[dev] PGP support for IMP - A start...

Cliff Green green@UMDNJ.EDU
Wed, 27 Mar 2002 14:03:05 -0500


Quoting Jan Schneider <jan@horde.org>:

> Zitat von Michael M Slusarz <slusarz@bigworm.colorado.edu>:

[munch] 
> I would rather create it as a driver-like Horde library. Horde_Crypt:: in
> lib/Crypt.php and Horde_Crypt_GPG in lib/Crypt/GPG.php. We can then
> easier add other crypto plugins later.

Do you have a framework, or outline, or sketch for this yet, and maybe an
api for it?  Or some ideas for same?  I'd like to look at adding an x509
(s/mime) plugin.

[munch]
> Another step to more security may be that we enable private keys (upload
> and usage) only if we have a https connection.

I think that's a sine qua non - no ssl, no private keys.  

> One thing we have to discuss is, if it is less secure to store
> unencrypted private keys on a public sql/ldap server

I think it's unacceptable to store private keys in an unencrypted form, no
matter how secure the host.  Although a first pass at this should at least
prompt for a passphrase to unlock the key (with a preference for prompting
at each use or no?), future effort may need to look into hardening that. 
There's some interesting literature (tedious, but interesting) on hardening
single-factor authentication, though I don't know how relevant that is for
Horde/Imp.  For example, VeriSign uses a downloadable ActiveX applet, with
two remote servers to rebuild one's private key.  Unfortunately, their
product can't be used for s/mime (only for authentication).  (And it's not
really as secure as their sales staff would like you to believe.)

> or to pass the clear text passphrase from the browser every time we use a 
> private key.

With a required https connection, the vulnerability would be at the server,
right?  At what point(s) would the passphrase be sniffable or capturable? 
Can thost junctures be protected by hashing the passphrase for comparison to
a hashed version of the one stored in prefs?  Wouldn't a hash be just as
vulnerable?

c
-- 
Cliff Green
Academic Computing Services - UMDNJ
Signature under NDA

-----------------------------------------------------
This mail sent through IMP: the Internet Mail Program