Introduction
The two pgp key tools allow to create pgp keys with a specified
key-id, that are the lowest 32 bits of the fingerprint. The main
motiviation to write such a program was to have a key-id with
some personal touch and that is easy to remember. The tools do
not contain any sophisticated numbertheoretical algorithms to
find a given fingerprint. The program tries to reduce the the
number of computational expensive long-number operations (modular
exponentiation) by varying the creation timestamp, that is also
included in the fingerprint.
Security Considerations
Since the program is only fast enough to create keys where
some of the fingerprint bits, e.g. the lowest 32 ones, are fixed,
it does not affect pgp security as such. Nonetheless, there are
some scenarios, where a human user could be tricked to accept
a key with a similar fingerprint:
- Users sometimes do not check the fingerprint carefully. Someone
might publish a key with the same key-id or with a fingerprint
where only the first and last few bits are equal.
- When an user attempts to download a pgp key by key-ID from
a keyserver, he might have typos in the key-ID. Someone might
create keys with a key-IDs, that are the result of a single off-by-one
keyboard stroke or that contains B with 8 replacements.
- Someone might create a parallel web of trust with the same
key-IDs by creating a key for every key from the official web
of trust. When this data is submitted to the official servers,
it is impossible for someone outside the original web of trust,
to distinguish the original web of trust from the fake web just
using key-IDs.
DSA Key Generator
Instructions for use:
- Download KeyGenDSA.java.
- Adjust some settings inside code (search for FIXMEs) and
compile it.
- Create a new key using standard pgp software and export the
private key as template for the keygenerator application, e.g.
gpg --homedir . --gen-key
gpg --homedir . --export-options export-clean,export-minimal --export-secret-keys > private
- Run the program to create a modified private using the template.
java -classpath . org.halfdog.crypttools.pgp.KeyGenDSA private "you <mail@domain>"
El-Gamal Key Generator
Last modified 20100530