-
Notifications
You must be signed in to change notification settings - Fork 22
Documentation: Security Model
- A Short Introduction to PGP
- Asymmetric Encryption
- Web of Trust
- RetroShare and PGP
- Local Encryption
- Spying on RetroShare Communications
Since RetroShare makes heavy use of PGP, we want to make a (very) short introduction to asymmetric encryption here. If you know about PGP already, you can skip this chapter.
PGP uses asymmetric encryption.
This means, that every participant creates a public key and a corresponding private key. The public key is spread to all friends and allows them to encrypt messages for you. If a message is encrypted with a public key, only persons with the private key can decrypt this message. The only person who has the private key belonging to your public key is you, so only you can read the message.
This is the idea behind asymmetric encryption.
You can use asymmetric encryption to ensure the authenticity of messages, which is called signing.
In fact, you can compare it to a handmade signature in real life, as only you with your private key are able to create it. Anyone who has the public key can check the signature.
A basic problem is the initial exchange of keys between two friends: if Alice and Bob want to use asymmetric encryption, they will have to send the public key to each other's public key first. A malicious third party can intercept this exchange - this is called the Man-In-The-Middle-Attack.
To prevent such attacks, PGP allows users to sign other keys.
If you transferred the key manually or you checked it via a safe channel like telephone, you should sign your friends key. The more signatures a key has, the more you can be sure that it is the actual key and not a key created by an attacker.
This whole process of signing other keys is called the Web of Trust. RetroShare does not differ between signed keys and unsigned keys, all friends are treated equal. That's all we need to know to use RetroShare. If you are interested in details, you can read the wikipedia articles Public-Key-Cryptography and Web of Trust.
RetroShare uses PGP certificates to authenticate your friends. A RetroShare certificate looks like this:
Af8AZXVbxsBNBFBq+SABCADfBXgKPDeC4Q6gnOaywnx9XTRcdQQYGvbWAOcygGDx
P7UC9FJ2v8LxtXd6QOjxsexXjGCrey78pPxDgm+iRCG0FGBeLpGBTouamvwQ7uUz
hLY8IGyjy4oDxwXgvVF/0x0WBi1i/haYJi8qXk9/Ll9cDXTSBKfqH2ACFzWum4mt
7klubMhsL80QZVeAeaeI2r6zbgYqaw7Xc1kNhYQDbfUU2m1urzaJ9gOT+MzVi97h
ukjUrE9SuIfrEoqIyL67sflfQyBwYEJm+X2N7pW4CwcnJWsHPI+Fe4POLgrH17bM
dZkIFdN5EJl/1MT3FYLj/zx5c4Fgocmhi3s1xUWz5mbJABEBAAHNJ3Rlc3QxIChH
ZW5lcmF0ZWQgYnkgUmV0cm9TaGFyZSkgPHRlc3QxPsLAXwQTAQIAEwUCUGr5IAkQ
4XzDoqr5prgCGQEAAJ7HCADeRHF2AIUpT0w9/W6+r3e8HiCHaXNsFMcUgrarWl7h
MS0HfmLgVtaku2q17zcj+yS6QbDBGP2j/3+/OpJyQ19ZTBnvhEE3pbUm8Aoe4ZjI
jZofcyGA8fR9ICsCVXGqZE7IiNLuklNcwzIbpWt4+tmgQDO5x9D27ch2QEYisbT9
WZHAxfgW4QPzdKTJiqLxW3xIJqI/tP/y6XByOX/NR57HTXSYcCwE2JTDfuaO2Ki8
RROqu8XXQj/0xPf8QI8osxl2rH3LRx/c2CooPIQIcX64vqaVaol4P7FnTC7czUq+
xdlS/d9gBPkqsbl0j16P56wBmu02NfEBQlxEgwAXiJHKAgZP0FxzBP4DBsCoAncE
/gQABgh0ZXN0MWxvYwUQCCw1pLwJuX1PTasINX94pQ==
Content of the certificate:
- The first part of the certificate is simply a PGP public key.
- The second part contains specific extra information needed by RetroShare.
- The certificate must contain the SSLID and the LOCATION, to make your friends able to find and connect to your installation.
- The internal/external IP and the (DYN)DNS-address are optional because RetroShare can exchange this information with your friend on your first connection.
- The external IP is only helpful, if it is still valid. In most cases (home setup), the external IP change every 24h (according the ISPs), but this doesn't matter, as RetroShare can figure this out by itself by using the DHT or the Discovery system. If you export your key to a *.rsc file, you can email it, put it on an USB-stick etc. without getting bothered by encoding issues.
RetroShare has some config data, where e.g. the friend list, the forum posts etc. are saved on your harddisk. RetroShare encrypts all his config data saved onto your computer with your public key.
If RetroShare is not running, someone with physical access (like family members, room mates, the police on a house search, etc.) can get a copy of your encrypted private key and try to decrypt your config data.
Your private key is encrypted with a password to prevent attackers from getting access to it from your hard drive, so use a strong password to protect it.
RetroShare makes it very hard for an outside attacker to read the data (chat, files, forums) you and your friend are sharing with each other.
The only attacks known to work on the RetroShare network, from most to least likely, are as follows:
- If your computer is infected with spyware. If your computer is infected with spyware, the attacker could intercept all data (e.g keystrokes with a keylogger) before it is encrypted and leaves your PC. This is a possible attack on every encryption program, not only on RetroShare. Prevent this by installing your operating system's security updates, avoiding dubious sites, not downloading files from untrusted sources, and running antivirus software.
- If RetroShare has a bug in the encryption algorithms. As RetroShare uses the OpenSSL library (industry standard and often reviewed code) for encryption, this is possible, but not likely.
- If you are using a forged certificate. If someone forges a contact's certificate you may be vulnerable to a Man-In-The-Middle-Attack. To prevent this you can verify with your contacts (on the phone, in person, through a pre-established secure channel) that the key they sent you is the same as the one you received. If you connect to a forged certificate, the attacker will be able to decrypt and modify all of your communications. You only need to verify the authenticity of each certificate once.
- If the cryptographic primitives are broken. This is extremely unlikely, as even the NSA uses AES for top secret documents. RSA encryption with 2048 bits is unlikely to be broken any time soon.
This page is part of RetroShare Documentation
Permission is granted to copy, distribute and/or modify this document under the terms of the GNU General Public License as published by the Free Software Foundation; either version 2 of the License, or (at your option) any later version.