Here is some brainstorming on developing a method to post to my website from amateur radio. I want to be able to send a message from a handheld radio, which ends up creating a post on my website. I should not have to be running any infrastructure at the other end of my radio transmission, which means this method will need to either be able to be relayed between people on the radio as spoken text, or via methods where there is existing infrastructure such as using the APRS messaging feature.
I don't know how I didn't find this before, but KA2DDO wrote up a spec for APRS authentication which is basically exactly along the lines I was thinking.
Further, it looks like they set up an organization based on the IETF to curate specs like these. However, the last activity in that group appears to be around late 2016, ironically around the same time as I wrote up the below.
I don't like that the current proposal uses MD5 hashes, though I understand the main reason for doing that was to get a short hash. I wonder if a SHA256 hash could be encoded in base64 to use more ASCII characters than just 0-9A-F to shorten the length at all. That would take the hash from 64 characters down to 44 characters.
We know that obscuring the content of messages on amateur radio is prohibited. This means typical transport-level security such as SSL is out of the question. Obviously we can't simply send a "password" or secret code as authentication since anyone hearing the message would be able to then use the same text to forge messages. However, a signature style authentication is doable, since it isn't obscuring anything, but also can't be forged.
Traditional PGP signatures are far too large to transmit over the radio. In the AX.25 protocol, the maximum payload size is 256 bytes. In spoken text, radiograms have a maximum length of 25 words. (Using a word list of 2048 words, we could reasonably allocate 8 of the 25 words to the signature portion, giving 2048^8 bits of a signature, which is somewhere between 2^64 and 2^128).
PGP vs Shared Secret
An advantage of PGP signatures is that they are asymmetric, meaning anyone can re-verify the signature given the author's public key. This means anyone receiving or passing along a message with a PGP signature can verify the signature is valid. This is in contrast to a shared secret mechanism such as HMAC, where only the recipient is able to verify the signature.
I would prefer to use an asymmetric mechanism, as we'd get the benefit of having anyone be able to verify the authenticity of the message, so this could also be used like traditional PGP to send signed plaintext messages to others.
Using words has the advantage of them being easily spoken on the radio, rather than trying to copy down long strings of hexadecimal characters. There are some clever word lists out there which attempt to be unambiguous and easily understood by non-native English speakers. (There are also some word lists in languages other than English but we'll stick to English for now.) Using a word list of 2048 words means we are working in a base 2048 system. BIPS-0039 (2048 words), Mnemonic Encoding (1626 words).
Reading up on how the underlying math of PGP signatures works, it's becoming quite clear that I am out of my element in this. I can use PGP just fine, and understand how it works at a high level, but trying to poke at the internals is proving challenging. It would seem there should be a way to do conceptually the same thing that PGP signatures do, computing a signature given a private key and a message, then being able to verify the signature knowing only the public key, but using some carefully crafted values for the sizes of the hashes and such, in order to target a signature length that is within our constraints.
If you have any thoughts, get in touch.