Key and KHID Management

Index

Back to the WebFunds page or the FAQ index or the Ricardo page.


PGP Keys and KHIDs

Systemics Ricardo is based on SOX (for Systemics Open Transactions), which uses PGP (for Pretty Good Privacy) keys to manage value. The actual keys used are generated by the applications, but PGP itself could in every case be used to do the same thing.

PGP keys come in pairs, being the secret key and the public key. Like all public key systems, these keys have a wonderful property: the holder of the secret key can be identified, but not imitated, by the holder of the public key. See Cryptographic Toolkit for Electronic Cash for a quick survey of cryptographic concepts.

When a SOX application such as WebFunds sends a PGP public key to an Issuer, then the the shared arrangement is known as a KHID (for Key-Holder-Id). Now, the SOX application can identify itself to the Issuer securely.

The following sections document the real-life user issues that have been experienced so far.

Correspondence Key

Can I use my PGP Correspondence key for Shopping?

They are compatible and could be used for both purposes. Indeed that was a design principle, to allow PGP to check and/or produce the keys.

However, we would really rather you didn't. Here's at least two good reasons:

  1. Using the correspondence key for shopping or trading allows the Issuer to conduct marketing and other analysis on you. That's because your public key is recorded there, and it is a simple matter to match that public key with anything else you get up to. And the converse is perfectly true (although I leave that as an exercise for the reader).
  2. Using a key pair in this way implies trusting the software. You have probably been using PGP for some time, and you *might* have a degree of trust in it to do the right thing. Well, maybe.

    Do you have the same trust in WebFunds? Again, maybe, as it is just an application like PGP, and it can be compromised in much the same way.

    So, to cope with an aggressive and uncertain world, you should use different keys and 'firewall' your secrets! If something goes drastically wrong with one application, it can only compromise the data it is working with.

    Note that this can occur with any application. Your data is at the mercy of the software, and this software is no exception. We would, however, advise additional caution with WebFunds as it deals in money. Your money.

You might be able to think of others.

Delivery of Keys

OK, I've created a key, and here's my password and secret key.

Whoa, pardna! A little confusion here...

We don't need your secret stuff or your password or your family jewels... :-)

The Issuer in fact doesn't need anything from you except the official act of registration. Which is done automagically by the applications, as they sends sufficient public key details to allow us to confirm that you are on the other end of the quality bit.

There are only two (minor?) considerations:

Relax, we're not the new Secret Net Police! No jackboots and brown shirts here, just DM's and black ...

Remembering Passwords

I am terrible at remembering things - what happens if I forget the password?
You're in deep deep trouble.

The password is used to decrypt the key. To read the key without the password, consider the following:

Have we made it clear: don't lose your password. While you're considering this absolute truth, read the bit about backups, immediately below.

We are sympathetic to the problem, and we're working on it. It's just that the answers are not really solutions, and introducing a half-solution will often cause more problems than it solves.

What happens if my hard-drive crashes?

I bought this disk drive off a dodgy mate to run my system, and it makes strange sounds, but seems to work OK. If it goes down, you will be able to send me the necessary stuff won't you?
No. You're in deep deep deep trouble, deeper than if you lose your password.

The secret key is your passport to the Internet Financial System. Lose your passport and your stuck in the war zone and the cavalry can't come to your rescue.

So, make backups of the secret key. Good backups of the file:

secring.pgp
are essential.

It also makes good good sense to store your backups somewhere else - these are called off-site backups, and they protect you against earthquakes, children and other acts of god. Think of somewhere safe, but not with your dodgy disk drive mate :-)

While you're thinking up somewhere safe, read the bit about passwords, immediately above.

I lost it. Help me!

I took my password from a Spanish word on a bottle of wine that was on the table, and now the bottle has gone, and I can't remember what it was... {true story, names withheld to protect the innocent :-}

Let all the issuers and markets that you had value with know. If you can, provide them with the fingerprint of the key (we call it the khid for key id).

If you can't provide the khid, you will have to provide a description of all activities and timings. Then, each entity will have to do traffic analysis to try and isolate which is which key. As you can imagine, this is not guarunteed. As you might fear, this could be expensive. Which is why it's not a good idea to be reading this ... or making spanish keys under the influence rapidly emptying bottles :-)

The Responsibilities of Strong Crypto

Oh My Gawd. Why's it so hard?

Strong crypto, employed in the interests of privacy, is like that. If it wasn't so hard, then it would be easy for anyone to scan your traffic and steal your money.

What strong crypto does is give you the power to control that which is your own. It also forces the responsibility onto you. With power comes responsibility.