

Study with the several resources on Docsity
Earn points by helping other students or get them with a premium plan
Prepare for your exams
Study with the several resources on Docsity
Earn points to download
Earn points by helping other students or get them with a premium plan
The development of a facebook application acting as a pgp/gpg key server. The authors detail the limitations of existing key servers and their solution, which includes using facebook to establish marginal validity and key management. Prior work, progress, and milestones.
Typology: Study Guides, Projects, Research
1 / 2
This page cannot be seen from the preview
Don't miss anything!


In our initial proposal we detailed a system for verifying someone you have been chatting with using a PGP enabled facebook application. While Devin has been working on a Pidgin plugin to complete the chat component of this project, I have been working on building a facebook application to store and verify public keys. We have decided to expand our initial proposal and attempt to create a facebook application that acts as a PGP/GPG key server.
Existing PGP/GPG key servers, like http://pgp.mit.edu/, have several limitations. First of all, they only act as an aggregator for public keys and provide no way for a PGP/GPG user to verify that a public key stored on the key server is valid. This operation is usually accomplished via out of band communication. Furthermore, existing key servers will serve up private information such as email addresses to anyone who requests the public key associated with a name or email address. Finally, one of the most popular key servers does not support public keys that include an identifying image. The extraction and display of images included with public keys is an important part of our project and is functionality that we must include in our facebook keyserver.
GPG provides no API for developers to use programatically, all of the GPG functionality is accessed via the Unix command line. The Crypt GPG extension for PHP circumvents this problem by creating an API wrapper on top of the command line GPG functions that provides an interface for PHP developers to use. This extension does not yet provide the ability to extract the image stored in a public key so this functionality must be added.
We have a facebook application that provides the most basic key server functionality, namely storing keys! A facebook user that adds our application can store their public key with our application and inspect the details associated with it. At this point we have made the design decision that a facebook account should only have one public key associated with it. This makes key management simple since key revocation and updating can be done on a per-facebook-account basis, but we may have to revisit this decision if we find that our application wish to associate several keys with their account.
We intend to present a user that wishes to validate a public key with an interface that will allow them to validate a key using the facebook web of trust. This will be accomplished by presenting the user with the image associated with the public key under scrutiny as well as a number of photos selected from the photos tagged by the facebook friends of the public key’s owner.
We intend to allow users to sign the public keys of other users of our application. This can be accomplished by allowing application users to push pubic keys with new signatures to our application. Furthermore, facebook allows us to perform actions such as presenting the newly signed public key to its owner before pushing it to the key server.
We can also allow users to easily revoke/manage their own keys or view their current web of trust using the facebook web interface. The facebook interface can also allow us to push notifications concerning keys in their web of trust to our application users.