# General Discussion: Pubkeys for websites with authentication



## Phishfry (Aug 6, 2018)

So all the talk seems to be around Two-Factor for securing your web credentials. Since I shun modern phone I have no email/txt on phone.
So I never used it. Now that I have seen the power of public-private keys.
Why doesn't my bank use them or Ebay and other large institutions where identity trust is essential?

What about cloud hosts.
My instance is secure but they have a 'Web Control Panel' with serial console. No key there, password only.
Do any cloud hosts offer pubkey for 'Control Panel' authentication too?


----------



## Phishfry (Aug 7, 2018)

I was noticing the recent security advisory is signed with a PGP key using GnuPG. Is this used very widely?

So that is another form of key exchange. Trying to learn all the key schemes we use.

ssh uses its own keys and key directory <
ssl uses its own keys and key directory << this is how my email now authenticates as well as web browser.
pkg uses its own keys. <<I beleive these are know as fingerprints in pkg parlance.
pgp uses its own keys<
WPA2-EAP uses radius server for keys. <
wpa_supplicant uses keys.

What else am I missing?
I now see why keychain programs exist


----------



## Phishfry (Aug 7, 2018)

Can I use keys to replace WPA2 passphrase or better, augment with keys and WPA2 passphrase.
WPA Enterprise seems to unwieldy compared to ssh keys.


----------



## rigoletto@ (Aug 7, 2018)

Phishfry said:


> So all the talk seems to be around Two-Factor for securing your web credentials. Since I shun modern phone I have no email/txt on phone.



You can use security/keepassxc for that.


----------



## sko (Aug 7, 2018)

Phishfry said:


> I was noticing the recent security advisory is signed with a PGP key using GnuPG. Is this used very widely?


Unfortunately not very much companies especially outside of the IT market properly implemented PGP/GPG for email. At least signing is properly understood nowadays (no more "your email couldn't be read, it had some weird stuff at the end") and some even sign their outgoing mail.
Our hosting provider fully supports and uses GPG for all email contact; so billing and support mails are all encrypted once you provided them with your public key (i.e. you've sent them a signed mail with the public key being properly published on keyservers so it can be verified).



Phishfry said:


> ssh uses its own keys and key directory <


GPG keys can be used for SSH; just run the gpg-agent with `--enable-ssh-support`



Phishfry said:


> ssl uses its own keys and key directory << this is how my email now authenticates as well as web browser.



SSL/TLS is *NOT* authentication! It is only securing the transport channel, as the name TLS (Transport Layer Security) clearly indicates. If you refer to X.509 certificates - they are part of a private/public key infrastructure (relatively) similar but incompatible to GPG/PGP. However, almost all IMAP/POP and SMTP servers can use various backends for user authentication. E.g. postfix can even just run some script that returns some boolean value to authenticate users; so using GPG for authentication at the mailserver should also be possible.
IIRC radius can support GPG for authentication too, so might also be a viable option especially within a network with multiple services that require authentication/authorization.
SASL can also be used with/by a multitude of backends, so regarding mailservers "everything is possible"™ nowadays 



Phishfry said:


> pkg uses its own keys. <<I beleive these are know as fingerprints in pkg parlance.


These are also not for authentication but only for signing and verifying the packages. This can be done by just providing and verifying a checksum or by signing the file(s) with the private part of a keypair (e.g. GPG).
Signing is basically just encrypting a file with only a private key - the file can be only decrypted by the public key if it hasn't been tampered with, so it is guaranteed the file a) comes from the person that holds the private key and b) hasn't been modified in transit.



Phishfry said:


> WPA2-EAP uses radius server for keys. <


IEEE802.11i specifies a protocol/mechanism for authentication directly with GPG keys. Although most plastic-routers and consumer-APs surely won't support that - they usually lack every authentication method except PSK or at best they have (usually very crippled) support for radius or some "wpa-enterprise" variation...



I'm using GPG-keys on a yubikey for encryption, signing and authentication. My passwords are managed by sysutils/password-store, which is basically a wrapper around GPG and git, so it uses the GPG-keys on my yubikey for de/encrypting the files and for ssh-login to my private git server where I store the password repository (additionally to storing it on my private keybase storage).
The firefox plugin is a bit quirky to set up (well, it's written in python... ), but it works reasonably well once it's set up manually.

2FA would/should be possible with the yubikey directly, but I've never managed to get it working reliably on all my systems. I also haven't tried the TOTP plugin for password-store yet; I still use a minimalistic 2FA app on my phone for that.
Main reason for my lack of enthusiasm to try getting other variants to work: the percentage of sites/services that actually support 2FA is _very_ low. Also the services you'd *really* want to be secured by stronger authentication usually have by far the worst security standards - banks often haven't even heard about 2FA and force you to use insecure passwords by arbitrarily limiting them to only alphanumeric characters and a very short password length (often as low as 5 characters!!).

Same goes for GPG encrypted email - even phone companies still send invoices (some even with detailed history containing all called phone numbers!) via unencypted email.

My general impression: The older a company, the more antique is their view on security (even if they are "tech/IT" companies!) and the more horrifying are their security standards and also their statements if you ask them about it. (Including the often occuring bullsh*t about "we don't need SSL/TLS for the web portal, we store the passwords very secure on our server")


----------



## Phishfry (Aug 15, 2018)

sko said:


> GPG keys can be used for SSH; just run the gpg-agent with  --enable-ssh-support


I Iike this idea. Off the beaten path.



sko said:


> GPG-keys on my yubikey


Thank you for bringing this facet up.
I maintain a families computers and the guy is a local bank VP and uses an RSA USB fob to deal with Wells Fargo to clear loans.
So let me ask you a question that is bugging me. How can RSA still be in the trust game?
Wells still uses them.


----------



## kpa (Aug 15, 2018)

Phishfry said:


> I Iike this idea. Off the beaten path.
> 
> 
> Thank you for bringing this facet up.
> ...



So far no one, and I emphasize no one with good enough credentials has come up with a feasable attack against the RSA algorithm. It's still rock solid and unbreakable in practice if large enough keys (>=2048 bits) are used. In fact to get the best security out of SSH at the moment with public keys you should use RSA 4096bit keys.

There might be dodgy implementations of RSA around but those are not a proof of any kind that RSA in general should be treated with suspicion.


----------



## sko (Aug 20, 2018)

As kpa already pointed out: There is no feasible attack known against large enough RSA keys (i.e. >=2048bit) that can be carried out in a reasonable amount of time even with insane amounts of computing power.

I generated a master key which is kept completely offline and airgapped and is only used to generate and sign separate subkeys for encryption, signing and login, which all have a lifespan of only 1 year.
This way a) any attack needs to re-generate a colliding key within this time and b) I can increase the keysize for the next subkeys if it is to believe that with the current/near future hardware and a (yet to be discovered) working attack a colliding key can be created in a reasonable time (i.e. <1 year).


----------



## Phishfry (Aug 20, 2018)

After this I was digging around some more and I see what you mean about SSL. TLS does the encryption and it uses RSA.
I have to trust others opinions here. I am clueless.


----------

