[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [tor-talk] Server / Browser html PGP Encryption



What are you trying to accomplish?

First note that hidden servers already use RSA, the public key algorithm at the heart of OpenPGP.  The jumble of characters in the hidden service name is actually the fingerprint (or equivalent) of the service's public key.  The service sends you its full public key and your Tor client verifies its fingerprint, allowing you to authenticate the server's identity and send it messages that imposters are unable to intercept.  The extra features of OpenPGP (the protocol behind PGP, GPG, etc) don't add value here, at least not that I can see.

All of this is on top of the strong encryption of the Tor circuit which connects you to the server.

Going in the other direction, why do you want to provide an OpenPGP key to the server?  If it is for authentication,

Conversely, providing an OpenPGP across multiple session serves to identify you to the server(s) involved.  If this is what you want and you are using TLS (e.g. https), then a client certificate might be the right approach since it is already built into TLS.  I say might, because I haven't used client certs myself and don't know whether TorBrowser can be easily configured to use them.


> On 24 Sep 2015, at 2:58 PM, Darren Allen <darreneallen@gmail.com> wrote:
> 
> Once a user has joined an Onion web server, they download the servers PGP
> Public Key, and upload their own PGP Public Key.
> All HTML commication, .jpg images, etc are then encoded by the server using
> the user's Public Key.
> 
> The user has their private key attached the to Tor Browser, (The browser
> could generate a random PGP key set for each Onion site), which then
> decrypts the incoming communication back into HTML etc to be displayed in
> the browser.
> 
> All new page requests, sent by the user, are likewise encrypted using the
> Onion sites Public Key, and decrypted by the server.

Attachment: signature.asc
Description: Message signed with OpenPGP using GPGMail

-- 
tor-talk mailing list - tor-talk@lists.torproject.org
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk