Why are PGP signatures not more widely used as an authentication method?

Question

Example:

Bob generates a key pair for this example.
Bob registers at example dot com where he provides his public key.
When Bob will try to log in, example dot com will ask him to sign a random string of a few characters with his private key.
- If the signature is successfully verified, it is indeed Bob (or Alice who stole Bob's private key, eh what can you do?) and access will be granted.

This sounds so simple. Why has this not been done before?

Probably because authentication systems using client key-pairs want more security than that provides. — , Nov 05 '14 at 11:06
It's an infrastructure problem. There's no "dumb user" interface or client to make it quick and easy to generate key pairs. And almost no one uses them as a means for authenticating. Until the demand is there, the supply won't be there. — RoraΖ, Nov 05 '14 at 12:35
@RickyDemer Could you elaborate on that? How could "more" security be provided? — gxtaillon, Nov 05 '14 at 23:55
The system could be such that compromising the server's private key neither suffices for MitM nor suffices for replay attacks. — , Nov 06 '14 at 03:19
Except for PGP specifics, this is one option in SSH. The client's publickey is preconfigured on the server, for openssh usually in ~user/.ssh/authorized_keys, and at connect/login the client uses its privatekey to sign data depending on a server nonce. — dave_thompson_085, Nov 06 '14 at 09:09
Related: Is it possible to use a GPG or SSH key for web based authentication in a secure fashion? — unor, Nov 19 '14 at 11:07

score 4 · Answer 1 · edited May 23 '17 at 12:40

4

It's a chicken/egg problem.

Few people have PGP installed, so nobody builds systems which expect people to be able and willing to use it.

There are few systems which expect people to be able and willing to use PGP, so few people feel the need to install PGP.

However, what you see quite frequently in the wild are authentication systems based on X.509 certificates. It's rare for systems targeted at consumers, but for systems targeted at IT professionals it is quite common. And yes, it even works for websites.

edited May 23 '17 at 12:40

Community

1

answered Nov 05 '14 at 10:03

Philipp

49,384
8
129
160

1

This is sad... I think I'll make this available for my next project. Might as well start somewhere. – gxtaillon Nov 05 '14 at 10:29

Why are PGP signatures not more widely used as an authentication method?

1 Answers1

Linked