views:

250

answers:

2

As an example, let's say that Alice signs a message with her secret key and encrypts the message and signature with Trent's public key. Trent decrypts the message and signature with his secret key, verifies Alice's signature using her public key, and then re-encrypts the message and Alice's signature using Bob, Carol and Zoe's public keys. The three of them are able to decrypt the message with their own secret keys and verify Alice's signature using her public key. In this role Trent acts like a trusted third party mailing relay.

I've been able to use gpgsplit to generate the separate packets from the outer-most encrypted message (the encrypted session key and the symetric encrypted data packet), but do not know how to get the data packets from the message once it has been decrypted. Looking at the output from gpg --list-packets, I'm interested in the 'onepass_sig', 'literal data' and 'signature' packets that are nested in the 'encrypted data' packet:

:pubkey enc packet: version 3, algo 16, keyid 366DE80896CDC35C
        data: [2048 bits]
        data: [2048 bits]
:encrypted data packet:
        length: 205
        mdc_method: 2
gpg: encrypted with 2048-bit ELG-E key, ID 96CDC35C, \
      created 2008-04-06 "Test Key "
:compressed packet: algo=2
:onepass_sig packet: keyid 317BCDBAC7BE611A
        version 3, sigclass 00, digest 2, pubkey 17, last=1
:literal data packet:
        mode b (62), created 1207514699, name="clear.txt",
        raw data: 128 bytes
:signature packet: algo 17, keyid 317BCDBAC7BE611A
        version 3, created 1207514699, md5len 5, sigclass 00
        digest algo 2, begin of digest 8e 1e
        data: [158 bits]
        data: [158 bits]

I'd like to do this with the command line gpg tools, but have not found any way to extract the individual packets and then to re-assemble them with a new symetric session key. Another option that I am considering is to use the Perl module Crypt::OpenPGP, or perhaps raw access to libgcrypt. The easy API of gpgme doesn't seem to have the flexibility to do what I need, although I might be overlooking something.

A: 

Hudson, what EXACTLY are you trying to do? Do you want to get the raw message text back, and re-encrypt it? You can't re-sign it or anything, it takes a private key of the signer to do that...

And if you break up the packets, the signatures will NEVER match up.

You COULD pull the original text out, and even key info from the original signers. (Since it's just a hash of the data encrypted with a private key). You can look at the packets yourself in C++... I have some code that looks at each packet inside the block of data, and tells you what sort of packet it is.

I haven't used GPG in almost 10 years, so I don't know all the tools/parameters it offers....

Not even sure this reply will help you at all, but while I was working on Public Key Cryptography, it was one of the coolest pieces of code I've ever written. I'm STILL amazed at what these savants have been able to do with just MATH... When you hear about it, it sounds like a load of crap, but, dammit if they don't do exactly what they say.. And they did it BACK IN THE 70's!

Whew! Can you imagine debugging your new "PKE" THEORY technology with a slide-rule?

LarryF
I don't want to resign anything; I want to reuse the original signature and generate new encrypted session key packets so that additional readers can decrypt the message and verify the original signature. I've written a proof-of-concept: http://www.osresearch.net/wiki/index.php/Sphinx_Remailer
Hudson
Hudson, you should contact me offline. (Off StackOverflow). I'm interested in your idea, and may be able to help with the development. I read your page, and it makes a lot of sense to me. I didn't see a way to contact you via that page, however.
LarryF
+2  A: 

Ok, so in order to generate new session keys for signing, you have to decrypt the original message, and re-encrypt it with someones key. PKCS will always generate a session key for every message. This increases the security of PGP, GPG, etc, by using say, RSA to encrypt just a session KEY for the encryption method used. (Not to mention, RSA is too slow to encrypt vast amounts of data).

Check out RFC 2440 if you want to know the dirty details on how PGP (actually OpenPGP) message packets are formed...

I can't seem to locate my code I wrote all that time ago to parse the packets, but when I find it, I'd be happy to post it to give you an example of how these packets are constructed. (The RFC should tell you, but sometimes it's hard to just read the RFC, and say, "Oh yea, /THAT'S/ how they do it.."..

Well, at least it is for me.

LarryF