Distributed Key Generation (DKG) and Threshold Cryptography for OpenPGP
The Distributed Privacy Guard (DKGPG) implements Distributed Key Generation (DKG) and Threshold Cryptography for OpenPGP. The generated public keys are compatible with the standard and thus can be used by any RFC4880-compliant application (e.g. GnuPG). The main purposes of this software are distributing power among multiple parties, eliminating single points of failure, and increasing the difficulty of side-channel attacks on private key material.
DKGPG consists of a bunch of simple command-line programs. The current implementation is in experimental state and should NOT be used in production environments. Motivation, cryptographical background and some usage scenarios have been presented at 26th Krypto-Tag (GI Working Group) and Datengarten/81 (CCCB). Please consult the slides for a first overview.
Using well-established multi-party protocols a shared private key and a common public key (currently only DSA/ElGamal) is generated. Then further interactive protocols perform the private operations like decryption and signing of files, provided that a previously defined threshold of parties/devices take part in the distributed computation. Due to the interactiveness of the protocols a lot of messages between participating parties have to be exchanged in a secure way. We employ GNUnet, and in particular its mesh routed CADET service, to establish private and broadcast channels for this message exchange. However, as alternative to GNUnet a simple TCP/IP based service for message exchange is included. With torsocks and port-forwarding of a local hidden service this allows running the interactive programs over the well-known TOR network.
- Developed at security:privacy
- Sources inherited from project openSUSE:Factory
-
1
derived packages
- Download package
-
Checkout Package
osc -A https://api.opensuse.org checkout openSUSE:Leap:16.0:FactoryCandidates/dkgpg && cd $_
- Create Badge
Source Files
Filename | Size | Changed |
---|---|---|
dkgpg-1.1.0.tar.gz | 0000711331 695 KB | |
dkgpg-1.1.0.tar.gz.sig | 0000000195 195 Bytes | |
dkgpg.changes | 0000006824 6.66 KB | |
dkgpg.keyring | 0000005163 5.04 KB | |
dkgpg.spec | 0000002879 2.81 KB |
Revision 7 (latest revision is 10)
- Update to version 1.1.0: This release supports Authenticated Encryption with Associated Data (AEAD) in accordance to RFC 4880bis (draft); this can be enforced with the new added option "-a" when dkg-(d)encrypt is used. For using domain parameters, as described in RFC 7919, one should specify the new option "-r", when dkg-gencrs is used. Last, for key generation (dkg-generate) the timestamp option was added ( "--timestamping") which sets a key usage flag.
Comments 0