Like SSH, Crypto Kong operates by key caching rather than a centralized key authority or web of trust, but unlike SSH, the key caching is manual.
I probably should implement the same concept as a thunderbird extension, so that the key caching becomes automatic - but that requires figuring out how thunderbird does its mail and contact database, and probably extensively modifying and enhancing its database abilities.
I am currently working on some software which will have a superset of these capabilities, and will likely be advertised under the same brand name, but which will probably not be backwards compatible. I will probably not implement it as a thunderbird extension, though I have not really got that far yet.
Kong keeps track of your secrets and signatures, and stores signed documents for signature comparisons.
Kong can tell if two documents supposedly signed by the same person were both signed using the same secret, and thus by the same person, even though it does not know that person's secret.
It can also encrypt a document to a signature, so that the document can only be decrypted using the secret used to form the signature, thus ensuring that it can only be decrypted by the person who signed the document to which you are replying, even though it does not know that person's secret.
Kong signs documents using your secret, stores and compares other people's documents to make sure that they were signed using the same secret, encrypts documents to a signature selected from the documents that it has stored, and uses your secret to decrypt documents sent to you that were encrypted to your signature.
Unlike most digital signature programs, this one has no concept of "true names". It makes no attempt to determine that the Bob you are talking to is the "real" Bob. It merely ensures that it is the same Bob. If you receive documents with different "Bob" signatures, Kong will insist you give each Bob a separate label, and will tell you which Bob is sending you the message whose signature you just checked
With Kong your public key is merely the first line of your signature. You do not need to create and publish your public key certificate, or obtain other peoples certificates so that you can communicate with them privately, unlike other digital signature and encryption programs. You do not even need to care what a public key is.
Digital signatures work like pen signatures. Anyone using Kong can tell if a document has been altered since it was signed, and anyone can tell whether or not two documents were signed by the same person. Two documents whose signatures match must have been signed using the same secret file or passphrase, and thus pesumably by the same person. Kong can determine that two documents were signed using the same secret, even hough it does not know and cannot discover what that secret was.
With other products, in particular Verisign's product, you need a certificate signed by someone, such as Verisign, testifying that you are the real you. This leads to high fees, complexity, and administrative costs. Maintaining a verisign certificate typically costs a business about one hundred dollars per year per additional seat. Kong merely shows that you are the same you, just as an ordinary signature does.
When you encrypt a document to a particular person, it can only be decrypted using the secret used for that person's signature, thus only the person you are replying to can decrypt it. You yourself cannot decrypt it unless you list yourself among the recipients.
At some future date, I intend to support certificates of identity as well, but the vast majority of people have no need of them, and should not be forced to use them. Most people do not understand them, so use those certificates incorrectly, and even when they do understand them, they still often manage those certificates incorrectly.
The text you place in the clipboard must include the full delimiter line, which marks the start of the signed text. Any text preceding that delimiter line will be discarded.
Later, when you receive another document from this person, put the other document in the clipboard, and press the do clipboard button again. Kong compares the document with its database, and reports on matches at the bottom of the window.
To sign a document in Kong, again simply paste it into Kong with the do clipboard button, and press the Sign button.
To encrypt a document so that only a person who signed a certain document can read it, you must first store a document by that person so that Kong can find that person's signature. Kong can then encrypt your document so that only the person who knows the secret used to sign the other document can decrypt it. (This of course means that your copy of Kong cannot decrypt it, only his copy.)
The secret used for decryption and digital signatures can be a secret file, a secret passphrase, or both. Kong remembers where the file last was, and looks for it there. You can put the file on a floppy disk and lock the disk away for security, or leave it on your hard disk for convenience. Kong records information that allows it to recognize the file or passphrase when it sees it, but secret file or passphrase is not stored in Crypto Kong's database. Kong does however store decrypted documents in the database in clear text when you press the store button.
Kong is not intended for storage security, but for communication security. One excellent product that provides storage security is Scramdisk , which I use. A good storage security product should provide an encrypted disk partition, that can only be rendered readable with a password, and becomes unreadable when the user logs off or the computer is powered down or reset because the password is forgotten, for example Mad Max , SafeHouse , and SecurePC .
Kong has various potential vulnerabilities against an adversary with access to your computer. I intend to remedy the worst of these, but Kong will never provide the security against attacks on storage that is provided by an encrypted disk partition, a partition whose passphrase is at least twelve characters long if the passphrase is random seeming gibberish, like that which appears in digital signatures, and at least seventy two characters long if it is a humanly intelligible, grammatically correct, english sentence. Crypto Kong is designed for communications security, not storage security.
How then do we link a digital ID with a paper document, such as a check sent to a stockbroker?
One method is to use the public key, which is the first code line in your signature. For most purposes it is sufficient to give only the first twelve characters of the public key, perhaps sixteen if your transactions are a crucial to the national security of an important nation. For example if John Doe was to write in handwriting on the check,
Apply to the account ofThen the broker, assuming he uses Crypto Kong in his business, would check the first few digits of the digital signature on one of the digital documents you sent him against the writing on the paper check, and would know that the money should be invested as directed by the author of those documents.
--digsig
John Doe
3heijUWX+5v9U
Alternatively, the broker could establish an account on the basis of a digital signature, and inform the person opening the account that that account number is indeed linked to the digital signature, in which case the person opening the account can simply put the account number on the check, as usual. This fits better with existing business practices, but it involves an extra communications step, creating additional opportunities for mischance, error, confusion, interference, fraud, or leakage of information.
With the former method, if the handwritten reference to the digital signature agrees with the signature on the check, then the broker can trivially prove that he had proper authority to apply the money as directed in digitally signed documents. With the latter method, his authority is only as good as the reliability of his communications with his client.
Suppose John Doe wants to move money or benefits in the opposite direction, from a digital ID to a paper ID?
If he is moving money from a brokerage account to back to a bank account, the problem is trivial. John simply sends a digitally signed message: "Deposit $10000 in account 4377844378 at the bank of such and such.
What, however, if the money or goods must be provided to a physical person who turns up in the flesh to collect the money or goods?
This is slightly more complex, but it is only as complex as the existing system for bills of lading and letters of credit. Indeed it is the existing system for bills of lading and letters of credit, translated directly, one for one, to digital signatures.
Suppose for example, a warehouser has been directed "give the goods to John when he turns up", and he wants to be able to prove he gave the goods to the correct John. It does no good for the John that turns up to sign a receipt for the goods, for that is a pen signature, and we suppose the message directing the warehouser was digital, and the warehouser wants to be able to provide digital proof that John received the goods, so that computers can shuffle the documents around, instead of the present cumbersome system where large bundles of signed papers pass from hand to hand in exchange for the goods.
One simple solution would be for the real John to carry a floppy disk containing a digitally signed message "Received consignment 27777 comprising such and such" and gives it to the warehouser in exchange for the goods. This is the direct equivalent of the existing system for bills of lading, where goods are exchanged for signed documents.
Or if a floppy disk was inconvenient, or we were concerned that the floppy disk might be stolen, the warehouser could be given the signature of a passphrase, with no document. The real John knows the pass phrase that corresponds to that signature, and the deal is that he will give the passphrase to the warehouser in return for the goods. When the warehouser has the passphrase that is validly signed by the signature he already possesses, this is proof that he delivered the goods to someone authorized to receive them. This is some what similar to the system used withdraw physical cash from a sparbuch account, and is similar to, but not directly equivalent to, the system used to obtain physical goods using bills of lading. We would use this passphrase system when wiring money to someone, to be picked up in physical person, as in a sparbuch account, but we would probably not use it when shipping goods to be picked up by a physical person, as with a bill of lading.
-- A contract between Alice and a second party, wherein the second party promises to take good care of Alice's stuff --digsig Alice 9Xjp1N+QDtXR9Mw1S0gJTnwliGM3rQpuzdogeqOLqii VApNcqXfjT35PvF2aBGC8aTegtm6+vyg9BkxX62j 4O+9VXuj9zRYesnbrdoI29AoeApHRDyu/iHmnG8QmThen if Bob wished to sign the contract, he would select New from the file menu or button bar, paste the contract prepared by Alice in the document, press the Sign button, then the Copy button, and send the contract, now signed by both parties, back to Alice:
-- 2 -- A contract between Alice and a second party, wherein the second party promises to take good care of Alice's stuff --digsig Alice 9Xjp1N+QDtXR9Mw1S0gJTnwliGM3rQpuzdogeqOLqii VApNcqXfjT35PvF2aBGC8aTegtm6+vyg9BkxX62j 4O+9VXuj9zRYesnbrdoI29AoeApHRDyu/iHmnG8Qm --digsig Bob F9KBGIfyizpoyo8i8NS/Dqe/eP4WVNcXcRJuS14QPXn h/5dazl5WDrJti1vKpHCMkuXz/PTN4/U0PjeR4f9 47fz5E13nN1LXJQXHvMlXsC57b2PGPtEFyzwznr2DCrypto Kong has no special case handling for certificates and contracts, so you have to do this using the file menu, rather than the do clipboard button.
Often one wants to link the contract to an identity capable of being sued.
For example, today, when you rent a computer, the people renting you the computer will usually ask you to fax your most recent pay stub or bank account so that if you break the contract, they can go after your money.
Because people usually fax these things, rather than present them personally, someone could steal your identity.
If you fax the bank statement together with the digitally signed contract, this shows that you, the person who possesses the secret of the signature, also possesses the bank statement.
This method, which corresponds to existing practice, is probably good enough for most purposes, but it still exposes you to the risk that someone will steal the image of your bank statement from the fax, and use it to commit identity theft.
To protect against identity theft, you could write the first part of your digital signature, including the first twelve to sixteen digits of your public key, on the bank statement, before faxing it.
For example:
This account property of |
Suppose Alice hires Bob to do some consulting work and is satisfied with the results. She knows her friend Carol also needs similar work done and wants to recommend Bob to Carol.
In Crypto Kong you would do this with nested signatures, using the file menu.
-- 2 Dear Carol I think Bob is a very good consultant. Enclosed is Bob's resume -- Hi: I do great consulting. --digsig Bob F9KBGIfyizpoyo8i8NS/Dqe/eP4WVNcXcRJuS14QPXn N9Cm/pDw8sgVDMj8f3upNmp1pSE3rSj0atQuF7Jt 4RgxEDpUxK1DVzBejpH3qqvrqcY2+8M+pSXFB0LLG --digsig Alice 9Xjp1N+QDtXR9Mw1S0gJTnwliGM3rQpuzdogeqOLqii ckd5NlB2nGrQHe4TSMSDd791WEq64XCotsYG0oiZ 4W3Yi4QBCgYC0SnORJFesTOcbCsmGsEnXZRCVrsouWith competing products, Alice would have to reference Bob's "true name", which is a problem, for the concept of "true name" does not correspond to any easily understood security protocol.
With Crypto Kong, Alice merely sends an enclosed document signed by Bob. Instead of having to conform to protocols designed to prove the identity of the one true Bob, she merely has to say, in effect, "this particular Bob", instead of needing to say "the one true Bob"
-- Example signed document. --digsig James A. Donald 6YeGpsZR+nOTh/cGwvITnSR3TdzclVpR0+pr3YYQdkG BSvaK4MOZ2HQvr15n12Wn//srJ0bGg0SBsjB0i7z 9DzVhXhT9dtOvXQsvNgW9fxxzbg1MahNdUf/jGDb |
-----BEGIN PGP SIGNED MESSAGE----- Example signed document. -----BEGIN PGP SIGNATURE----- Version: PGP for Personal Privacy 5.0 Charset: noconv iQEVAwUBM7+wl2rcIxe8e5eNAQEK5ggArPlG9AOFH35BK2hma3K/RJRDm1Lbd5BM THLdg4MH0IwlV46jRGXrAUfMSBY3jfBlSWos3XIfbH3BpIPCwz0722iJNyq9+nij sGDb/IgcoUGXYfADg4Irlw8LGDmQwd2JEAfc1wLBPSG2TYRCHZy5HAPNq1tqrvp2 ZMq6J8xjuY+LfuM3lLs0MgO2SeNvJl0VFLOY5KOSojGkNhGEl+gVWbY+fBKhfvGK UUXEL7cT7uwkTfR6kfNdWbAQAteAkDOrUw69zRYzgRegmocgUVZRhzEMNhEzwFSH io1Wbwe2QywRIxiwnA7HnlsR7ClZn7fNG1ryM6BBUpnkJWMM80vgZQ== =QIXE -----END PGP SIGNATURE----- |
The icon for Kong represents a rose, from the phrase, "sub rosa", or "under the rose". A rose over a table is a symbol that discussions at that table were to be held in confidence, that actions planned at the table were to be undertaken in secret. Some say this symbol arose from a roman legend, where Cupid bribed a child to remain silent about his mother's illicit sexual liaison by giving the child a rose, though if such a legend ever existed, I suspect it was made up after the rose became a symbol, not before. This symbol may predate Rome by millennia, for there was a statue of the Egyptian god Horus carrying a rose and holding his fingers to his lips. Perhaps this symbol relates to some now long forgotten conspiracy.
Does not yet sign or encrypt binary files.
Does not yet support integration with Eudora or Pegasus.
When someone sends you an encrypted message and you store it (and you need to store at least one signed message from that person before you can make an encrypted reply to him) that encrypted message is stored in the Kong database in the clear. I do not regard this defect as urgent, because, as the ad says, Crypto Kong is designed for communications encryption, rather than storage encryption, and if you want to be genuinely secure against raids on your computer, you should use a storage encryption product as well.
As a workaround, I suggest you should exchange relatively innocuous messages, store those for comparison with future messages, and delete those messages you do not wish an attacker with access to your computer to see.
I do not intend that Kong will ever be suitable as storage security product, nor do I intend that it will ever be entirely safe to have your computer raided if you are using Kong, but not using any storage security.
Kong will never be suitable for storage security. If I create and release a storage security product, it will be a separate product, with a separate install.
The undo command in editing only remembers one undo.
You may not always have downloaded the most recent version. Check the version number in the Help/About window.