Discuss mailing list

[Erich Eckner <opennic AT eckner.net>]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Hi,

On Fri, 22 May 2020, Rouben wrote:

> You could do a split PGP/GPG key approach, where two people with their own
> individual Yubikeys (or similar device) need to sign the intermediate, but
> we would need to figure out how to convert these signed certs into X.509
> after the fact. I’m not sure if this is even possible, as PGP/GPG has *some*
> X.509 capabilities, I just don’t know if it supports all the extensions
> necessary for a CA intermediate.

I think, this will not work: An X.509 certificate is *one* signature (of 
the other key and metadata), while the PGP/GPG scenario, you describe, 
sounds like GPGs web of trust - which relies on *multiple* signatures (of 
the other key) to verify that key. These two concepts are not 
interchangable.

However, the math *should* be possible: Theoretically, one could create a 
combined signature in a Diffie-Hellman-like procedure. The only thing, I 
don't see, is how one would create the respective private keys, because 
they are not independent of each other and the (combined) public key.

That being said: I'm not a gpg nor openssl guru either ;-)

> Any OpenSSL/GPG/PGP gurus on here that know of a similar mechanism (split
> private key)?

I have been pondering this a little more and came to the conclusion, that 
it might really be better to have multiple such keys. This would 
additionally secure against the case, that one of them goes rogue/gets 
compromised.

Also it might be worth considering to have multiple Intermediates 
(parallel, not serial), so the acme-signing can be trivially distributed 
over multiple persons/hosts. But this is rather simple to implement, as we 
would only need to sign all those intermediates (regularly) by the root 
ca(s).

btw: How would such a per-design-centralized infrastructure (not your 
fault, Rouben, but rather X.509's fault) cooperate with the democratic and 
decentralized nature of opennic?

> Rouben

regards, Erich

P.S.: I'm currently fighting to compile step-cli and step-ca on arm to try 
it out for my personal PKI on my raspberry (so far I was using an ugly, 
hand-crafted, ssh-based, not-scalable, self-written automatic pki).

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEE3p92iMrPBP64GmxZCu7JB1Xae1oFAl7JIJMACgkQCu7JB1Xa
e1oGChAAvk5TKkGouJEOPtI6WG9M1Pw9MQrPIB46bjSUmumiWexa7wCHvjK7Va54
xfGHryshs44OmVcLM6WhD5+XUQgIOt4uyA6Smdw6ZruGhHHMzXBAOqgq3vT6UBXf
CWHSmU+POgc82TsEqGb0YwixxAO7GOFujtK7q5QVcrk1ZhzUj6VqGHCBjVYRnxe7
CxLyQ8F/hapzuLyrTNABpHVR++8mKDSOgNk+u8ikep3zybx5SebJEHUE7EQnSKpR
UK0anMp/l5jRdiTshgZvImZ/29CinwYl7gjegQtNNkuz750IJpcAI+QXupIFNT8d
6mNT+9j6nLYKpcpMNmL/Gz0HhwRnp5iLEypkWL0iUBW/W3KKsbVzahKGnaqTsz5k
4BfecHAA0BGoD1pTzlUs6t1z6F/jWp0j3DL9eiBSOQbisye45SrlMESG78nJcKDp
TWDJwCUDRyR2QPqiqrL9HZ1GeDPOw3oMAKu6zy5OPG5U63Mw7ObvxiP25RW9R4TZ
TmdGyHLnGy+e1MFlktU9KPgl6Sdsg88kT8gS5JPBtRrm5eFnpCmMI1dU+oigrCY9
uwT9i39ndUHuRqnXSX5YKJjTNM/8hREhQwT1Jt8iA4yeBEcKMCU1tnhetp5+anwe
rud8N8HTz0TzsF3Vh/0MhuYuPiH92VT7KCd2E2yi3oHOPJ9h/qs=
=z9+P
-----END PGP SIGNATURE-----