Bitcoin Forum
December 11, 2016, 12:24:09 AM *
News: Latest stable version of Bitcoin Core: 0.13.1  [Torrent].
 
   Home   Help Search Donate Login Register  
Pages: [1]
  Print  
Author Topic: Public Key Infrastructure  (Read 1810 times)
kiba
Legendary
*
Offline Offline

Activity: 980


View Profile
February 02, 2011, 05:12:18 PM
 #1

How about implementing public key encryption across all bitcoin services whenever possible?

1481415849
Hero Member
*
Offline Offline

Posts: 1481415849

View Profile Personal Message (Offline)

Ignore
1481415849
Reply with quote  #2

1481415849
Report to moderator
1481415849
Hero Member
*
Offline Offline

Posts: 1481415849

View Profile Personal Message (Offline)

Ignore
1481415849
Reply with quote  #2

1481415849
Report to moderator
1481415849
Hero Member
*
Offline Offline

Posts: 1481415849

View Profile Personal Message (Offline)

Ignore
1481415849
Reply with quote  #2

1481415849
Report to moderator
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction. Advertise here.
1481415849
Hero Member
*
Offline Offline

Posts: 1481415849

View Profile Personal Message (Offline)

Ignore
1481415849
Reply with quote  #2

1481415849
Report to moderator
1481415849
Hero Member
*
Offline Offline

Posts: 1481415849

View Profile Personal Message (Offline)

Ignore
1481415849
Reply with quote  #2

1481415849
Report to moderator
1481415849
Hero Member
*
Offline Offline

Posts: 1481415849

View Profile Personal Message (Offline)

Ignore
1481415849
Reply with quote  #2

1481415849
Report to moderator
grondilu
Legendary
*
Offline Offline

Activity: 1134


View Profile
February 03, 2011, 12:02:33 AM
 #2


What do you mean?  Should I remind you that ECDSA doesn't support encryption?
kiba
Legendary
*
Offline Offline

Activity: 980


View Profile
February 03, 2011, 12:04:31 AM
 #3


What do you mean?  Should I remind you that ECDSA doesn't support encryption?


Replacing password with GPG-like system in the bitcoin economy.

grondilu
Legendary
*
Offline Offline

Activity: 1134


View Profile
February 03, 2011, 12:08:59 AM
 #4

Replacing password with GPG-like system in the bitcoin economy.

I've been thinking about that some time ago, but now it appears to me that GPG is definitely not appropriate for such use.

However, normally openssl makes use of key pair cryptography.  I can SSH to a distant server without having to enter a password, for instance.  Basically I just have to put my ssh public key on the distant server.

I don't know why no website is doing anything alike.  There is something I must be missing, because as I understand it, HTTPS relies on the same technology.
ribuck
Donator
Legendary
*
Offline Offline

Activity: 826


View Profile
February 03, 2011, 11:10:10 AM
 #5

... I can SSH to a distant server without having to enter a password, for instance.  Basically I just have to put my ssh public key on the distant server.

I don't know why no website is doing anything alike ...

The websites don't do it because the Certificate Authorities want to protect their business model and have persuaded the major browser makers to support only their profitable system. I think.
alkor
Full Member
***
Offline Offline

Activity: 137


View Profile
February 03, 2011, 05:48:57 PM
 #6

Would it be difficult to add a Firefox add-on that lets you log in supported websites using private/public key authentication? So, instead of having to create a separate password for each website, one would just give them his/her public key.
Mike Hearn
Legendary
*
Offline Offline

Activity: 1526


View Profile
February 03, 2011, 05:54:23 PM
 #7

You can already log in to websites with public/private keypairs, it's called client SSL auth and it sucks, which is why almost nobody uses it.

PKI is way too complicated for the mass market. Studies have shown even many computer science graduates don't understand it.

bitcoinex
Sr. Member
****
Offline Offline

Activity: 350


probiwon.com


View Profile WWW
February 03, 2011, 09:13:03 PM
 #8

You can already log in to websites with public/private keypairs, it's called client SSL auth and it sucks, which is why almost nobody uses it.

But it's good enough technology.
I am use it at ~3 sites.

Quote
PKI is way too complicated for the mass market. Studies have shown even many computer science graduates don't understand it.

Not for bitcoiners!

I think we (exchanges admins) need to negotiate and implement such a system simultaneously, so that users had nowhere to go.

New bitcoin lottery: probiwon.com
- Может, ты ещё и в Невидимую Руку Рынка веруешь? - Зачем же веровать в то, что можно наблюдать непосредственно?
Nefario
Hero Member
*****
Offline Offline

Activity: 602


GLBSE Support support@glbse.com


View Profile WWW
February 03, 2011, 10:35:20 PM
 #9

Would it be difficult to add a Firefox add-on that lets you log in supported websites using private/public key authentication? So, instead of having to create a separate password for each website, one would just give them his/her public key.

There is already a plugin being developed called gpgauth that does exactly this.

http://www.curetheitch.com/projects/gpgauth/

PGP key id at pgp.mit.edu 0xA68F4B7C

To get help and support for GLBSE please email support@glbse.com
ByteCoin
Sr. Member
****
Offline Offline

Activity: 416


View Profile
February 04, 2011, 05:38:49 AM
 #10


What do you mean?  Should I remind you that ECDSA doesn't support encryption?


As I have mentioned a few times before, although ECDSA cannot be easily used for encryption, the keypairs used are perfectly suitable for use in some elliptic curve public-key encryption schemes. It is misleading to try to imply that there are significant technological barriers to implementing a public key encryption scheme using bitcoin addresses.

ByteCoin
grondilu
Legendary
*
Offline Offline

Activity: 1134


View Profile
February 09, 2011, 07:09:14 AM
 #11


Anyway, I think it would be very cool if we could use this to log into this forum.   But I guess cookies do pretty much the same job.
da2ce7
Legendary
*
Offline Offline

Activity: 1218


Live and Let Live


View Profile
February 09, 2011, 11:31:57 AM
 #12

If we implemented a simple 'send from address' to login all you would need to do is send a random amount of small coinage to the forum server.  The server can check if you own that address or not; then send it back to you.  Grin

One off NP-Hard.
justusranvier
Legendary
*
Offline Offline

Activity: 1400



View Profile WWW
June 23, 2011, 06:53:11 PM
 #13

Given recent events is there any good reason for websites dealing with Bitcoins not to start migrating to gpgAuth, or at least making it available as an option?
TonyHoyle
Jr. Member
*
Offline Offline

Activity: 59


View Profile
June 23, 2011, 07:03:16 PM
 #14

Would it be difficult to add a Firefox add-on that lets you log in supported websites using private/public key authentication? So, instead of having to create a separate password for each website, one would just give them his/her public key.

No plugin needed.. startssl do it and it works on anything pretty much, as long as you have the root CA (which for them is easy as it's in the default set that ship with the OS, but might have to be transmitted out of band for a bitcoin CA).

They generate and send you a client key that gets stored in your keychain (this is trivial point and click stuff on most browsers).  Then when you visit the site again it requests that cert. and you are logged in.  If you don't have the key, you don't get in.

The only reason it's not used more widely is more inertia than anything else... people are used to usernames and passwords.

Batouzo
Member
**
Offline Offline

Activity: 70


View Profile
June 23, 2011, 07:05:09 PM
 #15

If we implemented a simple 'send from address' to login all you would need to do is send a random amount of small coinage to the forum server.  The server can check if you own that address or not; then send it back to you.  Grin

Paste public key to the website,
then website shows you a one-time bitcoin address and some random ~0.01xxxxxxxxx btc amount,
you make that transfer and then your public key is recognized.

With keys established, actually, all one would need to do is to sign/decrypt all http requests.

RFC for http-pgp, anyone? Smiley  It would be more then http://gpgauth.org/projects/gpgAuth/ which appears to be just for login (thanks for the link above)
Nefario
Hero Member
*****
Offline Offline

Activity: 602


GLBSE Support support@glbse.com


View Profile WWW
June 23, 2011, 08:46:37 PM
 #16

We're already using RSA keypairs for signing in on GLBSE, all done in JavaScript. We're working on making it more convienient, secure and cross site. Would be a sinch to implement on the server, and saves a lot of webapp problems too.

Nefario.

PGP key id at pgp.mit.edu 0xA68F4B7C

To get help and support for GLBSE please email support@glbse.com
Pages: [1]
  Print  
 
Jump to:  

Sponsored by , a Bitcoin-accepting VPN.
Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!