Sunday, February 05, 2012

[wpvqxyvg] Public key QR business card

A business card with your public key in QR code.  It avoids DoS attacks on public key servers that would prevent someone from fetching your public key.  It allows encryption without needing internet at the moment (sending can be postponed).

Upon receiving a box of business cards, the giver should sign them all with pen.  This prevents a MITM from surreptitiously swapping the cards with nearly identical ones with different key.  Upon receiving a single card, the recipient should also sign the card with pen, avoiding the same attack.  Verify your signature before passing it out, or scanning it.

Might want elliptic curve cryptography for shorter keys.

2 comments :

MN Web Devs said...

Can you store a whole public key on a qr code? I've never tried, but have been told it is too large?

Anonymous said...

QR codes have a maximum size of 2953 bytes, or 23624 bits; most public keys (RSA or Diffie-Hellman) are between 1024 and 4096 bits.