Public versus Private keys exchange

Technical RetroShare discussions Forum

Public versus Private keys exchange

Postby Boldhawk » Sat May 04, 2013 3:32 pm

This maybe a real problem for authentication of friends:

First, these discussions have not made a clear distinction between the public and private keys. Whenever the term appears, the key referred to is not identified as private or public.

There is an additional term used in Retro: Certificate. When one opens the file, it begins with the heading of "begin public key" (or something like that). At the end, there is an "end of public key" but there are two additional lines which appear to be the IP address, port, and something else... like the subnet inside a private network.

This is what I experienced: When you first install Retro, and you send an invitation to an email address of your friend, a key is exported into the body of the email at the end. This key is not identified, but because the other key I find inside Retro, as my key, the file generated contains the title "Public Key," I can only assume the one that is being exported in the email's body is a private key.

A friend sent me a key, which because of the text inside the file, I can only assume it was a private key. I went through the process of "adding a friend" and answered the prompts with the correct answers, etc. We did connect, and can see and talk to each other and share files, etc. However, in the list of Known People, under the friends tab, we both show to each other that we didn't sign the other's certificate... when in fact we both did, and marked each other as full trust.

The point is that since I don't want to un-install the whole program and delete related files (friends wont delete permanently... they stay in the system, and ca be readily re-added), I'll try to do it by exchanging public keys and see if the result is clean. Meanwhile, if I have something clearly wrong, please, let me know. I'm getting ready to use the system with a large group of people and want to make sure I got this right.

I did a thorough search for pertinent key information the entire forum. What little I found was irrelevant and more often too old.
Boldhawk
 
Posts: 4
Joined: Fri Apr 12, 2013 4:02 pm

Re: Public versus Private keys exchange

Postby Imanuel » Sun May 05, 2013 11:13 am

When sending keys via mail, it uses its own key format to make sure people don't assume they don't need the part after "END PGP PUBLIC KEY BLOCK" - that's why it doesn't look like the public key you see in you profile.
Even after several years of usage, I have never come across a foreign private key in my keychain.

Just because the GUI is a bit vague with these terms, that doesn't mean the core is, too.
Imanuel
 
Posts: 33
Joined: Fri Jun 03, 2011 7:17 am

Re: Public versus Private keys exchange

Postby Distro » Mon May 06, 2013 7:04 am

Boldhawk wrote:First, these discussions have not made a clear distinction between the public and private keys. Whenever the term appears, the key referred to is not identified as private or public.

You (or RS) never send your private key to anyone. Unless the term “private” is explicitely mentionned you can assume the discussion is about public keys.

However, in the list of Known People, under the friends tab, we both show to each other that we didn't sign the other's certificate... when in fact we both did, and marked each other as full trust.

Probably a small bug. Doesn’t matter since RS does not use this information.

The point is that since I don't want to un-install the whole program and delete related files (friends wont delete permanently... they stay in the system, and ca be readily re-added)

If you delete "related files" (i.e. the data directory) everything will be gone including your friends and your private key.
Distro
 
Posts: 303
Joined: Sun Sep 04, 2011 7:33 pm


Return to Technical RetroShare discussion

Who is online

Users browsing this forum: No registered users and 1 guest