TY  - THES
AB  - The cryptographic protocol OpenPGP exists since 1991 and is used for the encryption and signing of e-mails and data. OpenPGP uses public key cryptography and requires that key authenticity is verified in a secure manner. Historically this is done via key servers and a decentralized trust model, the Web of Trust. In this thesis, we describe and analyze the OpenPGP key exchange method “Web Key Directory”. We provide security definitions for OpenPGP key exchange methods. Based on these definitions, we evaluate whether the Web Key Directory specification and its reference implementation are secure. We find inconsistencies and specification gaps in the Web Key Directory specification draft. We reveal that the main assumption of the Web Key Directory Update Protocol is too vague. We describe several scenarios and interpretations of the main assumption and analyze them. We can show that the Web Key Directory Update Protocol is vulnerable in multiple scenarios and interpretations. Furthermore, we find errors in the reference implementation. We could utilize errors to describe an attack on the reference implementation with almost no assumptions. It allows an attacker to illegitimately publish OpenPGP keys for any e-mail address for any domain of a Web Key Directory provider.
AU  - Breuch, Philipp Michael
CY  - Paderborn
DA  - 2022
DO  - 10.17619/UNIPB/1-1654
DP  - Universität Paderborn
LA  - eng
N1  - Tag der Abgabe: 07.07.2022
N1  - Universität Paderborn, Bachelorarbeit, 2022
PB  - Veröffentlichungen der Universität
PY  - 2022
SP  - 1 Online-Ressource (viii, 109 Seiten)
T2  - Institut für Informatik
TI  - Web Key Directory and other key exchange methods for OpenPGP
UR  - https://nbn-resolving.org/urn:nbn:de:hbz:466:2-44164
Y2  - 2026-01-24T08:13:43
ER  -