Sep 13, 2018

The Web of Trust for PGP

There is a potential flaw in how public key cryptography works. Suppose you started distributing a public key that you say belongs to Warren Buffett. If people believed you, they might start sending secret messages to Buffett, encrypted using the key. Or they might believe anything signed with that key is a sworn statement of Buffett. This is quite rare, and yet it has actually happened to some people in real life.

Another sneaky attack is for an attacker to sit between two people talking online, eavesdropping on their entire conversation, and occasionally inserting the attackers own misleading messages into the conversation. Thanks to the design of the Internet as a system that ferries messages across many different computers and private parties, this attack is entirely possible. Under these conditions (called a “man-in-the-middle attack”), exchanging keys without prior agreement can get very risky. “Here's my key,” announces a person who sounds like Warren Buffett, and sends you a public key file. But what's to say someone didn't wait until that moment, jam the transmission of Buffett's key, and then insert his or her own?

How do we prove that a certain key really does belong to a certain person? One way is to get the key from them directly, but that's not much better than our original challenge of getting a secret key without someone spotting us. Still, people do exchange public keys when they meet, privately and at public cryptoparties.

PGP has a slightly better solution called the “web of trust.” In the web of trust, if I believe a key belongs to a certain person, I can sign that key, and then upload the key (and the signature) to the public key servers. These key servers will then pass out the signed keys to anyone who asks for them.

Roughly speaking, the more people who I trust that have signed a key, the more likely it is that I will believe that key really belongs to who it claims. PGP lets you sign other people's keys, and also lets you trust other signers, so that if they sign a key, your software will automatically believe that key is valid.

The web of trust comes with its own challenges. But for now, if you want an alternative to handing keys to one another in person, using the web of trust and the public key server network are your best option.