[messaging] Secure OpenPGP Key Pair Synchronization via IMAP (RFC)

Tankred Hase tankred at whiteout.io
Mon Apr 13 09:05:42 PDT 2015

Hi Vincent,

> the draft mentions that OpenPGP has S2K transforms to protect private
> key material, which you specifically don't use because they don't
> protect the integrity of the public key material. If we assume that the
> fingerprint is still known, all information besides the private key
> material is available in the usual append-only fashion from keyservers.
> Can you elaborate on this design decision?

Sure. We actually used standard S2K passphrase protection in an
initial draft of the IMAP sync. We could verify the integrity of the
public key packet by comparing the fingerprint to the integrity
protected private key, but this is something all user agents would
need to implement correctly when integrating the spec. This would
leave more wiggle-room for error.

The alternative here was just to encrypted the complete ascii armored
key using AES-GCM, which does the integrity check during decryption.
This way there is one thing less to keep in mind for implementors of
the spec.


Whiteout Networks GmbH c/o Werk1
Grafinger Str. 6
D-81671 München
Geschäftsführer: Oliver Gajek
RG München HRB 204479

More information about the Messaging mailing list