Key server (cryptographic)

From Wikipedia, the free encyclopedia

Cryptography Portal

In computer security, a key server is a computer — typically running special software — which provides cryptographic keys to users or other programs. The users' programs can be working on the same network as the key server or on another networked computer.

The keys distributed by the key server are almost always provided as part of a cryptographically-protected identity certificate containing not only the key but also 'entity' information about the owner of the key. The certificate is usually in a standard format, such as the OpenPGP public key format, the X.509 certificate format, or the PKCS format. Further, the key is almost always a public key for use with an asymmetric key encryption algorithm.

1 History
2 Public versus private keyservers
3 Privacy concerns
4 Weaken security
5 Key server etiquette
6 References
7 External links

[edit] History

Key servers were developed as a result of the invention of public key cryptography. In public key cryptography an individual is able to generate a key pair which included two related keys. One of the keys in the pair is meant to be kept private while the other is meant to be distributed. Public key cryptosystems are designed in a way such that the distribution of the public key of the key pair should not significantly weaken the security provided by encryption with the key pair. If an individual has the public key of a keypair, they are able to use that key to initiate secret communications with the holder of the matching secret key. The need to have the public key of a key pair in possession in order to start communication or verify signatures is a bootstrapping problem. Locating keys on the web or writing to the individual asking them to transmit their public keys can be time consuming. Key servers act as central repositories to alleviate the need to individually transmit public keys.

The first web-based PGP keyserver was written for a thesis by Marc Horowitz, while he was studying at MIT. Horowitz' keyserver was called the HKP Keyserver after a web-based protocol it used to allow people to interact with the keyserver. Users were able to upload, download, and search keys either through the HTTP-based HKP protocol on port 11371, or through web pages which ran CGI scripts. Before the creation of the HKP Keyserver, keyservers relied on email processing scripts for interaction.

[edit] Public versus private keyservers

The most important universally accessible key servers are those computers, located around the world, which store and provide OpenPGP keys over the Internet for users of that cryptosystem. In this instance, the computers can be, and are, mostly run by individuals as a pro bono service, facilitating the web of trust model PGP uses. There are also multiple proprietary public key infrastructure systems which maintain key servers for their users; only their users are likely to be aware of them at all.

[edit] Privacy concerns

For many individuals, the purpose of using cryptography is to obtain a higher level of privacy in personal interactions and relationships. It has been pointed out that allowing a public key to be uploaded in a key server when using decentralized web of trust based cryptographic systems, like PGP, may reveal a good deal of information that an individual may wish to have kept private. Since PGP relies on signatures on an individual's public key to determine the authenticity of that key, potential relationships can be revealed by analyzing the signers of a given key. In this way, models of entire social networks can be developed.

[edit] Weaken security

Uploading a key to a key server reduces the level of security that can be expected from the key. The reduction is minor, but not insignificant. Because key servers are used to distribute keys which are part of key pairs used in public key cryptography, posting one of the key pairs can allow an adversary to perform types of cryptanalysis attacks which would not have been possible without it. Primarily, it enables known plaintext analysis. But, perhaps more importantly, in the case of public key pairs which make use of the RSA algorithm, posting the public key reduces security because it provides the attacker the opportunity to perform a factorization attack on the modulus to determine its factors, p and q, which can then be used to decrypt secret messages. While one can be reasonably sure that disclosing a modulus in a key pair by posting it to a public keyserver, if the key size is sufficiently large, is safe, advances in number theory (particularly ring theory in regard to the GNFS) make it difficult to know what level of safety is provided at given key sizes. If the public key was not posted, and the attacker was unable to obtain it, he would be forced to rely on other more difficult types of cryptanalytic attacks such as those involving ciphertext analysis.

Further, uploading a key reduces security because it removes the human element from transmitting the key. If you wish to send a secure and private message to Bob, and Bob personally hands you a computer storage device containing his public key you can be much more confident that that key really does belong to Bob. If you were to download the key from a public key server without any interaction with Bob, you would not be able to be as sure. Therefore, posting a key on a public key server may make it much more likely that a fake or fraudulent key will be used in your communications and there by compromising your privacy.

[edit] Key server etiquette

Due to the potential for privacy concerns and the weakening of a key by placing it in a public keyserver, it is considered rude to upload someone else's key or an updated copy of their key to a public server without their permission, regardless of whether or not it was previously uploaded.^[1]