PGP Key Distribution via DNSSEC: OPENPGPKEY

What is the biggest problem of PGP? The key distribution. This is well-known and not new at all. What is new is the OPENPGPKEY DNS resource record that delivers PGP public keys for mail addresses. If signed and verified with DNSSEC a mail sender can get the correct public key for his recipient. This solves both key distribution problems: 1) the delivery of the public key and 2) the authenticity of the key itself, i.e., that you’re using the correct key to encrypt a mail.

The “DNS-Based Authentication of Named Entities (DANE) Bindings for OpenPGP” is specified in the experimental RFC 7929. Let’s have a look on how you can add your public key into the zone file of your DNS server.

This blogpost is part of a series about DNSSEC. Refer to this list for all articles.

The OPENPGPKEY Resource Record

The resource record stores the complete public key in the DNS zone file. Since common PGP keys are 2048 or even 4096 bits long, the resulting DNS answer is very big in size. This may result in DDoS amplification attacks. Hence the RFC states that “applications SHOULD use TCP — not UDP — to perform queries for the OPENPGPKEY resource record”. (Since amplification attacks are not possible with TCP due to its three-way handshake.) The mail address itself is stored as a SHA-256 hash, cut after 28 octets (56 characters), from the local-part of the address, i.e., the name before the @ sign.

Concerning the security the RFC states that “DNSSEC is not an alternative for the “web of trust” or for manual fingerprint verification by users. DANE for OpenPGP, as specified in this document, is a solution aimed to ease obtaining someone’s public key”. ;( This might be related to the fact that DNSSEC validating DNS servers are not running at a personal computer or even the mail software itself, but on a central (ISP) DNS server. Hence the absolute trust in the authenticity of the key cannot be guaranteed. Furthermore, currently (2017) no mail plugins support OPENPGPKEY in an easy manner. However, since I am generally interested in security features I gave it a try.

Generation of the OPENPGPKEY RR

Similar to DANE records for TLSA, Shumon Huque as an online tool for generating the appropriate OPENPGPKEY resource records. Simply paste in your mail address and your public key and you’re done. For my test mail address johannes@weberdns.de (NOT my real mail address!) this looks like the following:

Note that the name of the resource record comes from the SHA-256 hash of “johannes”, the local-part of the mail address. Verified with standard Linux commands you can see that the hash is correct, but cut after 28 octets = 56 chars. (Note the “-n” option to not output a newline since this would change the hash.):

 

Schlüssel I” by Susanne Winter is licensed under CC BY-SA 2.0

Another method for generating the resource record is the openpgpkey tool out of the hash-slinger package. Note: If you are using a hash-slinger version installed via apt-get install hash-slinger on a Ubuntu machine, you will probably use an outdated version such as version 2.6. This encodes the mail address with SHA-224 and not SHA-256. You must use at least version 2.7 to get correct resource records out of it ( git clone https://github.com/letoams/hash-slinger.git , cd hash-slinger/ , ./openpgpkey --version ). When your public key resides on the same machine, the generation happens as follows:

 

Check It

Now you can use dig or any other DNS tool to query the name. Again, note that you need the hashed version of your name, cut after 56 chars, plus the “_openpgpkey” keyword such as the following for “johannes”:

Here is an example. Note the “ad” flag in line 7 which shows that the answer is verified by DNSSEC. And, of course, the resulting output is quite long, not only for the RRSIG (as always) but even longer for the OPENPGPKEY itself:

And this was just a 2048 bit PGP key. ;) I have another one with 4096 bit for the test mail address ludwig@weberdns.de which looks like this:

 

If you’re searching for an online tool you can use openpgpkey.info. After entering a valid mail address you’ll get its public PGP key:

Conclusion

It seems to be a nice feature for solving the key distribution problem for OpenPGP. At least for delivering the keys though not fully trustworthy in its authenticity. However, as long as no big player mail programs will support the OPENPGPKEY record, PGP will still only be used from a few individuals.

(I am using the Enigma plugin for roundcube webmail. I have added a feature request for it. If someone has coding skills and some free time … ;))

Links

Some German articles covering OPENPGPKEY:

Featured image “Der letzte macht das Licht aus 359/365” by Dennis Skley is licensed under CC BY-ND 2.0.

4 thoughts on “PGP Key Distribution via DNSSEC: OPENPGPKEY

  1. Just want to note that you don’t need to use extra software or a special website to generate the DNS record, if you already use GnuPG (GPG) on you computer.
    All you need to do is to run gpg2 --export-options export-dane --export and the output will be the DNS record.
    However, you might need to replace “TYPE61 \# 894” with “OPENPGPKEY” since GPG’s implementation was written when the RR-type didn’t exist yet. ;-)

  2. Thank you for this post! It was the only resource I could find on the internet to help complete one of my school’s programming assignments. You provided some very clear and concise background on how the entire process worked.

Leave a Reply

Your email address will not be published. Required fields are marked *