So a while back we discussed the idea of adding more security to our IRCd and one of these features was PGP Encryption. Now, before we go any further, we are not going to be encrypting every single message with RSA, as that's just well terrible for many reasons, see the second answer
here.
So now that that's out of the way, let me describe how this would work in our IRCd. This is a call-for-criticism/feedback on this as well. So feel free to ask any questions about anything involved, we want this to be secure and without adequate feedback, the likelihood of it being secure diminishes fairly drastically.
Now before we begin the algorithm, you need to know the following about the EvilZone API.
Each IRCd server will have a public-private key pair with the public part uploaded to the main web server where it will be accessible to anyone. Also, each user who wants to use public-private key encryption will need to upload their own public RSA key to the main web server. You can retrieve any public key via this API.
Algorithm:
1. Client Connects to Server over SSL
2. Client issues an 'ENCRYPT' command. The 'ENCRYPT' command tells the server that they want to begin a PGP Layer on their connection, you can only issue this command over SSL connections (although this can be changed).
3. Client sends a USER command followed by a NICK command, both encrypted with the server's public key.
4. Server uses the username parameter of the USER command to retrieve the user's public key from the EZ API.
5. Server sends 10 'KEY' Commands each with random data for the key, these key commands are encrypted with the user's public key.
6. Client randomly chooses one of those keys for the key to use for AES.
7. Client sends a 'VALIDATION' command to the server encrypted with that AES key.
8. Server tries to decrypt that 'VALIDATION' command with all the AES keys and then, once it can successfully decrypt it, uses that key for the connection.
9. Server sends a 'CONFIRMATION' command to the user encrypted with that AES key.
10. From this point on all messages are encrypted with that AES key. Everything continues like normal, and the server sends a PONG command and then it's off to the races.
At any time the server or client can send an 'ENCRYPT' command and then this process begins all over again, however, the user's username and nickname must still be the same as before. I was thinking about having this happen every five minutes in the IRCd. Also, when the algorithm is run again, the 'ENCRYPT' command is sent encrypted with the previous AES KEY, not just over the SSL connection. Also this process can be improved even more because as of RFC 2812, the USER command has an <unused> parameter and we could abuse that to specify which of the user's public-private key pairs to use.
In some respects this is a fancy version of TLS but it seems like it'd be more secure because it's specific to users and the handshake is completely secure, as in, you need data outside of the connection to determine the contents of the connection.
So basically, any connect could be upgraded to a EZ-Secure (name for this?) connection but preferably that'd happen over SSL.
Also of note, I'm going to be writing a proxy irc daemon which basically handles all this so that existing clients can still use this, furthermore, that proxy irc daemon can even add ssl support to non-ssl supporting clients. However, that irc daemon will probably only work on *nix until I get time to write a version for windows. I'm rather busy just trying to get my ircd up and running and working.
Thoughts? Questions? Criticisms? Concerns?
