OPSV: Open PGP Signature Verification

Date

Tags
#project #cryptography

Introduction to OPSV

I'd like to introduce a new project of mine named Open PGP Signature Verification or OPSV, a FOSS solution for easy PGP signature verification. I have copy-pasted the README from the Codeberg repo below and added a "Why make this project?" section containing opinions.

About

This project uses openpgp.js loaded in the browser, meaning all processing is done on the device itself and no data is ever sent to the server. It supports loading public keys directly through:

  1. plaintext input
  2. web key directory (WKD)
  3. HTTP Keyserver Protocol (HKP).

OPSV will always use the first input method it detects in the order described above.

It's also possible to not provide a public key. Read more about this in the Using no public key at all section below.

Usage

Visit https://opsv.foss.guru/. On this website, you can enter a signed message (see example below) and any of the three supported public key inputs to verify that the owner of that public key was indeed the person to have signed that message.

Example

Let's say I, Yarmo, would really like the world to know that I like pineapple. Using my private key, I've signed that statement so you can verify I wrote that message.

The signed statement:

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

I like pineapple.
-----BEGIN PGP SIGNATURE-----

iQJDBAEBCAAtFiEEog/Pt4tEmnyVrrtlNzZ/SvQIetEFAl70mVUPHHlhcm1vQHlh
cm1vLmV1AAoJEDc2f0r0CHrRQXIP/08uza9zOtmZXv5K+uPGVzDKwkgPgZJEezX7
6iQ358f1pjSRvYfQ5aB13k2epUHoqCKArMYu1zPqxhvLvvAvp8uOHABnr9NGL3El
u7UUgaeUNHkr0gxCKEq3p81abrrbbWveP8OBP4RyxmaFx13Xcj7mfDluiBHmjVvv
WU09EdH9VPlJ7WfZ+2G2ZZDHuE5XiaeP7ocugTxXXLkp33zwpDX0+ZuCIXM6fQGe
OccSffglFPdNBnfasuuxDWxTQPsEbWGOPJV+CAPmBDeApX+TBF9bovO3hw4Uozk2
VT7EAy8Hb0SOrUb3UNGxzoKv++5676IxyB4JXX0Tr9O4ZxhO8o9pEEHwirtn/J1+
MWven4gVlWM/6bMeUqx6ydyNc2nqF5059yfRmwGMlp09x82G4x1bcf6aDZ+5njDG
fS5T2OpXRIkZHJx8BhmZjsxiDR0KV44zwHpt06+96ef3EDWB0BcP6M+a5Rtc33zf
irRmQd2M6RLyXCYtdGIiiAFRuomw802U4F0P4LwVrZdbGA6ObqBv1k8BUFCMbMz8
Ab4hF7kO4z0Vh3JaKzcHey0pOzdNCPpAHZ51sAoAnFDM4PdMBgQxxVweCMu4KYMZ
FN8sNn42oY/b7gDmwCelVhgD+rvUn/a8+B7CDmCp+wIquyrjrTt00voATcb+ZPMJ
pTXJ/NcM
=rqTX
-----END PGP SIGNATURE-----

Use this as "Signature" on OPSV.

Using plaintext public key

Now, let's check the signature. Go to my personal website and copy-paste the "plaintext" key in the "Public Key (1: plaintext)" field.

You will see a green message confirming that my key was used to sign this message. I really do like pineapple.

Using web key directory (WKD)

Remove the contents from the "Public Key (1: plaintext)" field. Now, in the "Public Key (2: web key directory)", write yarmo@yarmo.eu and verify the signature again. It is still verified. Try using jane@doe.org or any other input, it won't verify.

Using HTTP Keyserver Protocol (HKP)

Remove the contents from the "Public Key (2: web key directory)" field. I uploaded my keys to the https://keys.openpgp.org/ HKP server, which is the default server used by OPSV. All you need to do is once again go to my personal website and copy-paste the "Fingerprint" in the "Public Key (3: HKP)" field (the second field!). Still verified!

Using no public key at all

Wait, what? Then what am I verifying the signature against?

PGP signatures can contain the userId of the signer. If OPSV finds a userId, it will use it to perform a HKP lookup.

Remove the contents from the "Public Key (3: HKP)" field. It again verifies BUT against the information contained within the signature itself. You should carefully check the information OPSV returns. In this case, the authenticity is confirmed because the userId (yarmo@yarmo.eu) matches the one I use.

The signature below does not contain a userId:

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

I like pineapple.
-----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEEog/Pt4tEmnyVrrtlNzZ/SvQIetEFAl70mT4ACgkQNzZ/SvQI
etHUNBAAlswF4Q5IkPTsMELZPNHBps8CUJUeDWu3HlSz7c2U+4h2jJztHD0mDtxH
PqKzUnqQqNF1Bot//5xoOcn+m6UaSCzDk1oQFwD6LlQA+ScnIXddoV3xLqzTRAMe
dyuqOoDzoVeD+fWlwisnGElYX5jHRX6tgyKNh0auR3/crQUIJazAyeDwZFdJiwaL
ntd+d8T0BcVlVVPYN7RIp1hpT+PLIcwIsr64Myfy8SOa4cjVcQgnrhR/Lfz9680T
LCpnSohHRiA82nMGRiapEv+s+zy1NUZnVYbU2Li+Q0nYdSoDFu0xEBYmLOxwS50H
j6kK0ZyRicNeq2T25aIlieliTmSFLHHpzi/Zw8Yt1+FtZvWf4pstA19ahk7AQK5W
zYF2bMO2xn5D4/pRz1P4e2NTWYeIK+ZHttc7T9ZSS9Ffo03fjcJXhson3WcQZKB5
VIGVVFnlWujNYYotmxys84OtE6ePfVRwHasIOLfknVq64RVo68Y1Pgw/KPXSb1k6
3r+YD0mt5i/NWpwm79G/Aq54WI5JT905div88d0Bbpa3dScTZ2MiBJbP96pZBcKl
dpm3RnjsbCFgZqEpclrEh2SD1e8eCjrNcouWK3jIfOkaWB2xk1KvNmdyQQTs3dkP
/CpKcCJiNVvY9ogWxg9aUuQZUn4WvCvaEkmP4dfkk9s8yAKPQf8=
=QqCq
-----END PGP SIGNATURE-----

Once again, the signature verifies. And again, it only verifies against the information contained within itself so that doesn't prove anything about its authenticity. Anyone can write this and the signature will return verified.

Except now, there is no userId for easy manual verification. So, you need to either take the keyId or the fingerprint and find some other way of verifying it, for example by contacting the person who supposedly wrote the message.

In my case, you can simply visit my personal website and compare the fingerprint.

What can a bad actor do?

One could not sign a statement with my private key: I, and only I, have access to it.

One could however simply take any of my signed messages and change the content. Like so:

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

I like privacy invasion.
-----BEGIN PGP SIGNATURE-----

iQJDBAEBCAAtFiEEog/Pt4tEmnyVrrtlNzZ/SvQIetEFAl70la8PHHlhcm1vQHlh
cm1vLmV1AAoJEDc2f0r0CHrRDcYP/R4Yo+xiBLHtrOEMAQQkwbxWyQgCbjS4h9iF
As86o9a+t5dKSsL4gSoB3sdNAL0a1ZOhaAU8kWaR6xN1RvCQjFr878hEf631yai6
DfF2eRZPEsjXkAzlOKlPrAvtrNwUUMSDk20rGa4A9HHdxpfrmDRIgVaz3uNr1qqc
N/Ag3OK/2l1pZFTqjPekqDnXwblLiuTTLFlMlS80LFKoa7zZLkE5SD5O6WQFpOK7
DwYJk1+UjWDgVugz8rSLWag0mag9Z815furPIkU9yRmE1tIjsgpCR+uJA/e0I4bn
4Ei0M29df1QucDNv6q2WoW/7rCMz1IY796TY/BbdqbFk6vOUUHu596mQB+fJDNTX
jGC0SpJPhzhgoZICzK8yWJMJGoLXScYj95rCAqjYdnW/LDdAgODCyjSOxnzdI1zi
prQf4OmayHzDjI8Bo4bl22toPdSIDt3r5MmSGXcmBrNU16ea7FC9MnR8dkKfHD55
tC3UL2Ps/iU76kqzGAei1PKvaVqKogUGi/kqWzfi2eg+useHRyZpJrJv3R2mE0Y2
eSLMMJ5cTuM60c0GSIPOxzBBsMRwa0HmEQ3HKgpnpkVYxoA00/hq91kuNavqUqM+
OyOgbb21woPAG+S4OCHkOINEAooeCfhpSFtmpa87sUcfvDHUuX1ivL4rYoQO3cT2
gNfjdSiB
=tqZV
-----END PGP SIGNATURE-----

Given the wording of the statement, you naturally doubt the origin of it being me. You run it through OPSV and indeed, this is not what I wrote!

You know me, "I despise privacy invasion." (hint hint).

Why make this project? (with opinions)

This project directly targets a specific use-case of Keybase.

It is possible to upload your public key (don't upload your private key…) to the Keybase servers. When you sign a message using your private key, anyone can verify that you wrote that message by simply using their verify page. It's really simple to use, but you'll notice something is missing: a field asking you which key to use for the verification. What Keybase does is check the message against all of the keys it knows about and then let you know which of its users wrote and signed that message.

It is my humble opinion that this is an anti-pattern. By not being able to verify against a single key, you open the door to impersonation: I can make an account named j0hn and pretend to be john. If I write a false statement and sign it with j0hn's key, Keybase will gladly tell you that the message is legit and signed: it is, but by the wrong person. It is up to the user to then investigate j0hn's Keybase account and figure out if it belongs to john or some bad actor.

Considering recent events, namely Keybase's acquihire by Zoom and Zoom's willingness to bend to US law enforcement and Chinese influence, combined with their unwillingness to release the server source code, I strongly urge all to #deletekeybase. They are not worthy of your keys and your data. It is a mystery what happens to your keys once you give them to Keybase, and with their employers working for a company eager to please privacy-invading governments, why would you? Seriously, why would you ever give your valuable private keys to Keybase?

I was having this discussion on the fediverse recently and a privacy-minded individual still was forced to use Keybase for the simple reason it was the easiest and beginner-friendly way of verifying PGP signatures that didn't involve installing complicated software and handling PGP keys.

Well now, there is OPSV. It has the same intuitive copy-paste workflow as Keybase does, with the only additional step of having to copy-paste a plaintext key, email address or fingerprint (which, in my book, is a feature!). Processing is done client-side, so no data is sent to any server.

Why include privacy-friendly plausible.io stats?

Well, without sounding cocky, I humbly believe this is the first project I made that could actually make a difference to people's workflow on the internet. As such, if usage suddenly spikes, I need to know if the server can handle it.

Because asking users to accept website statistics is much in my opinion, I decided a nice compromise was to make the statistics public.

If open statistics or any statistics at all is not to your liking, please do let me know by opening an issue.

Final words

I hope you like this project, I know I do. OPSV allows me to use signed messages more and provide a simple and secure way to verify their authenticity without relying on big corporations. This is our web, so it's also our duty to keep it secure.

Update 1

Added the Using no public key at all section.