SkillAgentSearch skills...

Dkgpg

Distributed Privacy Guard (DKGPG) implements Distributed Key Generation (DKG) and Threshold Cryptography for OpenPGP

GenerateConvertImprove

Install / Use

/learn @HeikoStamer/Dkgpg
About this skill

Quality Score

0/100

Supported Platforms

Universal

README

Copyright (C) 2017, 2018, 2019, 2020 Heiko Stamer HeikoStamer@gmx.net Permission is granted to copy, distribute and/or modify this document under the terms of the GNU Free Documentation License, Version 1.3 or any later version published by the Free Software Foundation; with no Invariant Sections, no Front-Cover Texts, and no Back-Cover Texts. A copy of the license is included in the section entitled "APPENDIX: GNU Free Documentation License".

Introduction

Distributed Privacy Guard (DKGPG) implements Distributed Key Generation (DKG) and Threshold Cryptography for OpenPGP. The generated public keys are compatible with the standard and thus can be used by any RFC4880-compliant application (e.g. GnuPG). The main purposes of this software are distributing power among multiple parties, eliminating single points of failure, and increasing the difficulty of side-channel attacks on private key material.

Using well-established multi-party protocols a shared private key and a common public key (DSA/ElGamal) are generated. Then further interactive protocols perform the private operations like decryption of messages and signing of files or keys, provided that a previously defined threshold of parties/devices take part in the distributed computation. For completeness DKGPG contains programs for public-key encryption and signature verification.

The security is based on the well-established cryptographic assumption that computing discrete logarithms in large prime order subgroups of Z_p (finite field) is hard. The current implementation is still experimental and should NOT be used for production, because it has been not yet reviewed by an independend third party. Some details about design criteria can be found in these presentation slides: http://www.nongnu.org/libtmcg/dg81_slides.pdf

DKGPG is 'Free Software' according to the definition of the Free Software Foundation. The source code is released under the GNU General Public License.

Overview

Distributed Privacy Guard consists of a bunch of command-line programs: The program dkg-generate provides an implementation of distributed key share generation for DSA/DSS and the ElGamal cryptosystem. The generation and the refresh (the latter is done by a separated program called dkg-refresh) needs a lot of strong quality randomness (see e.g. D. Eastlake, J. Schiller, and S. Crocker: Randomness Requirements for Security, Network Working Group, Request for Comments: 4086, June 2005) obtained by DKGPG from the GNU Crypto Library (libgcrypt), that means, the execution will slow down or even fail on systems (e.g. headless servers) if only low entropy sources for /dev/random (i.e. the source of strong randomness for libgcrypt) are available. The random number generation, input/output operations, arithmetic functions, OpenPGP support, and some high-level protocols are provided by another library of the author, i.e., Toolbox for Mental Card Games (LibTMCG). If this LibTMCG is built with optional support of Botan (another C++ crypto library), then the aquired random numbers incorporate randomness from Botan::AutoSeeded_RNG as an additional source to rely not only on libgcrypt's RNG implementation.

Due to the interactiveness of the protocols a lot of messages resp. data have to be exchanged between participating parties in a secure way. We employ GNUnet, and in particular its mesh routed CADET service, to establish private point-to-point and separated broadcast channels for this message exchange. A so-called reliable broadcast protocol (RBC) from LibTMCG is used as a weak mechanism to achieve some validity, consistency, and totality in a most likely asynchronous communication environment. However, there are limitations (termination is not guaranteed) and predefined timeout values. Timing problems may be recognized by looking for error messages with prefix "RBC" on STDERR output of the interactive programs. In such cases the predefined timeout value (default: five minutes) can be adjusted by using option "-W".

The program dkg-encrypt encrypts a text message for a given public key in OpenPGP format. It uses AES256 as fixed symmetric cipher and most of the public-key algorithms defined by OpenPGP, even AEAD algorithms from draft RFC 4880bis, if they are supported by libgcrypt. Of course, a similar result can be achieved by any OpenPGP-compatible implementation --- the program is only included for completeness. Conversely, a corresponding threshold decryption protocol (see Ronald Cramer, Rosario Gennaro, and Berry Schoenmakers: A Secure and Optimally Efficient Multi-Authority Election Scheme, Advances in Cryptology – EUROCRYPT ’97, LNCS 1233, pp. 103–118, 1997) has been implemented by the program dkg-decrypt. It provides an interactive version and a non-interactive version for computing, verifying, and combining the required decryption shares from participating players. Finally, if everything is sane, it outputs the decrypted message. The included OpenPGP signatures can be verified by using the option "-k" with a keyring that contains the required public keys.

Since version 1.0.8 most DKGPG programs support a new option "-y" that turns them into a regular OpenPGP implementation operating with any transferable private key (ASCII-armored format). For example, this option is available for dkg-generate, dkg-decrypt, dkg-sign, dkg-keysign, and dkg-timestamp.

The programs dkg-keycheck and dkg-keyinfo print some basic information for a given OpenPGP public and private key, respectively. However, there is another special use case for DKGPG: The option "-m" of dkg-keyinfo migrates a changed peer identity, if the new name meets some requirements. Note that only the name of the peer is migrated, other parts of the private key material are not changed.

The private key shares of all active parties should be changed regularly by program dkg-refresh. Each player who does not join this refresh process is excluded from any further operation with the shared private key.

The program dkg-sign creates a detached signature on a binary or a text file, if a sufficient threshold of the parties work together in the interactive signing protocol. Such a detached signature can be verified with any OpenPGP- compatible software or the included programm dkg-verify. Thus DKGPG solves the problem of distributed code-signing without secret key splitting (e.g. libgfshare) and laborious reconstruction ceremonies (e.g. as used for DNSSEC root signing key). The program dkg-keysign generates certification signatures in a similar manner for each selected and valid user ID of a given public key. User attributes are not supported yet. With the program dkg-adduid an additional user ID can be created and with dkg-revuid a present user ID can be revoked. The program dkg-addrevoker creates a direct-key signature which specifies an external key (given by option "-i") that can act as an additional revoker. Last but not least, the program dkg-revoke generates corresponding revocation signatures (also known as revocation certificates) for the key.

Please consult the manual pages for detailed information on usage and options.

Note that for building GNUnet support of dkg-generate, dkg-adduid, dkg-revuid, dkg-refresh, dkg-sign, dkg-keysign, dkg-timestamp, dkg-addrevoker, dkg-revoke, and the interactive version of dkg-decrypt the development files and a working environment of a very recent version (at least 0.11.x series) must be present.

However, as simple workaround for systems without GNUnet a TCP/IP-based mechanism for message exchange is included (option "-H <hostname>") in each program that needs network interaction. To keep confidentiality and integrity of the established point-to-point channels some mutually chosen and (manually) distributed passwords (option "-P <password list>") are required. The format of such a password list is explained in the corresponding manual pages. Moreover, with torsocks and some obvious port forwarding rules for a hidden service (see manual page of dkg-generarte for the details) this mechanism allows running the interactive DKGPG programs over Tor.

Requirements

You need the following programs, libraries and appropriate header files to build (GNU gcc/g++ >= 5.4.x or higher is recommended) DKGPG successfully:

  • Toolbox for Mental Card Games (LibTMCG), version >= 1.4.0 https://savannah.nongnu.org/projects/libtmcg
  • GNU Multiple Precision Arithmetic Library (libgmp), version >= 6.1.2, https://gmplib.org/
  • GNU Crypto Library (libgcrypt), version >= 1.8.0, https://gnupg.org/download/index.html
  • GNU Privacy Guard Error Code Library (libgpg-error), version >= 1.27, https://gnupg.org/download/index.html
  • zlib Compression Library (libz), version >= 1.2.3 https://zlib.net/
  • [OPTIONAL] Library for data compression (libbzip2), version >= 1.0.6, http://www.bzip.org/
  • [OPTIONAL] GNUnet, version >= 0.11.7 https://gnunet.org/

The DKGPG package was tested (++ successful, -- erroneous) on the following platforms with the given compilers, respectively:

++ GNU/Linux (Gentoo Linux) x86_64 gcc 10.2.0 (details omitted) ++ GNU/Linux (Gentoo Linux) x86_64 clang 11.0.0 (details omitted) ++ GNU/Linux (Debian Linux) x86_64 gcc 8.3.0 (details omitted) ++ GNU/Linux (Trisquel Linux) x86_64 gcc 4.8.4 (details omitted) ++ OpenBSD 6.5 amd64 gcc 4.2.1 (details omitted) ++ FreeBSD 12.1 amd64 clang 8.0.1 (details omitted)

Build & Install

You should proceed by executing the following magic commands:

1. ./configure
2. make
3. make install

Bugs, Contribution, GIT

Please send detailed bug repo

HeikoStamer

View profile

View on GitHub
GitHub Stars21
CategoryDevelopment
Updated2y ago
Forks3
HeikoStamer/dkgpg

Languages

C++

Security Score

80/100

Audited on Mar 10, 2024

No findings