Explanation of the web of trust of PGP

Everyone can generate a PGP key by himself. If you want to know if a given key belongs really to the person stated in the key, you have to verify that. This is very easy if you know the person who created the key. But is is difficult if you do not know that person at all.

I will explain how PGP solves this problem. The main point is the usage of certificates. Such a certificate has about this meaning: I confirm, that the signed key belongs to the person mentioned in the UserID-field. .

Additional I will point out how PGP determines which key is valid and which not. And also the way PGP handles the trust parameters.

Why to build a web

A problem in every public key system is the authentication of the public key.

A example will show that: I get an electronicly signed email from Germano Caronni. To verify the signature of his mail, I need his public key.

One way to get his key is to send a mail to pgp-public-keys@keys.pgp.net with the subject GET caronni@tik. But is this really his public key? Some other person could have created a key with the name Germano Carroni. This person could then send the key onto the keyservers.

I have to check the authenticity of this public key to see if it is really from Germano Caronni. There are several possibilities to do so:

I search his phone number in an official phone book and make a call. On the phone he gives me all his key properties. I have to know him to be able to identify him by his voice for this to work. If I can not identify him by his voice any one else could say he is Germano Caronni. I visit him, he shows me his picture identity card and gives me the key properties of his key. I search for another person which has confirmed that the key of Germano Caronni really belongs Germano. This will be explained in this text.

The possibilities 1 and 2 are expensive and perhaps impossible. I probably will not visit someone in an other country to verify a signature.

The third possibility is very easy because all can be done electronicly. There is even a tool to do so: the AT&T PathServer. There I can enter the keyID of my PGP key, which is DD934139. Additionally I enter the keyID of Germanos key, which is 7B7AE5E1. The PathServer gives me the following image as a result:

The top circle is for my key DD934139, the key at the bottom of the picture is the key of Germano 7B7AE5E1.

An arc from A to B stands for an electronic signature of the key B, done by A.

I can read from the picture: Marcel Waldvogel confirms that the key 7B7AE5E1 really belongs to Germano Caronni, because he has signed the key of Germano. I have signed the key of Marcel Waldvogel and confirm therefore that the key AB96E86D belongs him. There is another path from my key to Germanos key via the ct'magazin and Hanno Wagner.

To be able to verify such paths it is very important that everyone signs the key of others and submits these signatures to the keyservers. This way also others can benefit from such signatures.

All these signatures build a kind of a web. Thats why this is called the web of trust.

The paths between two keys have to be as short as possible. These paths are chains of confirmations. If the path between my key and the key of Germano gets longer I am less sure about the validity authenticity of his key.

Paths which do not share a common key between the starting key and the last key are called disjoint paths. It is important to have as many disjoint paths as possible. The more disjoint paths between two keys the less the probability that someone can fake a confirmation chain by issuing a wrong signature.

The validity of keys

Every user of PGP has an own keyring with public keys.

The keys which are valid are specially flaged in this keyring. A key is valid if it is

signed (certified) by the owner of the keyring or

signed (certified) by enough other key holders, which are trusted by the key owner. See next chapter: The trust.

A key which is flagged as invalid in the keyring, will only be used with reservation by PGP:

key certificates created with such a key are ignored.

If a signed message is verified, there will be a warning that you can not be sure that the signing key belongs really to the person mentioned in the key.

trust values meaning of this trust value untrusted key certificates done with this key are ignored marginal At least 2 keys with marginal trust have to sign another (third) key to make this third key a valid key. complete At least one key with complete trust has to sign another key to make the key valid. ultimate If you have the secret key for a public key this key is ultimately trusted. Every key you sign with an ultimate trusted key becomes valid.

The number of key certificates needed to make a key valid is taken from PGP 5.x (5.0 and 5.5) for Windows. With the Unix version of PGP you can set this values by yourself in the configuration file. The default values of PGP 2.6 are 2 and 4.

PGP 5.x (Windows) PGPKeys.exe has two columns Validity and Trust where it shows the values graphicly. PGP 5.x (Unix) pgpk -c verifys all signatures and shows the values for every key in the keyring. PGP 2.x.x pgp -km shows the values

pgp -kc verifys all signatures and should be called prior using pgp -km .

Links

Hints, Errors and Comments by mail to Patrick Feisthammel <pafei@rubin.ch>

Last modification: 7 Oct 2004, Patrick Feisthammel

This work is licensed under a Creative Commons Attribution-ShareAlike 3.0 Unported License.

no mail to sammler@rubin.ch