BlockPGP: A Blockchain-based Framework for PGP Key Servers

Pretty Good Privacy (PGP) is one of the most prominent cryptographic standards offering end-to-end encryption for email messages and other sensitive information. PGP allows to verify the identity of the correspondent in information exchange as well as the information integrity. PGP implements asymmetric encryption with certificates shared through a network of PGP key servers. Many recent breaches show that certificate infrastructure can be compromised as well as exposed to operational errors. In this paper we propose a new PGP management framework with the key server infrastructure implemented using blockchain technology. Our framework resolves some problems of PGP key servers focusing in particular on fast propagation of certificate revocation among key servers and elimination of man-in-the-middle risk. We also provided user access right control where only the certificate holder can change information related to the certificate. We designed and developed a prototype for key server deployment on permissioned Ethereum blockchain. Permissioned blockchain should allow to control the costs of PGP key server infrastructure maintenance at the present level.