[Freedombox-discuss] Follow up to the FreedomBox 'bump/hi-five' challenge

Stefano Maffulli stefano at maffulli.net
Thu Jun 23 18:46:48 UTC 2011 

Hello folks,

Following up on the discussion started on FreedomBox discuss mailing
list with some more details on how to implement this piece of the Box
(@coiax on irc started calling it ManusVexo).

The problem to solve is how two humans make the initial exchange of
credentials required to establish a relationship between their
respective freedombox installations.

One possible way to do this is to enable two users, Jane and Ken, to
exchange their private information (vcard, GPG fingerprints of their
keys) scanning a QRcode when they meet in person with their mobile
devices. The updated status of 'we met, we have noted each other's
identity, we like each other' can be then transmitted back from the
phone to their respective FreedomBoxes, securing future communication
between Jane and Ken.  

Since it's not advisable to keep a key that can sign other keys on the
phone, one use case that emerged from various discussions on irc and in
real life is the following:

        Jane and Ken run the same app with screen showing a QR code with
        their respective vcards, including the PGP key ID+fingerprint.
        They get their phones close, activate their camera and, in turn,
        scan the other's QR code. After the scan, the app shows the data
        in a human-readable format for confirmation: if confirmed, the
        data goes into the addressbook. Once Jane goes home and connects
        the phone to the FreedomBox in a secure manner (private network?
        cable?), the FreedomBox software greets Jane with a message
        asking her if she wants to sign Ken's PGP key. If she confirms
        it, the key is retrieved from a keyserver and signed with Jane's
        secret key, the new signature is sent to Ken.

Using bluetooth or some other form of wireless communication doesn't
guarantee from snooping or spoofing, so we better stick to QRcode.
QRCode also has other advantages: it works if the phones are offline,
can be printed on business cards, too (not both parties need to have a
phone), it forces users to be mindful (scan, see the data on your
screen; instead of 'push a button, something magic happens on the radio
waves'). 

It appears that there are some free software pieces that can be reused.
There is an OpenPGP implementation for Android called Android Privacy
Guard (APG) http://thialfihar.org/projects/apg/.  The project is
integrated with the K-9 email client and seems already usable.  Between
AGP planned features  there are some of the things that FreedomBox
ManusVexo is tackling, too: key server support, implement some trust
model, allowing to sign keys easily, preferably across devices in some
way and link contacts and public keys.

Other interesting facts learned:  http://en.wikipedia.org/wiki/QR_code
QR codes cannot handle a full OpenPGP key and all its certificates since
it only handle 2953 bytes of 8-bit binary data.

Monkeysign currently displays a qrcode representing your PGP fingerprint
and it also tries to read the other's fingerprint. The piece that
manages the key signature protocol is missing. Monkeysign assumes
internet access as it downloads the key, so the web of trust should just
propagate through that.  The monkeysign's git repository
git://git.monkeysphere.info/monkeysign holds the python code. I believe
this can be expanded to cover the use case for laptops and other
GNU/Linux based mobile devices (Meego comes to mind).

If there are no major objections to this basic layout I'll add this
information to a wiki page and keep the discussion there.

cheers,
stef

More information about the Freedombox-discuss mailing list