Bibliographic Metadata
Bibliographic Metadata
- TitleWeb Key Directory and other key exchange methods for OpenPGP / Philipp Michael Breuch ; Supervisors: Prof. Dr.-Ing. Juraj Somorovsky, Dipl.-Math. Marcus Brinkmann
- Author
- Participants
- Published
- Description1 Online-Ressource (viii, 109 Seiten)
- Institutional NoteUniversität Paderborn, Bachelorarbeit, 2022
- AnnotationTag der Abgabe: 07.07.2022
- Date of Submission07/07/2022
- LanguageEnglish
- Document TypesBachelor Thesis
- URN
- DOI
Links
- Social MediaShare
- Reference
- IIIF
Files
Classification
Abstract
The cryptographic protocol OpenPGP exists since 1991 and is used for the encryption and signing of e-mails and data. OpenPGP uses public key cryptography and requires that key authenticity is verified in a secure manner. Historically this is done via key servers and a decentralized trust model, the Web of Trust. In this thesis, we describe and analyze the OpenPGP key exchange method “Web Key Directory”. We provide security definitions for OpenPGP key exchange methods. Based on these definitions, we evaluate whether the Web Key Directory specification and its reference implementation are secure. We find inconsistencies and specification gaps in the Web Key Directory specification draft. We reveal that the main assumption of the Web Key Directory Update Protocol is too vague. We describe several scenarios and interpretations of the main assumption and analyze them. We can show that the Web Key Directory Update Protocol is vulnerable in multiple scenarios and interpretations. Furthermore, we find errors in the reference implementation. We could utilize errors to describe an attack on the reference implementation with almost no assumptions. It allows an attacker to illegitimately publish OpenPGP keys for any e-mail address for any domain of a Web Key Directory provider.
Content
Stats
- The PDF-Document has been downloaded 38 times.
License/Rightsstatement