On 01/09/17 08:31, Andrew Gallagher wrote: > On 31/08/17 03:35, Mario Castelán Castro wrote: >> Writer and recipient have a Diffie-Hellman key over the same group and >> know each other's public key. >> >> The writer computers the shared secret per the DH algorithm > > This is the real trick though - the DH algorithm requires two-way > synchronisation in advance of sending the payload. This is easy enough > with a realtime connection, but much harder with email.
Diffie-Hellman may be used interactively, but it is not necessary. See the specification of Diffie-Hellman over an elliptic curve emplyed for *encryption* in OpenPGP as described in RFC 6637 <https://tools.ietf.org/html/rfc6637#section-8>). There is a summary of the protocol in page 8. Note how it requires no “two-way synchronization”. As described here, the sender generates an ephemeral key. If the sender uses *his* ECDH key instead of an ephemeral one then the shared secret can be used to derive the key of a MAC algorithm and used for deniable authentication. Obviously there is the requirement that the receiver knows that the key used by the sender really belongs to the sender and not an impersonator. This is a general requirement in public key cryptography also applicable for digital signatures. > And as others have pointed out, plausible deniability isn't a panacea. > It's only really useful in the case where your adversary must prove > their assertions to an independent fourth party beyond reasonable doubt. > It might keep you out of jail in a well-functioning democracy, but it > won't save you from the mafia, the CIA or Kim Jong Un. I am well aware of that. Although deniable encryption is not a panacea it is an improvement. It gives less power to the correspondent to blackmail. -- Do not eat animals; respect them as you respect people. https://duckduckgo.com/?q=how+to+(become+OR+eat)+vegan
signature.asc
Description: OpenPGP digital signature
_______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users