Discussion:
Encryption using public key
(too old to reply)
emic
2008-10-24 02:31:03 UTC
Permalink
Question.

I have my customers send their credit card data using a SSL
certificate to my (shared) hosting server. ( Using a standard HTML
form )
So that part should be safe.
In this server I encrypt the data with my public key and email it to
me. The script that gets the creditcard data immediately unsets the
plaintext after encrypting it.
The PGP encoded data send to me ( over standard mail ) is only
readable to me using the private key stored only on my local USB
stick. So far so good I would say.

The encrypted data I only decrypt when I need it. ( I get the Credit
card data as a guarantee, and only use it when my customer fails on
me )

But suppose somebody hacks my account, and replaces the public key for
another public key ( their own )
I can only detect that when I try to decrypt the file, ( which
obviously would fail )

Is there a way to detect that immediately ? (maybe in plaintext in the
encrypted file the public keyowner )
Roberto Franceschetti
2008-10-24 03:33:15 UTC
Permalink
On 10/23/08 10:31 PM, in article
Post by emic
Question.
I have my customers send their credit card data using a SSL
certificate to my (shared) hosting server. ( Using a standard HTML
form )
So that part should be safe.
In this server I encrypt the data with my public key and email it to
me. The script that gets the creditcard data immediately unsets the
plaintext after encrypting it.
The PGP encoded data send to me ( over standard mail ) is only
readable to me using the private key stored only on my local USB
stick. So far so good I would say.
The encrypted data I only decrypt when I need it. ( I get the Credit
card data as a guarantee, and only use it when my customer fails on
me )
But suppose somebody hacks my account, and replaces the public key for
another public key ( their own )
I can only detect that when I try to decrypt the file, ( which
obviously would fail )
Is there a way to detect that immediately ? (maybe in plaintext in the
encrypted file the public keyowner )
If I interpret your email correctly, you're concerned that someone hacks
into your webserver (where the encryption occurs), replaces your public key
with theirs, and allowing them to thus decrypt the files.

Depending on your "level of paranoia" :-), you could, before encrypting the
file(s), check to ensure that the "Key ID" of the public key being used,
matches to your own Key ID.
It is however possible to generate PGP keys that have a specific Key ID. So
the next level would be to check both the Key ID and the key's fingerprint.
But once more, it is also theoretically possible to generate a public key
with a specific Key ID and fingerprint. What is currently thought is however
that a pub key cannot be generated to match combination of three selected
parameters, ex Key ID, fingerprint and key length. So if you check these 3
you can be pretty sure the key is really your key.

But...

If a hacker really got into your system you will have waaaaaay more security
problems than these, as they can plant trojans, alter your code so that the
Credit Card data is emailed to *them* in clear even before you encrypt it
:-) and so on...

PS - I quoted http://www.netbsd.org/developers/pgp.html for the key
generation flaws that allow key id's and fingerprints to be selected at
will.
--
Roberto Franceschetti
LogSat Software
http://www.logsat.com
David E. Ross
2008-10-24 05:18:38 UTC
Permalink
Post by Roberto Franceschetti
On 10/23/08 10:31 PM, in article
Post by emic
Question.
I have my customers send their credit card data using a SSL
certificate to my (shared) hosting server. ( Using a standard HTML
form )
So that part should be safe.
In this server I encrypt the data with my public key and email it to
me. The script that gets the creditcard data immediately unsets the
plaintext after encrypting it.
The PGP encoded data send to me ( over standard mail ) is only
readable to me using the private key stored only on my local USB
stick. So far so good I would say.
The encrypted data I only decrypt when I need it. ( I get the Credit
card data as a guarantee, and only use it when my customer fails on
me )
But suppose somebody hacks my account, and replaces the public key for
another public key ( their own )
I can only detect that when I try to decrypt the file, ( which
obviously would fail )
Is there a way to detect that immediately ? (maybe in plaintext in the
encrypted file the public keyowner )
If I interpret your email correctly, you're concerned that someone hacks
into your webserver (where the encryption occurs), replaces your public key
with theirs, and allowing them to thus decrypt the files.
Depending on your "level of paranoia" :-), you could, before encrypting the
file(s), check to ensure that the "Key ID" of the public key being used,
matches to your own Key ID.
It is however possible to generate PGP keys that have a specific Key ID. So
the next level would be to check both the Key ID and the key's fingerprint.
But once more, it is also theoretically possible to generate a public key
with a specific Key ID and fingerprint. What is currently thought is however
that a pub key cannot be generated to match combination of three selected
parameters, ex Key ID, fingerprint and key length. So if you check these 3
you can be pretty sure the key is really your key.
But...
If a hacker really got into your system you will have waaaaaay more security
problems than these, as they can plant trojans, alter your code so that the
Credit Card data is emailed to *them* in clear even before you encrypt it
:-) and so on...
PS - I quoted http://www.netbsd.org/developers/pgp.html for the key
generation flaws that allow key id's and fingerprints to be selected at
will.
I believe the cited "PGP Key Management Guide for NetBSD developers" is
referring only to RSA v.3 keys (RSA "legacy" keys).

It's not that easy to generate a key for a given fingerprint. However,
it is known that there are legitimate keys that have the same
fingerprint as other legitimate keys. This happens by coincidence, not
by intent. In all cases, the key lengths have been different when two
different keys have the same fingerprint. I'm not sure, but I think
this has happened only with RSA v.3 keys.

For RSA v.3 keys, there is a real difference between the key ID and the
fingerprint. For those keys, having all three -- key ID, fingerprint,
and length -- is meaningful.

For RSA v.4 keys and DH/DSS keys, the key ID is merely the last 8 hex
digits of the fingerprint. If you have the fingerprint, you
automatically have the key ID. For these keys, you must be satisfied
with only fingerprint and length.
--
David E. Ross
<http://www.rossde.com/>

Q: What's a President Bush cocktail?
A: Business on the rocks.
Arthur T.
2008-10-24 06:20:15 UTC
Permalink
In
Post by emic
In this server I encrypt the data with my public key and email it to
me. The script that gets the creditcard data immediately unsets the
plaintext after encrypting it.
<snip>
Post by emic
But suppose somebody hacks my account, and replaces the public key for
another public key ( their own )
I can only detect that when I try to decrypt the file, ( which
obviously would fail )
If they can hack your server, they could likely just take the
unencrypted data and send it to themselves. I expect that that
would be much easier than sending *you* data with encrypted to them,
and hoping to grab the e-mail in flight.

However, to answer the question you actually asked...

You don't say if you're using PGP or GPG. With my version of
PGP, when I go to decrypt, it shows what keys it's encrypted to.
You could do that much, and then not type in a password. Even
though the fingerprint isn't displayed, it will tell you if it's not
encrypted to a key you can decrypt.
--
Arthur T. - ar23hur "at" intergate "dot" com
Looking for a z/OS (IBM mainframe) systems programmer position
John Wunderlich
2008-10-24 16:03:33 UTC
Permalink
Post by Arthur T.
In
Post by emic
In this server I encrypt the data with my public key and email it
to me. The script that gets the creditcard data immediately
unsets the plaintext after encrypting it.
<snip>
Post by emic
But suppose somebody hacks my account, and replaces the public
key for another public key ( their own )
I can only detect that when I try to decrypt the file, ( which
obviously would fail )
If they can hack your server, they could likely just take the
unencrypted data and send it to themselves. I expect that that
would be much easier than sending *you* data with encrypted to
them, and hoping to grab the e-mail in flight.
However, to answer the question you actually asked...
You don't say if you're using PGP or GPG. With my version of
PGP, when I go to decrypt, it shows what keys it's encrypted to.
You could do that much, and then not type in a password. Even
though the fingerprint isn't displayed, it will tell you if it's
not encrypted to a key you can decrypt.
... building on that just a bit, Why even try to decode at all?
There is a program "PGPDump.exe" that will dump a short summary of the
packets in the encoded file. Included in that dump is the 64-bit Keyid
of the key(s) it was encrypted to. You can simply do a "grep" or
"find" for this key. In other words, write a batch file that simply
does the following:

pgpdump file.pgp | find "1A2B3C4D5E6F7081"

and if a line is printed, it is encrypted to your key.

<http://www.ysnb.net/kit/software.html#pgpdump>

-- John
Neil W Rickert
2008-10-24 20:09:56 UTC
Permalink
Post by emic
But suppose somebody hacks my account, and replaces the public key for
another public key ( their own )
I can only detect that when I try to decrypt the file, ( which
obviously would fail )
Is there a way to detect that immediately ? (maybe in plaintext in the
encrypted file the public keyowner )
If I am understanding the problem, then the easy fix is to "Sign
and Encrypt" the key (as a single PGP/GnuPG operation), using the
same main key. You should then find out immediately if there is
a problem.
John Wunderlich
2008-10-24 21:27:13 UTC
Permalink
Post by Neil W Rickert
Post by emic
But suppose somebody hacks my account, and replaces the public
key for another public key ( their own )
I can only detect that when I try to decrypt the file, ( which
obviously would fail )
Is there a way to detect that immediately ? (maybe in plaintext
in the encrypted file the public keyowner )
If I am understanding the problem, then the easy fix is to "Sign
and Encrypt" the key (as a single PGP/GnuPG operation), using the
same main key. You should then find out immediately if there is
a problem.
As I understand the problem, he wants to verify that the received email
has been encrypted to his personal key without actually inserting his
passphrase and decrypting the email. Your approach would require that
the automated server (which he is worried about being hacked) would
sign the email. This would require an in-the-clear passphrase to exist
on the server. Also, since the signing is done before the encrypting,
he would have to decrypt the message at his end in order to verify the
signature -- which he states he wants to avoid.

Much simpler would be to run "pgpdump" on the received encoded message
and search for his key-id in the output. No decoding or passphrase
insertion required.

-- John

Loading...