevant
to cryptoparty, you might want to post the key that you trust on this
list, in a signed email?

Regarding Tor: I believe Roger Dingledine, one of the primary Tor
Project developers, owns the GPG key with the fingerprint below, because
Roger, who gave a Tor presentation at a large conference, gave me a card
with this fingerprint:
F65C E37F 04BA 5B36 0AE6 EE17 C218 5258 19F7 8451.

(BTW the last 8 characters are the short key ID.)

Let's look at a recent Tor software release, the binary file and the
signature file, which are available from:
https://www.torproject.org/dist/torbrowser/linux/tor-browser-gnu-linux-x86_64-2.3.25-10-dev-en-US.tar.gz
https://www.torproject.org/dist/torbrowser/linux/tor-browser-gnu-linux-x86_64-2.3.25-10-dev-en-US.tar.gz.asc

Let's assume you don't have the keys yet required to verify the
signature.

$ gpg tor-browser-gnu-linux-x86_64-2.3.25-10-dev-en-US.tar.gz.asc
gpg: Signature made Wed 26 Jun 2013 11:32:11 PM CEST using RSA key ID
63FEE659
gpg: Can't check signature: public key not found

Let's get the key that created the above signature, and also the one
that I advertised as knowing myself.

$ gpg --keyserver pool.sks-keyservers [dot] net --recv-keys 63FEE659
19F78451
gpg: requesting key 63FEE659 from hkp server pool.sks-keyservers [dot]
net
gpg: requesting key 19F78451 from hkp server pool.sks-keyservers [dot]
net
gpg: key 63FEE659: public key "Erinn Clark <erinn [at] torproject [dot]
org>" imported
gpg: key 19F78451: public key "Roger Dingledine <arma [at] mit [dot]
edu>" imported
gpg: no ultimately trusted keys found
gpg: Total number processed: 2
gpg:               imported: 2  (RSA: 2)

Let's repeat the previous command:
$ gpg tor-browser-gnu-linux-x86_64-2.3.25-10-dev-en-US.tar.gz.asc
gpg: Signature made Wed 26 Jun 2013 11:32:11 PM CEST using RSA key ID
63FEE659
gpg: Good signature from "Erinn Clark <erinn [at] torproject [dot] org>"
gpg:                 aka "Erinn Clark <erinn [at] debian [dot] org>"
gpg:                 aka "Erinn Clark <erinn [at] double-helix [dot]
org>"
gpg: WARNING: This key is not certified with a trusted signature!
gpg:          There is no indication that the signature belongs to the
owner.

Now let's look at the fingerprint of Roger's key. It should match the
one I listed at the beginning of this email, the one found on the card I
received from Roger:
$ gpg --list-keys --fingerprint 19F78451
pub   4096R/19F78451 2010-05-07
      Key fingerprint = F65C E37F 04BA 5B36 0AE6  EE17 C218 5258 19F7
8451
uid                  Roger Dingledine <arma [at] mit [dot] edu>
uid                  Roger Dingledine <arma [at] freehaven [dot] net>
uid                  Roger Dingledine <arma [at] torproject [dot] org>

If it matches, you downloaded the correct key. Now let's check what we
know about Erinn's key.

$ gpg --check-sigs 63FEE659
pub   2048R/63FEE659 2003-10-16
uid                  Erinn Clark <erinn [at] torproject [dot] org>
sig!3        63FEE659 2010-01-16  Erinn Clark <erinn [at] torproject
[dot] org>
sig!         19F78451 2012-12-02  Roger Dingledine <arma [at] mit [dot]
edu>
uid                  Erinn Clark <erinn [at] debian [dot] org>
sig!3        63FEE659 2007-06-19  Erinn Clark <erinn [at] torproject
[dot] org>
sig!         19F78451 2012-12-02  Roger Dingledine <arma [at] mit [dot]
edu>
uid                  Erinn Clark <erinn [at] double-helix [dot] org>
sig!3        63FEE659 2003-10-16  Erinn Clark <erinn [at] torproject
[dot] org>
sig!3        63FEE659 2003-10-16  Erinn Clark <erinn [at] torproject
[dot] org>
sig!         19F78451 2012-12-02  Roger Dingledine <arma [at] mit [dot]
edu>
sub   2048R/EB399FD7 2003-10-16
sig!         63FEE659 2003-10-16  Erinn Clark <erinn [at] torproject
[dot] org>

This means, Roger apparently trusted that key 63FEE659 belongs to Erinn,
another member of the Tor project, and confirmed so by signing Erinn's
key.

If you trust my statements about key ownership, and if you trust Roger's
statements about key ownership, then you know which key is owned by
Erinn. If you trust that Erinn is a member of the Tor project, trust
that Erinn is authorized to create Tor software releases, and you see
Erinn's signature, made using the above key, on a Tor software release,
then you can conclude the software you have obtained is most likely
identical with the software that the Tor project released (unless
someone hacked Erinn and abused his private key).

BTW, I've signed Roger's key. Get my key:

$ gpg --keyserver pool.sks-keyservers [dot] net --recv-keys 25007724
gpg: requesting key 25007724 from hkp server pool.sks-keyservers [dot]
net
gpg: key 25007724: public key "Kai Engert (at work) <kaie [at] kuix
[dot] de>" imported

Now let's check the signatures on Roger's key:
$ gpg --homedir /tmp/keydir/ --check-sigs 19F78451
pub   4096R/19F78451 2010-05-07
uid                  Roger Dingledine <arma [at] mit [dot] edu>
sig!         63FEE659 2010-07-29  Erinn Clark <erinn [at] torproject
[dot] org>
sig!         25007724 2013-01-20  Kai Engert (at work) <kaie [at] kuix
[dot] de>
sig!3        19F78451 2010-05-07  Roger Dingledine <arma [at] mit [dot]
edu>
sig!3        19F78451 2010-05-07  Roger Dingledine <arma [at] mit [dot]
edu>
uid                  Roger Dingledine <arma [at] freehaven [dot] net>
sig!         63FEE659 2010-07-29  Erinn Clark <erinn [at] torproject
[dot] org>
sig!         25007724 2013-01-20  Kai Engert (at work) <kaie [at] kuix
[dot] de>
sig!3        19F78451 2010-05-07  Roger Dingledine <arma [at] mit [dot]
edu>
sig!3        19F78451 2010-05-07  Roger Dingledine <arma [at] mit [dot]
edu>
uid                  Roger Dingledine <arma [at] torproject [dot] org>
sig!         63FEE659 2010-07-29  Erinn Clark <erinn [at] torproject
[dot] org>
sig!         25007724 2013-01-20  Kai Engert (at work) <kaie [at] kuix
[dot] de>
sig!3        19F78451 2010-05-07  Roger Dingledine <arma [at] mit [dot]
edu>
sig!3        19F78451 2010-05-07  Roger Dingledine <arma [at] mit [dot]
edu>
sub   4096R/0DCC0FE1 2013-05-09 [expires: 2014-05-09]
sig!         19F78451 2013-05-09  Roger Dingledine <arma [at] mit [dot]
edu>

My key ID 25007724 signed Roger's key. If you check the signature on
this email, you should get a valid signature from the same key.

If you check the signatures on my key, e.g. at
http://pgp.mit.edu:11371/pks/lookup?search=0x25007724&op=index
you should see that many people have confirmed that key ID 25007724
belongs to a person with my name.

Hope this helps.
Regards,
Kai

PS: In this email, I've slighty tweaked the email address to make them
look less like an email address to spam bots.

PS2: There's also a general page for verifying signatures on Tor
software at https://www.torproject.org/docs/verifying-signatures.html.en
- although I was told that the page should get an overhaul, it's
probably still helpful.

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 836 bytes
Desc: This is a digitally signed message part
URL: <http://cryptoparty.is/pipermail/global/attachments/20130708/8ac33c12/attachment.sig>