235 22 2MB
English Pages 216 Year 2006
VAC Y… FRI E N D LY B O O K O N E M A I L PRI B O O K .” “… T H E WO RL D' S FI RST U SE RA I L , YO U SH O U L D RE A D T H I S M E SE U R E V E N R O , R E PH A R G TO P CRY FO U N D E R A N RE ' ECO U D YO CO , U N L ESS — LE N SAS SAM AN
H O W TO CO M M U N IC A TE SE CU R ELY IN aA nN LD W oO rR ld n se CU rR eE w iIN SE cu
PGP & GPG
About the author
PGP & GPG E M A I L
F O R
T H E
PRACTICAL
M i c h a e l W. L u c a s “I lay flat.”
P A R A N O I D
PGP & GPG Email for the Practical Paranoid
by Michael W. Lucas
SanFrancisco
PGP & GPG.Copyright©2006byMichaelW.Lucas. Allrightsreserved.Nopartofthisworkmaybereproducedortransmittedinanyformorby anymeans,electronicormechanical,includingphotocopying,recording,orbyanyinformationstorageorretrievalsystem,withoutthepriorwrittenpermissionofthecopyrightowner andthepublisher. PrintedonrecycledpaperintheUnitedStatesofAmerica 12345678910–09080706 NoStarchPressandtheNoStarchPresslogoareregisteredtrademarksofNoStarchPress,Inc. Otherproductandcompanynamesmentionedhereinmaybethetrademarksoftheirrespectiveowners.Ratherthanuseatrademarksymbolwitheveryoccurrenceofatrademarkedname, weareusingthenamesonlyinaneditorialfashionandtothebenefitofthetrademarkowner, withnointentionofinfringementofthetrademark. Publisher:WilliamPollock ManagingEditor:ElizabethCampbell AssociateProductionEditor:ChristinaSamuell CoverandInteriorDesign:OctopodStudios DevelopmentalEditor:WilliamPollock TechnicalReviewers:HenryHertzHobbit,J.WrenHunt,ThomasJones,SrijithKrishnanNair, LenSassaman,DavidShaw,andThomasSjorgeren Copyeditor:NancySixsmith Compositor:RileyHoffman Proofreader:NancyRiddiough Indexer:NancyGuenther Forinformationonbookdistributorsortranslations,pleasecontactNoStarchPress,Inc. directly: NoStarchPress,Inc. 555DeHaroStreet,Suite250,SanFrancisco,CA94107 phone:415.863.9900;fax:415.863.9950;[email protected];www.nostarch.com Theinformationinthisbookisdistributedonan“AsIs”basis,withoutwarranty.Whileevery precautionhasbeentakeninthepreparationofthiswork,neithertheauthornorNoStarch Press,Inc.shallhaveanyliabilitytoanypersonorentitywithrespecttoanylossordamage causedorallegedtobecauseddirectlyorindirectlybytheinformationcontainedinit. LibraryofCongressCataloging-in-PublicationData Lucas, Michael, 1967PGP & GPG : email for the practical paranoid / Michael W. Lucas.-- 1st ed. p. cm. Includes index. ISBN 1-59327-071-2 1. Electronic mail systems--Security measures. 2. PGP (Computer file) I. Title: PGP and GPG. II. Title: Pretty good privacy & GnuPG. III. Title: Pretty good privacy & GNU Privacy Guard. IV. Title: Email for the practical paranoid. V. Title. TK5102.85.L83 2006 004.692--dc22 2005028824
Liz: -----BEGIN PGP MESSAGE----Version: GnuPG v1.4.0 (FreeBSD) hQIOA9o0ykGmcZmnEAf9Ed8ari4zo+6MZPLRMQ022AqbeNxuNsPKwvAeNGlDfDu7 iKYvFh3TtmBfeTK0RrvtU+nsaOlbOi4PrLLHLYSBZMPau0BIKKGPcG9162mqun4T 6R/qgwN7rzO6hqLqS+2knwA/U7KbjRJdwSMlyhU+wrmQI7RZFGutL7SOD2vQToUy sT3fuZX+qnhTdz3zA9DktIyjoz7q9N/MlicJa1SVhn42LR+DL2A7ruJXnNN2hi7g XbTFx9GaNMaDP1kbiXhm+rVByMHf4LTmteS4bavhGCbvY/dc4QKssinbgTvxzTlt 7CsdclLwvG8N+kOZXl/EHRXEC8B7R5l0p4x9mCI7zgf/Y3yPI85ZLCq79sN4/BCZ +Ycuz8YX14iLQD/hV2lGLwdkNzc3vQIvuBkwv6yq1zeKTVdgF/Yak6JqBnfVmH9q 8glbNZh3cpbuWk1xI4F/WDNqo8x0n0hsfiHtToICa2UvskqJWxDFhwTbb0UDiPbJ PJ2fgeOWFodASLVLolraaC6H2eR+k0lrbhYAIPsxMhGbYa13xZ0QVTOZ/KbVHBsP h27GXlq6SMwV6I4P69zVcFGueWQ7/dTfI3P+GvGm5zduivlmA8cM3Scbb/zW3ZIO 4eSdyxL9NaE03iBR0Fv9K8sKDttYDoZTsy6GQreFZPlcjfACn72s1Q6/QJmg8x1J SdJRAaPtzpBPCE85pK1a3qTgGuqAfDOHSYY2SgOEO7Er3w0XxGgWqtpZSDLEHDY+ 9MMJ0UEAhaOjqrBLiyP0cKmbqZHxJz1JbE1AcHw6A8F05cwW =zr4l -----END PGP MESSAGE-----
BRIEF CONTENTS Acknowledgments .......................................................................................... xv Introduction .....................................................................................................1 Chapter 1: Cryptography Kindergarten ............................................................ 13 Chapter 2: Understanding OpenPGP ...............................................................27 Chapter 3: Installing PGP ................................................................................39 Chapter 4: Installing GnuPG ...........................................................................53 Chapter 5: The Web of Trust ........................................................................... 81 Chapter 6: PGP Key Management ................................................................... 91 Chapter 7: Managing GnuPG Keys ..................................................................99 Chapter 8: OpenPGP and Email .................................................................... 115 Chapter 9: PGP and Email ............................................................................ 125 Chapter 10: GnuPG and Email ...................................................................... 137 Chapter 11: Other OpenPGP Considerations .................................................. 155 Appendix A: Introduction to PGP Command Line ............................................. 167 Appendix B: GnuPG Command Line Summary ................................................ 177 Index .......................................................................................................... 183
CONTENTS IN DETAIL ACKNOWLEDGMENTS INTRODUCTION
xv 1
The Story of PGP .............................................................................................2 OpenPGP ...............................................................................................4 How Secure Is OpenPGP? ........................................................................5 Today’s PGP Corporation..................................................................................6 What Is GnuPG? .....................................................................................7 PGP Versus GnuPG ..........................................................................................7 Ease of Use ............................................................................................7 Support ..................................................................................................8 Transparency ..........................................................................................9 Algorithm Support ...................................................................................9 OpenPGP and the Law ................................................................................... 10 What This Book Contains ................................................................................ 10 Stop Wasting My Precious Time. What Do I Need to Read? ............................... 11
1 CRYPTOGRAPHY KINDERGARTEN
13
What OpenPGP Can Do ................................................................................ 13 Terminology .................................................................................................. 14 Plaintext and Ciphertext ......................................................................... 15 Codes .................................................................................................. 15 Ciphers ................................................................................................ 16 Hashes................................................................................................. 16 Cryptanalysis ........................................................................................ 17 Goals of PGP’s Cryptography ......................................................................... 17 Confidentiality ...................................................................................... 17 Integrity ............................................................................................... 17 Nonrepudiation .................................................................................... 18 Authenticity .......................................................................................... 18 Encryption Algorithms .................................................................................... 19 Symmetric Algorithms ............................................................................20 Asymmetric Algorithms........................................................................... 21 Public-Key Encryption .....................................................................................22 Digital Signatures ...........................................................................................22
Combining Signatures and Asymmetric Cryptography ........................................23 Passphrases and Private Keys ..........................................................................24 Choosing a Passphrase ..........................................................................25
2 UNDERSTANDING OPENPGP
27
Security and OpenPGP ..................................................................................28 Web of Trust..................................................................................................29 Trust in OpenPGP...........................................................................................30 Where to Install ............................................................................................ 31 Your Keypair .................................................................................................32 Key Length............................................................................................32 Key Expiration Date ...............................................................................33 Name, Email, and Comment ...................................................................34 Revocation Certificates ...................................................................................35 Storing Your Keypair ......................................................................................35 Storing Your Revocation Certificate..........................................................36 Photo IDs and OpenPGP Keys .........................................................................36 Key Distribution .............................................................................................36 Keyservers ............................................................................................37
3 INSTALLING PGP
39
Downloading PGP .........................................................................................40 Installing PGP ................................................................................................40 Key Type ..............................................................................................42 Key Size ...............................................................................................42 Expiration.............................................................................................42 Ciphers ................................................................................................42 Hashes.................................................................................................43 PGP Key Backups...........................................................................................45 Important Installation Locations ...............................................................46 Revocation Certificates and PGP ......................................................................46 Disabling Keyserver Updates ..................................................................47 Revoke the Key......................................................................................48 Re-import Your Private Key......................................................................49 Key Properties .......................................................................................50 Using the Revocation Certificate .............................................................. 51 Keyservers and PGP ....................................................................................... 51
4 INSTALLING GNUPG
53
Downloading GnuPG .....................................................................................54 Checking Checksums......................................................................................54 Calculating Checksums Under Windows ..................................................55 Calculating Checksums Under Unix .........................................................55 GnuPG Home Directory ..................................................................................56 gpg.conf ..............................................................................................57 x Contents in Detail
Installing GnuPG on Windows.........................................................................57 Command-Line GnuPG Win32 Installation ...............................................58 Graphical GnuPG Installation ..........................................................................60 WinPT..................................................................................................60 Creating Keypairs in WinPT....................................................................63 Key Manager .......................................................................................65 WinPT Revocation Certificate ..................................................................65 Sending Your Key to a Keyserver ............................................................66 Installing GnuPG on Unix-like Systems ..............................................................67 Randomness and GnuPG .......................................................................67 Building from Source Code .............................................................................69 Installing GnuPG ...................................................................................69 Configuration Options ...........................................................................70 Setuid Root GnuPG ...............................................................................71 Don’t Run GnuPG as Root .......................................................................72 Command-Line GnuPG Keypairs ......................................................................72 GnuPG Revocation Certificates ........................................................................ 76 Publicizing Your Key .......................................................................................78 Text Exports ..........................................................................................78 Keyservers ............................................................................................79 Web Forms ...........................................................................................80
5 THE WEB OF TRUST
81
Keyservers ....................................................................................................82 subkeys.pgp.net ....................................................................................82 keyserver.pgp.com ................................................................................82 Searching for Keys ................................................................................83 Signing a Key ................................................................................................83 Signing Keys of Friends and Family .........................................................84 Signing Strangers’ Keys..........................................................................85 What to Do with Signed Keys .................................................................87 When You Get New Signatures ..............................................................87 Keysigning Parties ..........................................................................................88 Key Trust .......................................................................................................89 Avoiding the Web of Trust ...............................................................................90
6 PGP KEY MANAGEMENT
91
Adding Keyservers ......................................................................................... 91 Adding Keys to Your Keyring ...........................................................................93 Searching Keyservers.............................................................................93 Importing from a File ............................................................................. 94 Fingerprint Comparisons ........................................................................95 Returning the Signed Key ................................................................................97 Viewing Signatures ........................................................................................97 Updating Signatures ..............................................................................97 Adding Photos to Your Keys ............................................................................98 Contents in Detail
xi
7 MANAGING GNUPG KEYS
99
Keyservers ....................................................................................................99 Keyserver Options ...............................................................................100 Keyservers and WinPT ......................................................................... 101 Adding Keys to Your Keyring ......................................................................... 101 Command-Line Key Fetching ................................................................. 102 Command-Line Key Viewing ................................................................. 102 WinPT Key Viewing and Fetching .......................................................... 104 Command-Line Key Imports .................................................................. 104 WinPT File Imports .............................................................................. 104 Signing a Key .............................................................................................. 105 Checking Fingerprints .......................................................................... 105 Signing Keys on the Command Line ....................................................... 105 Signing Keys in WinPT .........................................................................106 Viewing Key Signatures ....................................................................... 107 Command-Line Exports ........................................................................ 107 WinPT Exports .................................................................................... 108 Importing New Signatures .................................................................... 108 Pushing Signatures to Keyservers ........................................................... 108 Updating Keys .............................................................................................109 Deleting Public Keys from Your Keyring ........................................................... 109 GnuPG and Photos ...................................................................................... 110 Adding Photos to Your Key ................................................................... 110 Viewing Photos with GnuPG ..................................................................111 WinPT and Photographs ...................................................................... 112 Building the Web of Trust with GnuPG ............................................................ 113 PGP ................................................................................................... 113 GnuPG .............................................................................................. 113 Command-Line Trust Configuration ........................................................ 113 WinPT Trust Configuration .................................................................... 114
8 OPENPGP AND EMAIL
115
Message Encoding ...................................................................................... 116 Inline Encoding ................................................................................... 116 PGP/MIME ......................................................................................... 118 Email Client Integration ................................................................................. 118 Proxies ............................................................................................... 119 Plug-Ins .............................................................................................. 119 Saving Email—Encrypted or Not? ................................................................. 119 Saving Unencrypted Email ................................................................... 120 Encrypt to Self .................................................................................... 120 Email from Beyond Your Web of Trust ............................................................. 120 Expanding Your Web of Trust ............................................................... 121 Tracing the Web of Trust ...................................................................... 121 Repeatable Anonymity ................................................................................. 122 Unprotected Email Components ..................................................................... 124 xii Contents in Detail
9 PGP AND EMAIL
125
PGP and Your Email Client ............................................................................ 126 Identifying OpenPGP Mail ................................................................... 126 Email Storage ..................................................................................... 127 PGP Policies ................................................................................................ 127 Opportunistic Encryption ...................................................................... 128 Require Encryption .............................................................................. 128 Mailing List Submissions ....................................................................... 129 Mailing List Admin Requests.................................................................. 129 Creating Custom Policies ...................................................................... 130 Sample Custom Policy: Exceptions to Default Policy ................................. 132 Sample Custom Policy: Overriding the Defaults ....................................... 134 Custom Policies Order and Disabling Policies ......................................... 134
10 GNUPG AND EMAIL
137
Microsoft Mail Clients and GnuPG ................................................................. 138 Outlook Express and GnuPG......................................................................... 138 Configuring Outlook Express for OpenPGP ............................................ 139 Sending OpenPGP Mail ....................................................................... 140 Receiving and Verifying Signed and Encrypted Mail ............................... 141 Outlook and GnuPG .................................................................................... 141 Installation .......................................................................................... 142 Configuring the Plug-In......................................................................... 142 Sending OpenPGP Mail .......................................................................145 Receiving OpenPGP Mail .....................................................................145 Decrypting PGP/MIME Messages with Microsoft Mail Clients ........................... 145 Thunderbird and GnuPG............................................................................... 147 Installing the Thunderbird GnuPG Plug-In ............................................... 147 Configuring Enigmail ........................................................................... 147 Sending OpenPGP Mail ....................................................................... 149 Reading OpenPGP Mail....................................................................... 151 Upgrading Thunderbird and Enigmail .................................................... 152
11 OTHER OPENPGP CONSIDERATIONS
155
What Can Go Wrong?................................................................................. 156 Poor Usage ........................................................................................ 156 Poor Signing ....................................................................................... 156 Hardware Compromise ........................................................................ 157 Software Compromise ......................................................................... 158 People Compromise............................................................................. 159 Fake Keys ........................................................................................... 161 OpenPGP Interoperability ............................................................................. 161 Teams and OpenPGP ................................................................................... 162 Contents in Detail
xiii
OpenPGP and Shared Systems ...................................................................... 163 Other Software Features ............................................................................... 164 Passphrase Caching ............................................................................ 164 Shredding .......................................................................................... 165
A INTRODUCTION TO PGP COMMAND LINE
167
PGP Command Line Configuration ................................................................. 168 Testing and Licensing.................................................................................... 169 Creating a Keypair ...................................................................................... 170 Setting the Key Type ............................................................................ 170 Assigning a Passphrase........................................................................ 170 Setting an Expiration Date .................................................................... 170 Generating Revocation Certificates........................................................ 171 Exporting Your Public Key .................................................................... 171 Viewing Keys............................................................................................... 172 Managing PGP Command Line Keyrings......................................................... 173 Searching for Keys .............................................................................. 173 Importing Keys .................................................................................... 174 Signing a Key ..................................................................................... 174 Updating Keys on a Keyserver .............................................................. 175 Encryption and Decryption............................................................................ 175 Signing and Verifying .......................................................................... 176
B GNUPG COMMAND LINE SUMMARY
177
GnuPG Configuration ................................................................................... 178 Output Control ............................................................................................ 178 Keypair Creation, Revocation, and Exports ..................................................... 178 Revoking a Key .................................................................................. 178 Exporting a Key ................................................................................. 179 Sending a Key to a Keyserver .............................................................. 179 Managing Keyrings ...................................................................................... 179 Viewing Keys ...................................................................................... 179 Adding and Removing Keys .................................................................. 180 Key Signatures............................................................................................. 180 Encryption and Decryption............................................................................ 181 Signing Files ................................................................................................ 181 Output Formats ............................................................................................ 181
INDEX
xiv Contents in Detail
183
ACKNOWLEDGMENTS
Writingabookrequiresalotofassistancefromalotofpeople. IamindebtedtothefollowingfolksfortheircommentsonvariousdraftsandversionsofPGP&GPG:HenryHertzHobbit, J.WrenHunt,ThomasJones,SrijithKrishnanNair,David Shaw,andThomasSjorgeren.StephanSomogyiatPGPCorporationalsoprovidedvaluableinsightintoPGPandgeneral encouragement.LenSassamanalsoprovidedvaluableinsight intoOpenPGPanditshistory,andremindersofhowmuch thesoftpillowsofourexpectationsdon’talwaysmatchthe airbornebricksofreality.WhatI’vedonewellisduetothese folks,whilewhatI’vemessedupismyfault.Creditalsobelongs tothecountlesscryptographers,researchers,securityadministrators,andsystemmaintainersoftheworld’sOpenPGP infrastructure,nottomentionPhilZimmermannforcreating PGPinthefirstplace.Withoutthem,Iwouldn’thaveanything towriteabout. Today’sprivacydebateismoreintensethanever,andthe mereexistenceofthisbookwon’tsettleit.WhileDavidBrin mightberightandtheTransparentSocietymightberight aroundthecorner,thesedaysitseemsthatprivacyisone-sided: bigcompaniesandgovernmentofficeskeepit,whileusaveragefolksdon’t.Hopefully,thisbookwillgiveyouthechoice.
INTRODUCTION
Manypeoplefindencryption disturbingandevenscary. Afterall,encryptiontechniqueshavebeenvitalmilitary andcommercialsecretsformillennia. Moviesandnovelsuseencryptionastheir plotsdemand,withtotaldisregardforhow encryptionworksinreality.Thosecuriousaboutencryption quicklyrunheadlongintoformulasdenseenoughtorepel anyonewithoutanadvancedmathematicalbackground. Allofthiscontributestotheairofmysterythatsurrounds encryption. Doingtheactualmathbehindmodernencryptionis admittedlyquitedifficult,butusingthetoolsthatdothework foryouisn’tdifficultatallonceyouhavearudimentaryunderstandingofwhentousewhichsortofencryption.PGP&GPG: EmailforthePracticalParanoidwilltakeyoustepbystepthrough theworldofencryptionanddigitalsignaturesandteachyou
howtousethetoolsthatwillallowyoutoprotectyourconfidentialinformationwhilesharingitasyoudesire. Thisbookisnotmeanttobethedefinitivetomeonthe subject.Itwillnotteachyouhowtocomputepublicencryption keysbyhand,norwillitsurveyalltheencryptionalgorithms andtechniquesavailabletoday.However,itwillteachyou enoughabouttheideasbehindencryptionanddigitalsignaturesthatyou’llbeabletomakeintelligentchoicesabout whichoftheavailableoptionsyoushoulduseinanygivencircumstance.I’lldemonstratehowtointegrateencryptionand digitalsignatureswithpopularemailclientssothatyoucaneasilyexchangesecureemailwithothers,howtoinstallthePretty GoodPrivacy(PGP)andtheGnuPrivacyGuard(GnuPG,or GPG)encryptionpackagesonWindowsandUnix-likeoperatingsystems,andhowtousethemtosecureyourpersonaldata. N O TE
PGPistheoriginalimplementationoftheOpenPGPstandard,whereas GnuPGisafreelyavailablereimplementationofthatsamestandard.If theprecedingsentencemeansabsolutelynothingtoyou,you’restarting intherightplace.Ifyouknowexactlywhatthatsentencemeans,you mightwanttoskiptoChapter1. ThestoryoftheOpenPGPstandardbeginsyearsago withPGP.
The Story of PGP Encryptionisanoldscience,andascomputersbecame moreandmorepowerfulthenumberofpeopleworking withencryptiongrewandgrew.Governmentofficialsgrew increasinglyconcernedaboutthewidespreadavailabilityof encryptiontechniques.Althoughencryptionhasperfectly validusesforeverydaycitizens,it’salsoapowerfultoolfor criminals.In1991,SenateBill266(asweepinganticrimebill) hadaminorpointthatrequiredgovernment-accessibleback doorsinallencryptiontools.Whilethisbillwasstillunder discussion,PhilZimmermanncombinedsomecommon encryptionmethodstoproducethesoftwarehedubbedPretty GoodPrivacy,orPGP.TheideasbehindPGPhadbeenknown andunderstoodbycomputerscientistsandmathematicians foryears,sotheunderlyingconceptsweren’ttrulyinnovative.Zimmermann’srealinnovationwasinmakingthesetools usablebyanyonewithahomecomputer.Evenearlyversions ofPGPgavepeoplewithstandardDOS-basedhomecomputersaccesstomilitary-gradeencryption.WhileSenateBill266 2 Introduction
wasstillthreadingitswaythroughthelegislativeprocess,a friendofZimmermann’sdistributedPGPaswidelyaspossible inanefforttomakemilitary-gradeencryptionwidelyavailable beforethelawcouldtakeeffect.Thesoftwarewasdistributed toavarietyofBBSsystemsaswellasontheInternet(largely anacademicandresearchnetworkatthetime,butstillwith worldwidereach).Theiractivismcontributedtothedemiseof antiencryptionlegislation. Zimmermann,along-timeantinuclearactivist,believed thatPGPwouldbeofmostusetodissidents,rebels,andothers whofacedseriousrisksasaconsequenceoftheirbeliefs—in otherwords,tomanypeopleoutsideaswellasinsidethe UnitedStates.EversinceWorldWarII,theUnitedStatesgovernmenthasconsideredheavy-dutyencryptionaseriousthreat tonationalsecurityandwouldnotallowittobeexported fromtheUnitedStates.(Fordetails,seetheWikipediaentry on“ExportofCryptography”atwww.wikipedia.org.)Exportingencryptionsoftware,includingPGP,requiredalicense fromtheStateDepartment,andcertaincountriescouldnot receivesuchsoftwareexportsunderanycircumstances.These ruleswereknownasITAR(forInternationalTrafficinArms Regulations)andclassifiedencryptiontoolsasweaponsofwar. Zimmermanndecidedtotrytoavoidtheexportrestrictionsby exploitingthedifferencebetweenwrittenwordsandsoftware. ZimmermannoriginallywrotePGPinboringoldeveryday text(or“sourcecode”),justlikethatusedinanybook,and usedcomputer-basedtoolstoconvertthehuman-readabletext intomachine-readablecode.Thisisstandardpracticeinthe computerindustry.Thetextisnotsoftware,justastheblueprintsforacararenotacar.Boththetextandtheblueprints arenecessaryprerequisitesfortheirrespectivefinalproducts, however.Zimmermanntookthetextandhaditpublishedin bookform. Booksarenotconsideredsoftware,evenwhenthebook containsthe“sourcecode”instructionsforamachinetomake software.Andbooksarenotmunitions;1althoughmanybooks oncryptographydidhaveexportrestrictions,Zimmermann couldgetanexportpermitforhisbookofsourcecode.Thus, peopleallovertheworldwereabletogettheinstructionsto buildtheirownPGPsoftware.Theypromptlybuiltthesoftware fromthoseinstructions,andPGPquicklybecameaworldwide defactostandardfordataencryption. 1
Thoseofyouwhohavedroppedoneofthosebigthickcomputertextbooks onyourfootmighttakeissuewiththisstatement.
Introduction
3
Asyoumightguess,theUSgovernmentconsideredthis tacticmerelyawaytogetaroundmunitionsexportrestrictions. Zimmermannandhissupportersconsideredthebookspeech, asin“freespeech,”“FirstAmendment,”and“doyoureally wanttogothere?”Thegovernmentsued,andoverthenext threeyearsZimmermannandtheadministrationwentafew roundsinthecourts. ThislawsuitturnedZimmermannintosomethingofahero inthecomputercommunity.ManypeopledownloadedPGP justtoseewhatallthefusswasabout,andquiteafewofthem woundupusingit.Zimmermann’slegaldefensefundspread newsofthePGPlawsuitevenfurther.Incongressionalhearings aboutencryption,Zimmermannreadlettershehadreceived frompeopleinoppressiveregimesandwar-tornareaswhose liveshadbeensavedbyPGP,contributinggreatlytothepublic awarenessofhowvaluablehisworkhadbeen.Also,PGPwas availableontheInternetbeforethebookwaspublished—the codewasavailablefromanywhereintheworld.(Admittedly, youneededInternetaccesstogetacopy,whichwasslightlydifficultintheearly1990s.)Thebookwassimplyalegaldevice tomakeitpossibleforpeopleoutsidetheUnitedStatestouse PGPwithoutbreakingUSlaw. ThestoryofthePGPlawsuitisfascinatingandcouldfill abookthissizeorlarger.Whereexactlyisthelinebetween speechandcomputercode?Also,PGPwasnotdistributed byZimmermannhimself,butbythirdparties.Ifsomeonein LibyadownloadedPGPfromanMITserver,wasZimmermann responsible?Lawyersfoughtthesequestionsbackandforth, butwhenitbecameobviousthatthecourtsfirmlybelieved thattheFirstAmendmenttrumpedStateDepartmentregulations,theStateDepartmentandsubsequentlythegovernment droppedthesuit.Thisnotonlysavedthemsometime,money, effort,andhumiliationatthatmomentbutalsopreventeda legalprecedentdeemingencryptiongenerallyexportable.If afutureadministrationdesires,itcanbringthisissuebackto thecourtsinmorefavorablecircumstancesagainstsomeother defendant.
OpenPGP EvenwithouttheUSgovernmentloomingoverit,PGPhad somebasictechnicalproblemsthatcryptographersacrossthe worldquicklypointedout.ThemostglaringwasthatPGP
4 Introduction
madeheavyuseofthepatent-protectedRSAandIDEAencryptiontechniques;anyonewhowantedtousePGPcommercially neededtopayalicensefeetothepatentholders.Many computerscientistsandsecurityprofessionalsfoundthisunacceptablebecausetheywantedanencryptionsystemthatwould befreelyusablebyboththegeneralpublicandbusinesses. Zimmermannofferedasolutionin1998,whenhiscompany,PGPCorporation,submittedanimprovedPGPdesign calledOpenPGPtotheInternetEngineeringTaskForce (IETF),thebodyresponsibleforInternetstandards.OpenPGP definedstandardsbywhichdifferentprogramscouldcommunicatefreelybutsecurelybyusinganenhancedversionofthe PGPprotocolandavarietyofdifferentencryptionalgorithms. Thisledthewayforpeopleandcompaniestocreatetheirown implementationsofOpenPGPfromscratch,tailoringthemto meettheirownrequirements.
How Secure Is OpenPGP? TheOpenPGPstandardisconsideredamilitary-grade,state-ofthe-artsecuritysystem.Althoughyouseethesewordsattached toallsortsofsecurityproducts,OpenPGPistrustedbygovernmentsaroundtheworld,majorindustrialmanufacturers, medicalfacilities,andthebestcomputersecuritypractitioners intheworld. That’snottosaythatOpenPGPisthebe-allandend-allof computersecurity.MisuseofOpenPGPcanreduceyoursecuritybymakingyoubelievethatyou’resecurewhenyou’renot, muchasifyouleaveforvacationandforgettolockthefront doorofyourhouse.Poorcomputer-managementpractices mightlockthefrontdoorbutleavethekeyunderthewelcome matforanyonetofind. Also,givensufficientcomputingpower,itispossibleto breaktheencryptionusedinanyOpenPGPapplication.The NationalSecurityAgency(www.nsa.gov)isrumoredtohave computersspecificallyengineeredfromthegroundupespeciallytobreakthissortofencryption.Ofcourse,ifsomeone iswillingtospendmillionsofdollarstogetyourinformation, thereareeasierwaysforthemtogetit,soIwouldsaythat whenproperlyconfiguredandused,OpenPGPissufficiently strongenoughtomakepeoplechooseanothermethodofviolatingyourprivacyratherthantrytobreaktheencryption.
Introduction
5
TERMINOLOGY USAGE PGP, GPG, and OpenPGP? This could get confusing really quickly, so let’s set some definitions right at the beginning: • The word PGP is used only for the PGP Corporation product. If you see the word PGP, it means only that product and not GnuPG or any other implementation of OpenPGP. The PGP folks will be unhappy with you if you call some other product PGP. • The words GnuPG and GPG apply specifically to the Gnu Privacy Guard tool. The GnuPG folks will be unhappy with you if you call their product PGP. • The word OpenPGP applies to PGP, GnuPG, and any other implementation of PGP. Yes, there are other implementations of the OpenPGP standard out there. Many vendors incorporate OpenPGP functionality into their products. None are as wellknown or as accepted as PGP or GnuPG, however. Nobody will be unhappy with you for calling their product OpenPGPcompliant.
Today’s PGP Corporation Today,PGPCorporationisamajorplayerintheworldofcryptographyandinformationsecurity,providingPGPsoftwarefor manydifferentplatforms,fromPCstohandheldsandeven Blackberryphones.PGPCorporationsoftwaresecureseverythingfromemailtoinstantmessagestomedicalrecords. PGPCorporationprovidesanimplementationofOpenPGPthatrunsonpopularoperatingsystems.ItprovidesaPGP systemthatintegratesseamlesslywithstandardmailclientsand desktops. AlthoughPGPCorporationwasownedbyNetworkAssociatesforafewyearsduringthedot-comboom,itisnowan independentcompanywithavarietyofbig-nameindustry partners. PGPisacommercialproduct,andPGPCorporationprovidesawholerangeofrelatedsupportservices.We’regoingto coverthebasicversion:thePGPDesktop.(ThecorporatePGP solutionscouldfillabookontheirown.)BecausePGPisatypicalcommercialproduct,youareexpectedtopayforit.
6 Introduction
What Is GnuPG? GnuPGisafreelyavailableimplementationoftheOpenPGP standardthatwasreleasedtothepublicin1999bytheGerman developerWernerKoch.ItisavailableforbothWindowsand Unix-likecomputers(includingMacOSX). BecauseGnuPGconformstotheOpenPGPstandard, itcanbeusedtocommunicatewithpeopleusinganyother OpenPGP-compliantsoftware.“Freelyavailable”meansthat youcangetforfree.Youalsogetaccesstoallthesourcecode usedtocreatetheprogram,whichisnotdirectlyusefulto manyreadersbutisvitaltothosewhocandosomethingwith it.TheformalnameofthesoftwareisGnuPG,butmanypeople simplyrefertoitasGPG.Nomatterwhichyouuse,people conversantwithOpenPGPwillunderstandwhatyou’retalking about. W A RN IN G
GnuPGisfreelyavailable,butthatdoesn’tmeanyoucandoanything youwantwithit.Anypersonaluseisfine.Usewithinacompanyis alsofine.IfyouwanttouseGnuPGwithinacommercialproductand resellit,beabsolutelycertaintoreadthefullGeneralPublicLicense (GPL)andcomplywithitsterms!Thereisnosuchthingas“proprietarycode”basedontheGPL.Youhavebeenwarned.
PGP Versus GnuPG Hmm.GnuPGisfree,andPGPcostsmoney.Whywouldyou notalwaysuseGnuPG?ThereareseveralreasonswhyapersonororganizationmightchoosetopurchasePGPrather thanusethefreeGnuPG,orviceversa,includingeaseofuse, support,transparency,andsupportedalgorithms.Allthese reasonsmakethechoiceofencryptionsoftwareverysituationdependent.Takealookatyouroptionsandpicktherighttool foryou.
Ease of Use TouseGnuPG,youmustnotbeafraidtogetcodeunderyour fingernailsandtanglewiththeoperatingsystem’scommand line.AlthoughvariousGnuPGadd-onsprovideafriendlyuser interface,they’renottightlyintegratedwiththemainproduct, andwhenthemainGnuPGsoftwareisupdated,theseadd-ons mightormightnotbeupdated.Iwouldn’tdreamofsettingup GrandpawithGnuPGunlessIreallylikedtalkingtohimfive daysaweek.
Introduction
7
PGPCorporationputsalotofeffortintomakingitsproductsworktransparentlyfortheenduser,inexactlythesame mannerasanyotherdesktopprogram.Asasupportperson, Ifindthisextremelyvaluable.IfIneededtosetupthesales force,marketers,andaccountantsatmycompanywithasingle cryptographicsolution,IwouldchoosePGPinaheartbeaton thisfactoralone.2
Support PGPCorporationhasanextensivesupportorganization. Youcangetphonesupportforthedesktopproductsor haveawholeteamofconsultantsimplementyourcompanywidePGPsolution.WhenyoubuyPGPsoftware,youget 30daysoffreeinstallationandsetupsupport,whichwill allowenoughtimeformostpeopletobecomecomfortable withthetool.Supportafterwardexistsatwhateverlevelyou require,forafee. GnuPG’ssupportorganization,ontheotherhand,is typicaloffreesoftware.Usersareexpectedtoreadthesoftware instructions,checktheGnuPGwebsite,andsearchthemailinglistarchivesandtheInternetbeforecontactingthemailing listforhelp.Thereisnophonenumbertocalltospeaktothe “owner”ofGnuPG.Ifyouarethesortofpersonwhowants topickupaphoneandyellatsomeoneuntiltheymakeyour problemgoaway,GnuPGjustisn’tforyou.Althoughyoucan easilyfindexpertiseinGnuPGandOpenPGP,andhiringa consultanttomaintainGnuPGisn’tthatbigadeal,that’svery differentfromhavingdirectaccesstothevendor. Chancesarethatreadingthisbookwillgiveyoueverything youneedtouseeitherpieceofsoftwareinyourday-to-day communications.Althoughyoumightfindanedgecasefor whichoneortheotherprogramdoesn’twork,oryoumight discoverasoftwarebug,bothprogramshavethousandsand thousandsofuserswhohaveexercisedeverypieceoffunctionalitycountlesstimes.Ifyouhaveaproblem,oneoftheseusers hasalmostcertainlyalreadyhadthatsameproblem,askedfor helponamailinglistormessageboard,andreceivedassistance.Ifindthatawebsearchanswersquestionsoneithertool farmorequicklythanaphonecallevercould.
2
Thenontechnicalstaffatyourcompanymightbemoretech-literatethan mine.Ifso,you’remorefortunatethanyourealize.Pleasetellmewhereto sendmyresume. 8 Introduction
Transparency Transparencyreferstohowmuchofthesoftwareisvisible.For mostusers,thisisirrelevant—theyjustwantthesoftwareto workproperly,withoutcausingsystemcrashesorscrambling theirrecipecollection.You’reprobablyinthiscategory.Inthe securityindustry,however,transparencyisavitalquestion. Peoplewhoareseriousaboutsecurity—seriousasin“billionsandbillionsofdollarsand/ormanyhumanlivesdepend onthisinformationremainingprivate”—hiresecurityexperts toevaluatetheirsecuritysoftwareandpointoutproblems. Theprocessofreviewingcodeandalgorithmsforproblemsis calledauditing. Encryptionisanoldscience,andoneofitsprimordial rulesisthatknowinghowagoodencryptionschemeworks doesn’thelpyoubreakit.Encryptionschemesthatareavailableforreviewbythegeneralpublicaretheonlyonesthat professionalcryptographerstakeseriously.Thecryptography behindOpenPGPhasbeencontinuouslyauditedfor10years nowbypeoplewhowouldbedelightedtofindproblemswith it.DiscoveringaprobleminOpenPGPwouldbeasure-fireway togainfamewithinthecryptographycommunity,muchasdiscoveringhowtobuilda100-mile-per-gallon,high-performance gasolineenginewouldbeintheautoindustry.Bothseem impossible,butmanypeopletry. However,bothPGPandGnuPGaremorethanthealgorithmsusedbyOpenPGP.There’sawholebunchofsource codeinandaroundthosealgorithms.Abadguycouldfind aproblemwiththatsourcecodeanduseittobreaktheprotectionprovidedbythesoftware.Thatsourcecoderequires auditingbyskilledindividualstoensureitssafety.GnuPG’s sourcecodeisopenforauditbyanyoneintheworldandis checkedbymanydifferentpeopleofdifferingskilllevels. PGP’ssourcecodeisopenforauditonlytocustomers,but manyofthosecustomershireveryskilledpeoplespecifically toauditthecode.
Algorithm Support TheoriginalPGPusedencryptionmethodsthatwereencumberedbypatentsatthetimePGPwascreated.Someofthose encryptionmethodsarenowinthepublicdomain,butone (IDEA)isprotectedbypatentsinEurope.OpenPGPhas movedbeyondallofthesealgorithms,butyoumightfind referencestothemifyouencounteroldversionsofPGP.You don’tneedtounderstandwhatIDEAis,butyoudoneedto recognizeitifyouencounteritandhavetodealwithit. Introduction
9
GnuPGdoesnotsupportIDEAbecauseIDEAislessthan completelyfree.IDEAislicensedunderveryliberalterms—it’s freefornon-commercialuse;ifyou’veeverboughtaproductthatincludesIDEAyouhavealifetime,royalty-freeIDEA license;andifallelsefailsyoucanbuyanIDEAlicenseonline for$18.93.Thosetermsaremodest,especiallyformodern software,butitdoesn’tmeetGnuPG’sstandards.(Hey,it’s theirsoftware;theysetthestandards.)YoucanhackGnuPG tosupportIDEA,buttheGnuPGfolkswon’tdoitforyou. PGPCorporationhaspaidthepatentholder,andwhenyou buyPGPyougetaccesstothatcipher.OpenPGPnolonger requiresIDEA,butsomebusinessesmightrequireit.Ifyou finda10-year-oldencryptedfileyouneedtoopen,you’llneed IDEA.Otherwise,it’sirrelevant.
OpenPGP and the Law OpenPGPusessomeofthestrongestpublic-keyencryption algorithmsavailabletocryptographersanywhere.AndIdo meanstrong.Lawenforcementofficialscannotbreakintoa fileproperlyprotectedwithGnuPG,andsomegovernments justdon’tliketheircitizenshavingsuchstrongprotection. Somecountriesallowtheircitizenstousestrongencryption algorithms,butonlyinalimitedandbreakablemanner.Othersrequirethatallencryptionkeysbegiventoa“keyescrow” agency,sothatifyoubecomeacriminalmastermindthegovernmentcangetyourkeyfromtheescrowagencyanddecrypt yourincriminatingmessages.Thisismuchlikeaskingmuggers toregistertheirSaturdayNightSpecialsbeforecommitting holdups—androughlyaseffective. Tomakemattersmoreconfusing,theselawschangeirregularly.Ifyouareindoubtaboutthelawsregardingencryption useinyourcountry,checkwithalocalcomputingprofessional orlawyer.Googlingfor“encryptionlawsurvey”willuncover severalwebsitesonthetopic,includingaverygoodsurveyat http://rechten.uvt.nl/koops/cryptolaw.(Wediscussother legalimplicationsofOpenPGPinChapter11.)
What This Book Contains Althoughthisisn’tanexhaustivetreatiseoncryptography,we docoverabroadspectrumofOpenPGP,PGP,andGnuPG topics. Chapter1,“CryptographyKindergarten,”coversthebasic ideasbehindencryption.Idiscussthebasicencryptiontypes 10 Introduction
usedbyOpenPGP,whatseparatesanencryptionsystemfrom acode,andwhenyoushoulduseeachsortofencryptionwith GnuPG. Chapter2,“UnderstandingOpenPGP,”teachesyouthe basicideasunderlyingOpenPGP.IdiscusstheWebofTrust, keysandsubkeys,keyrings,andkeyservers,aswellasideasyou mustunderstandbeforeinstallingeitherpackage.Ialsodiscuss howtosafelyhandleyourkey,howtogetyourkeysignedor revoked,andhowtomakeyourkeypubliclyavailable. Chapter3,“InstallingPGP,”guidesyouthroughinstalling thePGPdesktopclient. Chapter4,“InstallingGnuPG,”walksyouthroughinstallingGnuPGonbothWindowsandUnix-likesystems. Chapter5,“TheWebofTrust,”discusseshowOpenPGP keysareconnectedtooneanother,identityverification,and keysigning.ThisisperhapsthemostimportantpartofOpenPGPusage,andiswhatmakesthesystemunique.Realsecurity doesn’tcomefromsoftware;itcomesfrompeople.Unfortunately,peoplearealsotheweakestpartofanysecuritysystem. HereIdiscussbothgoodandbadwaystohandlekeysigning. Chapter6,“PGPKeyManagement,”takesyouthrough managingtheWebofTrustwithPGPsoftware. Chapter7,“ManagingGnuPGKeys,”showsyouhowto managetheWebofTrustwithGnuPG. Chapter8,“OpenPGPandEmail,”discusseshowtointegrateOpenPGPintoyouremailandsomeoftheissuesthat canarisewithemailusageandPGP.Wecovertopicssuchas clearsigningversusPGP/MIME,retainingcopiesofencrypted messages,andsoon. Chapter9,“PGPandEmail,”discusseshowtousePGPsoftwarewithemail. Chapter10,“GnuPGandEmail,”coversintegrating GnuPGwithvariousemailclients. Chapter11,“OtherOpenPGPConsiderations,”shows youhowtodealwithsomeofthethingsthatcangowrong withOpenPGP,howtouseOpenPGPaspartofagroupof people,andhowtousesomeothersignificantfeaturesin GnuPGandPGP.
Stop Wasting My Precious Time. What Do I Need to Read? Thisbookcoversasingleencryptionsystemthathappensto havetwoannoyinglydifferentimplementations.Youneedto readonlythepartsthatapplytoyou,butwhichpartsarethose? Introduction
11
CarefullyreadthediscussionofPGPandGnuPGearlierinthis introductionandmakeyourchoice. IfyouwanttousePGP,readthechaptersaboutgeneral OpenPGPandthosededicatedtoPGP.That’sChapters1–3, 5–6,8–9,and11. IfyouchooseGnuPG,readthegeneralOpenPGPchaptersandthosededicatedtoGnuPG:Chapters1–2,4–5,7–8, and11.GnuPGchapterstendtobelongerthanPGPchapters becauseGnuPGpeoplemustlearnmore. Ofcourse,ifyouwanttomasterbothsetsofsoftware,read thewholebook!It’snotthatlong,andsomedayyouwillbe gladyoudid.
12 Introduction
1
CRYPTOGRAPHY KINDERGARTEN
Youdon’tneedtounderstand everythingaboutmodern cryptographytouseOpenPGP successfully.Youdoneedtoknow someofthebasics,however,andyoumust understandtheprotectionsthatOpenPGP doesanddoesnotprovide.Thischapter providesaverybriefandstripped-down introductiontotheideasbehindmodern cryptography. What OpenPGP Can Do Everythingintherestofthischapterbuildstoadescription ofthewayOpenPGPworksitsmagic.Bycombininghashes, public-keyencryption,anddigitalsignatures,OpenPGPallows youtoachieveexcellentlevelsofconfidentiality,integrity,
nonrepudiation,andauthenticity.Thesetermshaveveryspecificmeanings,whichwe’lldiscussinthischapter.Asanend user,youshouldunderstandhowOpenPGPworkssothatyou understanditslimitations. OpenPGPcandoonlysixthings,whichareallmissing fromtoday’semailarchitecture,andareextremelyvaluable inmanycircumstances.WhatyoudowithOpenPGPisdeterminedbywhichofthesixtasksyouwanttoaccomplish.Havea lookatTable1-1. Table 1-1: Key Usages Desired Effect
Action
I want anyone who reads this message to know beyond a doubt that I sent it—I cannot repudiate it.
Digitally sign the message with your private key.
I want to verify the identity of the person who sent a digitally signed message to see whether the apparent sender is the real sender.
Verify the signature with the sender’s public key.
I want to send a message that only my intended recipient can read.
Encrypt the message with the recipient’s public key.
I want to decrypt a message that I received.
Decrypt the message with your private key.
I want my message to be readable only by my intended recipient, and I want the recipient to be able to verify that the message came from me.
Encrypt the message with the recipient’s public key and digitally sign the message with your private key.
I want to decrypt and verify a message that includes a digital signature.
Decrypt the message with your private key and verify the signature with the sender’s public key.
Whenindoubt,consultthistable!Althoughcryptography canbeusedinanynumberofways,thistablecoversalmostall commonusagesofOpenPGP. Let’sgoontoseehowOpenPGPaccomplishesthesetasks.
Terminology Termssuchascode,cipher,cryptosystem,encryptionsystem, encryption,encoding,andsoonhavebeenflungaroundinterchangeablyforsolongthatmostpeoplethinkthatthey’reall thesamething.Mostpeoplearewrong.Youdon’tneedtomasterthelanguageofcryptography,butbeforewebegin,weneed toagreeonthewordswe’reusing.
14 Chapter 1
Plaintext and Ciphertext Cryptographyprotectsamessage,orapieceofinformation. Thismessagecanbeanemailmessage,yourcompany’sfinancialrecords,apictureofyourdog,oranythingatall.Inits originalunencryptedform,thisinformationisinplaintext, whichistextthatapersoncanlookatandreadwithoutthe useofanyspecialsoftware.(Inthecaseofaspreadsheetora digitalphoto,youneedthepropersoftwaretoviewtheplaintext,butit’susuallyviewable.) Afterplaintexthasbeenencrypted,apersonlookingat itseestheciphertext.Forexample,ifyoulookatanencrypted spreadsheetwithyourspreadsheetprogram,you’llseeonly ciphertext“garbage.” Forexample,here’saperfectlylegitimateplaintextmessagethatcertainpeoplewouldhavebeenveryhappyto interceptafewdecadesago: Attack Pearl Harbor December 7
AfteryourunthismessagethroughOpenPGPtochangeit tociphertext,itchangesjustalittle,asfollows: -----BEGIN PGP MESSAGE----Version: GnuPG v1.4.0 (FreeBSD) hQEOA2HvKhYFm1VREAP/QlSUVjc89OHbalb6+MNceJdJjaVb2FGZGFSowg1IkCYr b+wjMY4z0HoPty1hzW1wqPsWSiMLxZl24HQWWOPan8K2+LesErqeig4HEbMP23u4 QdUv4iOq9T1hoNvVb0IypXluMIquze2r8r+X3hllwqAOn9ahz5VnVKj/OVnQi80E ...
Goodluckguessingwhatthismeans!Althoughareader caneasilyseethatthisisanOpenPGPmessageencrypted withsoftwareandtheoperatingsystemitoriginatedon, thatinformationwon’tbeofmuchusetomosteavesdroppers. Thebadguyscouldusethisinformationtogetahintabout howtoattackyourcomputer,butthatrequiresanentirelydifferentskillsetthanattackingOpenPGP.
Codes Acodeisageneraltermforanymethodofconcealingthecontentsofamessage.Forexample,someancientmilitaryleaders wouldwriteamessageonastripofpapercarefullywrapped aroundastick,sothatthemessagewouldbescrambledwhen thepaperwasunwrapped.Onlysomeonewhoknewhowto windthepaperandhadastickofthesamesizecouldread themessage.Thisisaperfectlylegitimatecodeanditwas Cryptography Kindergarten
15
especiallyusefulinanagewhenthewrittenwordwasamystery tomostpeople.Thesedays,however,itwouldbeless-thanadequateprotectionagainstthepryingeyesofanyonewho haspassedthirdgrade.
Ciphers Onetypeofcodeisthecipher,whichconcealsthecontentsof amessagebytransformingeachcharacterinsomeway.One cipherthatmostkidsplaywithatonetimeoranotherisacode thatmatchesthelettersinthealphabettonumbers(“A=1, B=2,C=3,”andsoon),withthetextmessagethenwrittenasa seriesofnumbersinsteadofletters. Thisis,however,apoorcipherforserioususe.Notonlyis itwidelyknown,butacryptographerwhosomehowmanaged tostartacareerwithoutknowingthisciphercoulddecrypta medium-sizedciphertextjustbycountinghowfrequentlythe variousnumbersappearintheencryptedtextandknowing howfrequentlylettersappearinaverageplaintext.
Hashes Ahashisaspecializedmathematicalcomputationperformed onamessage,basedononeofmanyalgorithms.Relatedtoa cipher,ahashisaveryusefultoolforOpenPGP.Iftheoriginalmessagechangesinanyway,thehashofthatmessageis completelydifferent.Forexample,themessage“AttackPearl HarborDecember7”hasthefollowinghash(usingtheSHA1 algorithm): e8e0ee9cdc6cd03c880b5870983bb02d48fceaea
Uglylookingthing,isn’tit?Supposethatsomeoneinterceptedourmessageenroute,editedittoread“AttackPearl HarborDecember6,”andsentitonitsway.Thisone-character changewouldproduceacompletelydifferenthash,likethis: 07937cc5fd92504006f5f192d95cf8d341a26d18
Averyminorchangeinthemessagecreatesatotallydifferenthash!Althoughyoumightmissthechangeinthemessage, eventhemostcursoryhashcomparisonwouldmakeanyone takenotice. Youcannotrecoverplaintextfromahash.Also,constructingafilethatwouldcreateagivenhashvalueisverydifficult; thefastestwaytocreatejustafileistotryallpossiblefiles. Givenahash,thereisnoshortcuttoproducingafilethat matchesthathash. 16 Chapter 1
You’llalsoseereferencestochecksums,whichareerrorcheckingalgorithmssimilartohashesbutnotaserror-proof. Checksumsaresimplertoproduce(andeasiertofalsify!)than hashes,butareusefulforbasicintegritychecking.
Cryptanalysis Attemptingtodecryptaciphertextwithoutthekey,bythisor anyothermethod,iscalledcipheranalysis,cryptanalysis,oran attack.Morecomplicatedciphersrearrangethelettersina particularmannerorradicallytransformtheplaintextsothatit resistsanalysisbymethodssuchascharactercounting. Generally,cipherscombinetheplaintextwithakeyto generatetheciphertext.Thetypeofkeydependsonthealgorithm,orthemethodusedtocombinetheplaintextwiththe key.Similarly,youcanrecovertheplaintextbycombiningthe ciphertextwiththekey.
Goals of PGP’s Cryptography OpenPGP’scryptographicsystemhasthreefundamentalfeatures:confidentiality,integrity,andnonrepudiation(discussed inthefollowingsections).Thesefeaturescombinetoprovide authenticity.
Confidentiality Confidentialitymeansthatthemessagecontentsremainprivate.Theplaintextcannotbeviewedbyanyonewhodoesn’t havethenecessarykeys,algorithms,andtools.Inmanycases, youcannotpreventsomeonefromviewingtheciphertext, especiallybecauseeverymessagethatpassesovertheInternet canbeviewedbyalargenumberofpeople,justaslettersleft forthepostmancanbesteamedopenbyanosyneighbor. Theciphertextisincomprehensiblegibberishtoanyonewho doesn’thavethekeytoreadit,however.Confidentialityisthe firstthingthatcomestomindwhenmostpeoplethinkofa “secretcode.”
Integrity Integrityreferstokeepingamessageunchanged.Byusing OpenPGP,youcanconfirmthatamessagehasnotbeentamperedwithduringtransmission. Inmanycomputersystems,suchasthosefoundinatypicaloffice,thesystemsadministratorhasunlimitedabilityto notonlyviewdocumentsbutalsotoeditthem.Althoughmost systemsadministratorsaretooethical(andtoointerestedin Cryptography Kindergarten
17
remainingemployed)totransformtheirworkplaceintoa real-lifeTheYoungandtheRestlessbycarefullyeditingemail,it isentirelypossibleforsomeonewithevenmodestskillstodo exactlythat.Fortunately,theintegrityprovidedbyOpenPGP willnotifythemessagerecipientifamessagehasbeentamperedwith,puttingastoptosuchshenanigansbeforethey begin.
Nonrepudiation Nonrepudiationmeansthatapersoncannotdenysigningaparticularmessage,whichisespeciallyimportantinthecontextof email. Forexample,supposethatonedayyourbossreceivesan emailthatappearstobefromyou,containingyourresignation inadditiontothreatstopublishthose“special”photographs youtookofhimandhispetgoatifhedoesn’tofferyouaseverancepackagebiggerthanlastyear’scorporateprofits.Youwill probablywanttosaythatthemessageisafake.Inotherwords, youwanttorepudiatethemessage.1Ifthemessageisnotsigned withanOpenPGPapplication,itwillbeverydifficulttoprove thatyouactuallysentit;ifit’ssignedwithOpenPGP,however, youcannotrepudiateit. Nonrepudiationalonemakesitworthwhiletouse OpenPGP.Ifpeopleknowthatemailfromyouishabitually OpenPGP-signed,theywillknowthatanunsignedmessageis probablyfaked,especiallyifitscontentsseemoutofcharacter. (Itispossiblethatsomeonecouldhavestolenyourprivatekey, butwe’lldiscusshowtopreventthatinChapter2andthroughoutthebook.) Thissituationmightseemextremeorcontrived,butI havehadtotrackdown“forged”emailsmorethanonce.On onlyoneoccasion,themessagewasactuallyforged;morecommonly,userssendemailswhilehighlyemotional,intoxicated, orotherwisementallyincapacitated. W A RN IN G
Donotdigitallysignemailwhiledrunkoremotional.Sendingemailat allinsuchastateisveryinadvisable.
Authenticity Thinkaboutalltheseeffectsoccurringsimultaneously.When youreceiveanemailthathasbeenencryptedandsignedwith OpenPGP,youknowthatthecontentsofthemessagehave 1
Ornot.Ifyouactuallyhavethegoatpictures,itmightbeworthtrying.
18 Chapter 1
beenconcealedfromanyeavesdroppers.Youknowthatthe contentofthemessagehasnotbeenchanged.Youalsoknow thatthemessagecomesfromapersonwhohastherightto sendsuchamessageinthesender’sname.Thismessageis unquestionablyauthentic.Thebadguyshaven’tgottentoyou.
MALLORY: THE ORIGINAL BAD GUY When you read OpenPGP (or any cryptographic) documentation for any length of time, you’ll see references to someone named Mallory. Mallory is the example bad guy who wants to steal your information. The name Mallory is now applied to anyone who tries to break your encryption by any means. The name, which appears intermittently throughout the OpenPGP documentation, refers to any bad guy— not some specific person named Mallory. The Internet—indeed, the world—is full of Mallorys.
Encryption Algorithms Anencryptionalgorithmisamethodfortransformingciphertext intoplaintextandbackagain.Algorithmsrangefromthesimple(A=1)tothehorrendouslycomplicated.Somealgorithms thataremoreresistanttocryptanalysisthanothersarecalled “better”or“stronger”thanalgorithmsthatacryptographer canbreakmoreeasily.Differentalgorithmshavedifferent sortsofkeys. Averycommoncharacteristicofcomputer-basedcodesis abit,andthetermoftengetsthrownaroundbypeoplewho don’tknowwhatthey’redoing.“Thiswebsiteuses128-bit encryption,itmustbesecure!”“I’musingonly40-bitencryption,soI’mnotreallysecure.”Thenumberofbitsisjustthe numberofonesandzerosinthekey.Akeywith40onesand zerosisa40-bitkey.Toguessakey,youmusttryeverypossible combinationofonesandzeros.Becausea40-bitkeyhasbillionsofpossiblevalues,guessingallpossiblekeyswouldtake averylongtime.A128-bitkeyhasapproximately300trillion trillionpossiblevalues,makingguessingthekeyevenmore difficult.Ascomputersgetfaster,thelengthoftimetoguess drops,butatthistimeitstillexceedsahumanlifetime. Mostcryptanalysisexpertsdon’teventrytoguessthe key.Instead,theyattackthealgorithm.Ifyouhavea128-bit key,butyouralgorithmdoesn’tmakegooduseofthatkey,it mightbepossibletoeitherdecodetheciphertextwithoutthe keyorguessalargepartofthekeyfromtheencryptedtext. Ifyourkeyis40bits,butyoucanguess30ofthosebitsbecause Cryptography Kindergarten
19
ofsomeweaknessinthealgorithm,thetaskofguessingthe remaining10bitsbecomesmuchmucheasier.Thereareonly 1024possiblecombinationsof10bits,andacomputercanrun throughthosecombinationsinverylittletime.Therealityis thatthesecurityofatransactionisfarmoredependentonthe algorithmusedthanonthenumberofbitsused.Somealgorithmsaremoresecurewith80-bitkeysthanotheralgorithms with160-bitkeysbecausesomealgorithmsaresimplystronger thanothers. Youcanthinkofalgorithmsandbitsmuchliketires.A semihas18tiresinmotionsimultaneously,whereasyourcar hasonly4tires.Youcarisn’tanylessusefulthanasemi,however—it’sjustusedindifferentcircumstances.Yourcarwould notbeimprovedbyadding14morewheels(unlessyou’reon oneofthoseTVshowsinwhichtheydoweirdthingstoinnocentvehicles,ofcourse). Algorithmshavemanydifferentcharacteristics,mostof whicharecompletelyirrelevanttoaOpenPGPuser.Youdo needtounderstandtwobasictypesofalgorithms,however: symmetricandasymmetricalgorithms.
Symmetric Algorithms Asymmetricalgorithmusesasinglekeyforbothencryptionand decryption.Thechildren’ssubstitutioncipherwediscussed previouslyusesaverysimplesymmetricalgorithm:Replace eachletterbythenumberinthekey.Afteryouhavethiskey, youcanencryptanddecryptmessagestoyourheart’scontent. Youcan,ofcourse,changethekeyeasily:Youandyourcorrespondentcouldagreethat“A=9,B=&,”andthengeneratevery different-lookingciphertextfromthesamemessages.Although peoplecouldanalyzeyouroldmessagesandfigureoutyour oldkey,theywouldhavetostartalloveragainafteryouchange thekey.Whenmostpeoplethinkofcodes,theythinkofsymmetricencryption. Thechallengewithusingsymmetricalgorithmsisthat youneedasecurewaytopassthekeybackandforthwithout itbeingintercepted.Butthenifyouhadthatsecurepath,you probablywouldn’tneedthecipherinthefirstplace!Despite appearances,ifyou’reusingtheInternet,youdon’thavea securepath.TheInternetisalwaystapped,andtherearepeoplewhosaveeverypackettheyreceiveontheirnetworkincase theybecomeinterestinglater.Iknowofonenetworkmanager whohassavedeverypacketthathascrossedhisInternetcircuit inthelastfiveyears!
20 Chapter 1
Asymmetric Algorithms Symmetricalgorithmsareusuallymucheasiertoattackthan asymmetricalgorithms,whichusedifferentkeysforencryption anddecryption.You’veprobablyseenoldmoviesinwhichpeoplecutacoininajigsawpatternsotwopeoplewhonevermet beforeknowthattheyarespeakingwiththecorrectperson. Asymmetricencryptionkeysworkjustlikethat:Youmusthave bothhalvesofthekeytohaveunfetteredaccesstothemessage.Youencryptthemessagewithoneuniquekey,andthe recipientdecryptsitwithadifferentuniquekey.Althoughthis processmightseemmiraculoustosomeonewhohasworked withonlythebasicsubstitutioncipher,itdoeswork.Itdoesn’t matterwhichkeyisusedforwhichaction;ifyouusekeyAto encryptamessage,therecipientmustusekeyBtodecryptit, butifsomeoneencryptsthemessagewithkeyB,onlykeyA candecryptit.(Themathtoshowwhythisworksisquitehairy, andtheactualcalculationsarenearlyimpossibletoperform byhand—theyrelyonthedifficultyofworkingwithextremely largeprimenumbers.) Whenusingasymmetricalgorithms,twodifferentpeople cancarryaroundseparatebutmatchingkeysandusethemfor privatecommunication.Itispracticallyimpossibletodecrypt amessagegivenonlyonekey,andhavingonekeydoesn’t helpanattackerfigureoutwhattheotherkeyis.Asymmetric encryptionbecamepopularonlywiththespreadofpowerful computersthatcouldhandlethenightmarishmathquickly androutinely.OpenPGPisbasedonasymmetricencryption. DON’T MAKE YOUR BRAIN MELT! Many people have a hard time accepting the idea of asymmetric encryption. They think that there can’t be such a thing, that the idea is misstated, or (worst of all) that they do understand it. Googling for “asymmetric encryption” provides any number of papers on the topic. If you’re truly interested and can handle the math, you’re welcome to prove that it works. Bruce Schneier’s Applied Cryptography is perhaps the most approachable work on the subject. Otherwise, don’t let your ego interfere; just accept that numbers act really, really strangely when they get really, really big.
HavingasinglecryptographickeymadeupofkeysAand Bopensupaninterestingpossibility:Whathappensifyou givekeyAaway?Thatis,reallygiveitaway.MakekeyApublic. Publishitonyourwebpage.Handitoutatparties.Publish itonthebackpageofyourbook.Uploadittoapublickey Cryptography Kindergarten
21
repository.Writeitbackwardonyourforeheadsoitappears forwardintherear-viewmirroroftheguyyou’retailgating.Let anyone,anyoneatall,usethatkey.
Public-Key Encryption Noproblem.Theonlypossibleuseforthatkeyistoencrypt messagesthatcanbeunencryptedonlywiththematchingkey thatyoukeptortodecryptmessagesencryptedbyyourkey. Peoplecanencryptmessagesthatonlyyoucanreadandcan decryptmessagesthatonlyyoucouldhavesent.Thisisthe wholebasisbehindpublic-keyencryption.Thepublishedkeyis calledthepublickey,whereasthekeyyoukeepistheprivatekey. Together,apublickey(keyA)anditscorrespondingprivate key(keyB)arecalledakeypair. EveryOpenPGPuserhasapersonalkeypair,withthepublickeydisseminatedwidelyandtheprivatekeykeptasaclosely guardedsecret.OpenPGPprovidesmethodstobroadcastthe publickeytotheworldbecausebodytattoosareneithernecessarynordesirableincryptography. AlthoughOpenPGPusespassphrases(asdiscussedlater inthischapter)tomakeprivatekeytheftmoredifficultthan simplystealingafilefromyourcomputer,there’snoreasonto makeiteasyforMallory.Anyonewhohastheprivatekeyand yourpassphrasecanpretendtobeyou.Protectbothofthem! Throughoutthisbook,wediscusswaystokeepyourprivatekey privateandmakeyourpublickeymorepublic.
Digital Signatures Whenyoudigitallysignanunencryptedmessage,youallow anyonetoreadthecontentsofthemessage.Thedigitalsignaturetellstherecipientonlythatthesenderhadaccesstothe matchingprivatekeyforthepublickeyhehasforthatperson. Digitalsignaturesusebothhashesandpublic-keycryptography. Theyprovidenonrepudiationandintegrity,butnotconfidentiality.Ifyouwanteveryoneintheworldtoknowyouwrote something,adigitalsignaturewilldothetrick. Yousawearlierthatwhensomeonealtersamessage,the hashforthatmessagechangesdramatically,whichprovidesa simplecheckofthemessage’sintegrity.Ifyouprovidethemessage’shashinanemailitself,there’saproblem:Anyonewho canchangetheemailcanalsochangethehashtomatchthe
22 Chapter 1
newmessage.Weneedatechniquetoprotectthehashfrom tampering.Oursolutionistousepublic-keycryptographyto digitallysignourmessage.HerearethebasicstepstheOpenPGPsoftwareperformsafteryoutellittosignyourmessage: 1. Generatesahashofyourmessage. 2. Encryptsthehashwithyourprivatekey(yourdigital signature). 3. Attachestheencryptedhashtoyourmessage(thisisyour signedmessage). 4. Sendsyourmessagewiththeattachment. Therecipientwillgetanemailmessagecontainingthe messageyousentincleartext,plusasmallattachmentcontainingtheencryptedhash.Therecipientdoesnotneedtouse OpenPGPtoreadthemessage,soit’slesshassletoreadthe messagethanitwouldbetoreadafullyencryptedmessage. Bythesametoken,iftherecipienthasOpenPGPtools installed,themessage’shashcanbedecryptedwithyourpublic keytogetthehashofthemessageyousent.Becauseonlyyou holdyourprivatekey,onlyyoucouldhavecreatedthathash. Therecipientcanthenindependentlygeneratethehashofthe messagethatwasreceived.Ifthetwohashesmatch,therecipientcanbecertainthatwhatisreadiswhatyousent. Ifsomeonetamperswithyouroriginalmessage,anyone whotriestoconfirmthehashgetsanerror.Yourpublickey mightnotdecryptthehash,whichwouldindicatethatsome otherperson’sprivatekeycreatedthemessage.Oryourpublic keymightdecryptthehash,butthehashwouldfailtomatch thehashfortheemailmessagereceived,tellingtherecipient thattheemailmessagewasaltered.
Combining Signatures and Asymmetric Cryptography Wediscussedhashes,whichshowwhetheradocumenthas beentamperedwith.Wealsocoveredpublic-keycryptography: Anasymmetriccipherallowspeopletoencryptmessagesfor aparticularperson,orapersoncansendmessagesthatcould havecomeonlyfromhim.Digitalsignaturescombinebothof theseideas,butOpenPGPtakesthemastepfurther.Bycombiningthesender’sprivatekeyandtherecipient’spublickey,
Cryptography Kindergarten
23
anOpenPGPmessagecanbereadonlybyitsintendedaudienceandcouldhavecomeonlyfromaparticularsender,as showninFigure1-1.
Fred
Fred’s keypair
Encrypted message
Barney’s keypair
Fred’s public key
Barney’s public key
Barney’s public key
Fred’s
Fred’s
Barney’s
private key
private key
Barney
private key
Figure 1-1: OpenPGP keys and an encrypted message
AsyoucanseeinFigure1-1,bothFredandBarneyhave keypairsthatconsistofapublicandaprivatekey.Thesepeople havenevercommunicatedbefore;instead,theirpublickeys areavailableontheInternet.Eachofthemhaskepttheprivate keysecret. WhenFredwantstosendamessagetoBarney,Fredsigns themessagewithhisprivatekeyandencryptsitwithBarney’s publickey.Theencryptioncanonlybeundonebysomeone whohasBarney’sprivatekey,andthesignaturecanonlybe verifiedbysomeonewhohasFred’spublickey. Byusingbothaprivatekeyandapublickeyfromtwodifferentpeople,weensurethatanyonewhowantstoreadthe messageandverifyitsauthenticitymusthaveFred’spublickey andBarney’sprivatekey.Fred’spublickeyiseasytofind,but Barney’sprivatekeyisaclosely-heldsecret.Theonlyperson whohasbothofthesekeysisBarney. N O TE
NotevenFredhasbothofthenecessarykeys;helacksBarney’sprivate key.Oncethemessageisencrypted,eventhesendercannotdecryptit! ThissimpleaspectofOpenPGPhassecuredthelivesof dissidentsandreliefworkersintotalitarian,oppressivegovernmentsandwar-tornareas.
Passphrases and Private Keys OpenPGPprivatekeys(andthoseinmanyotherprograms, suchasSecureShell)havetwocomponents:afileonyour diskandapassphrase.Thefileondiskcontainsyourprivate key,scrambledandshreddedbeyondrecovery.Apassphrase ismuchlikeapassword,exceptthatitismuchlongerand includesspaces.Wheneveryouworkwithyourprivatekey,the OpenPGPprogramwillrequestyourpassphrase.OpenPGP combinesthepassphraseyouenterwiththeprivatekeyfile 24 Chapter 1
savedondisktoreassembleaworkingprivatekey.Ifyouenter thewrongpassphrase,thisprivatekeyiswrongandwillnot work.Thus,astolenlaptopcontainingaprivatekeyfilewillbe uselesstothepersonwhofindsit,unlessyousaveyourpassphraseinaplaintextfilesomewhere,thatis!Theonlysafeplace foryourpassphraseisinyourhead.
Choosing a Passphrase Computersarenowsofastthattheycancrackshortpasswords rapidlysimplybytryingeachpossiblepasswordinquicksuccession.Thisprocessiscalledbruteforcing.Althoughyoucan useasimplepasswordforapassphrase,doingsoconsiderablyreducesthesecurityofyourprivatekey.Yourpassphrase shouldbeatleastseveralwordslong,itshouldbesomething youcaneasilyremember,anditshouldn’tbeobvioustoothers.Workspecialcharacterssuchas#,!,~,andsoonintoyour passphrase.Peculiarwordsusedinyourprofessionalvocabularyarealsoagoodchoice.Substitutenumbersforletters.If youworkwithcomputers,youcanusecomputershorthand, suchassubstituting“|”for“or.”Confuseupper-andlowercase. Donotusecatchphrases,taglines,orbitsfrompopularbooks ormoviesasyourpassphrase!Although“He’sdead,Jim”might beveryeasyforyoutoremember,it’sbotheasytoguessandfar tooshort. Manypeoplerecommendcombiningalltheaboveintoa passphrase.Youcanstartwithaphrasesuchas“He’sdead,Jim” andexpandonit:“OnthefirstStarTrekseries,McCoysaid ‘He’sdead,Jim’infar,fartoomanyepisodes!”isafarbetter startforapassphrase2andisprobablyunique.Otherexperts recommendstartingwithafewsentencesfromanobscure book.Ifyouknowaforeignlanguage,evenslightly,substitute someoftheforeignwordsforEnglishequivalents.Thatuseless degreein17thcenturyFrenchliteratureisanexcellentsource forpassphrasesthatwillbeextremelydifficulttoeitherguess orbruteforce. Afteryouhaveabasepassphrase,fold,spindle,andmutilateitwithspecialcharactersandweirdsubstitutions.Addin yourspecialcharacters,illiteratepunctuation,andwhatever otherchangesyoudesire.Makeitlongerandmorecomplicatedforbettersecurity.Yourfinalpassphraseshouldbe meaninglesstoanyoneexceptyou.
2
Thismighthavebeenanacceptableplacetostartwithpassphrasecreation, butnowthatit’spublishedassuch,it’sareallylousyone. Cryptography Kindergarten
25
Here’sthescariestbitaboutpublic-keycryptography: Anyonewhohasyourcompleteprivatekeycanpretendtobeyou.If someonestealsyourlaptopandunderstandsOpenPGP,the personcanassumeyourelectronicidentityifhecangetyour completeOpenPGPprivatekey.YourOpenPGPprivatekey consistsofnumbersinafileonyourcomputer’sharddrive andyourpassphrase.Youcanonlyprotectthatfilesowell;by choosingasolidpassphrase,youmakeyourkeymuchharder foranyoneelsetouse. AfteryoubeginusingOpenPGPregularlytosecureyour personalinformation,losingyourprivatekeyislikelosingyour wallet,creditcards,passport,andbirthcertificatesimultaneously.Andinsomepartsoftheworld,digitalsignaturesare legallybinding.Yourbossmightgetthatthreateningemail, andyoucouldn’trepudiateit.Youmightlearnonedaythat you’veapparentlyagreedtoopenawarehouse-style,discount mail-orderbridedistributioncenterinKansas.Thepassphrase isyourkeytopeaceofmind;chooseitwell. IfyouuseOpenPGPtoprotectpersonaldocuments,you mightchoosetorecordyourpassphrasesomewheresothata familymembercouldgetitincaseofyouruntimelydemise. Thisisapersonalchoice;althoughasafedepositboxmight notbeassecureasyouwant,it’smuchbetterthanrelyingon theIRStoprovideaccuratecopiesofyourfinancialrecords toyourspouseafteryourdeath.Itisperfectlyreasonableto havesharedOpenPGPkeypairsusedbyfamilymembersto protectfamilyfinancialdocuments.Manyteamsusejustsuch anapproachforagroupkey,aswillbediscussedinChapter11. NowthatyouunderstandsomeofthebasicsofcryptographyasusedinOpenPGP,let’sexaminethewayOpenPGPitself hangstogether.
26 Chapter 1
2
UNDERSTANDING OPENPGP
Nowthatyouunderstandthe ideasbehindbasicencryption, whatmakesOpenPGPsospecial?Asidefromthedecade-old lawsuitthatfreedupUSencryptionexport regulations,whathappenedtomakethe computingworldgiveOpenPGPsomuchattention?After all,thecryptographyunderlyingOpenPGPhasbeenwidely deployedinavarietyofapplicationsandprotocols,sothat’s notthesecret. OpenPGP’ssecretisalsowhatmightbeitsmostexciting part:thewholeconceptoftheWebofTrust.TouseOpenPGP well,youneedtounderstandtheWebofTrust. ThischapterintroducestheideasbehindtheWebofTrust andsomeconsiderationswhencreatingandusingpublicand privatekeys.WewilldiscussthedetailsofmanagingtheWebof TrustinChapter5,andwillspecificallycoverPGPinChapter6 andGnuPGinChapter7.
Security and OpenPGP Let’sconsiderthewordsecurityforamoment.Thisisoneof thosepoorinnocentwordsthat’sbeenkickedarounduntilit meansjustaboutanythingthespeakerwantsitto.OpenPGP providessomethingsthatwenormallythinkofassecurity,but it’sreallyaverylimitedsubsetofthewholeworldofsecurity. OpenPGPwon’tkeepsomeonefromstealingyourcomputer.Itwon’tstopsomeonefromsendingyouthreemillion junkemails.Itdoesprovideconfidentiality,integrity,andnonrepudiation,butitsimplementationofthesearealltightlytied toandderivedfromtheideaofidentity. OnecanarguethattheideadrivingOpenPGPisidentity verification.Identifyingpeopleinpersonisprettyeasy— humanshavedonethatwiththeirfivesensesfortensof thousandsofyears,andwe’vegottenprettygoodatit.Identifyingthesenderofanemailismoredifficult.Whenyou receiveanemailmessage,theonlyinformationwithwhich toidentifythesenderisaneasily-forged“From”address. Whenyoureceiveamessagesignedwithsomeoneelse’s privatekey,however,youcanrestassuredthatitalmostcertainlycamefromthepersonwiththematchingprivatekey. Thequestionthenbecomes,“Howdoyoutieareal-worldidentitytothekeypair?”Thishaslongbeenthekillerproblemin public-keycryptography. Bigcompaniestakeabig-scaleapproachtothisproblem. SecureSocketsLayer(SSL)websitesusedigitalcertificates issuedbyCertificateAuthority(CA)companiesthat(intheory)spendalotoftimeverifyingtheidentityofthepersonor companyrequestingthecertificate.Thisisatime-consuming processthatcostsagoodamountofmoneytodocorrectly. AfterawebsiteownerconvincestheCAthatheiswhohe claimstobe,theCAdigitallysignsthewebsite’spublickey, whichistheCA’sproclamationthatithasverifiedtheidentity ofthecertificateholder. Thisapproach,althoughbasicallydecent,hasweaknesses. First,anybusinessexpectstobepaid.Idon’twanttopaysome company100dollarseveryyearortwojusttoprovemyemail identity—that’smoreexpensivethanmydriver’slicense! What’smore,eventhesebigCAscanbetrickedintosigning invalidcertificaterequests,soyou’renotgettinganironclad guaranteeofvalidity. Infact,thedigitalsignatureusedbyaCAdoesn’tdifferin anytechnologicalorcryptographicsensefromthedigitalsignaturesyoucancreatewithyourownprivatekey. ThekeydifferencebetweenOpenPGPandacentralCAis thatOpenPGPallowsyoutocreatedigitalsignaturesyourself. 28 Chapter 2
TheWebofTrustabolishesthewholeideaofacentralCAand placestheresponsibilityforidentityverificationinthehandsof theusers. N O TE
ThegeneraldesignoftheX.509certificatesusedonwebsitesdoesdiffer fromtheOpenPGPkeypair.Thetwoarenotinterchangeablebecause theyusedifferentalgorithmsandincludedifferentinformation,butthe underlyingtechnologyisthesame(muchasaconvertibleandapickup resembleeachother).
Web of Trust TheWebofTrustistheglobalnetworkofpeoplewhohave identifiedeachotheranddigitallysignedeachother’sOpenPGPkeys.TheWebofTrustiscomposedentirelyoflinks betweenindividuals.Overtheyears,asmoreandmorepeople havejoinedtheWebofTrust,thenetworkhasbecomebroader andmoreinterconnected.EveryonewhoisusingOpenPGPto communicatewithavarietyofpeopleisconnectedviatheWeb ofTrust. Forexample,supposethatatsomepointIreceiveadigitallysignedemailfromGeorge.IhavenevermetGeorge,butI cangetacopyofGeorge’spublickeyfromacentralrepository. Thiskeyhasbeendigitallysignedbypeoplewhohaveverified hisidentity. OneofthesesignersisWilliam,whomIdoknow.Itrust WilliamtonothavesignedGeorge’skeyunlessheeitherknows Georgepersonallyorhasverifiedhisidentityinsomeother way.WhenIverifyWilliam’ssignatureofGeorge’skey,Iknow thatWilliamreallydoes“vouch”thatGeorgeisGeorge.Itrust William,andWilliamtrustsGeorge,soIcantrustthatGeorge isGeorge.Andthischaincancontinuetogrow.PerhapsItrust William,whotrustsLarry,whotrustsBetty,whotrustsIvan,who trustsGeorge,andsoon.That’stheweb. AsGeorgehashiskeysignedbymoreandmorepeople, hiskeyismoretightlyintegratedintotheWebofTrustand theaveragelengthofthepathtohiskeybecomesshorterand shorter. TheWebofTrustisnotperfect.ImighttrustWilliam’s abilitytocheckidentitywhensigningkeys,butIdon’tknow anythingaboutGeorge’s;maybehesignsthekeysofanyonehe meets,orsignskeysherandomlydownloadsfromtheOpenPGPkeyservers.IfweweregoingtostartoverwithOpenPGP today,theWebofTrustwouldlookcompletelydifferent.Just rememberthatultimately,youdecidewhoyoutrust.Youcan alwaysrefusetosignakey,orrefusetoacceptidentitybecause ofatoo-distantconnectiontosomeoneyoutrust. Understanding OpenPGP
29
Trust in OpenPGP Likesomanyotherwordsinthesecurityfield,trusthas beentwistedtomeanalmostanythingthespeakerdesires. (TheOpenPGPstandardactuallygoesoutofitswaytoavoid definingthewordtrust!)OnecriticalportionofthetrustsystemistheWebofTrust,whichusesanarrowdefinitionoftrust andtriestoensureonlythatapersoniswhoheclaimsheis. SimplybeingapartoftheWebofTrustdoesnotimplythat apersonistrustworthy!IknowpeoplewhomIknowdarnwell thatIcannottrustwithmywalletormypetrats,butIwould happilysigntheirPGPkeysandhelpthemprovetheiridentity toothers.YoucanreceiveanOpenPGP-signedemailcontainingafraudulentoffertoselltheBrooklynBridgeatpennieson thedollar;ifthesender’skeyisattachedtotheWebofTrust, youhaveatleastachanceofidentifyinghim. Theresponsibilityforbuildingthistrustisinyourhands. CollectingotherOpenPGPusers’digitalsignaturesonyour key,andsigningtheirkeysinreturn,isanimportantpartof usingOpenPGP.YoushouldbeastightlymeshedintotheWeb ofTrustashumanlypossible. Bythesametoken,itwouldbeunfairtosaythat“themore signaturesyouhaveonyourkey,themoreyourkeywillbe trusted.”Lotsofsignaturesdonotensurethatthekeywillbe universallytrusted.Ontheotherhand,themorehopsbetween youandanotheruserintheWebofTrust,andthefewerpaths betweenthetwoofyou,thelesslikelythatpersonwillbetotrust youridentity.(See“TracingtheWebofTrust”onpage121.) Bysigningsomeoneelse’skey,youarestatingpubliclythat youhaveidentifiedthisperson,andyouaresatisfiedthathis identitymatchestheidentityprovidedwithhispublickey.Likewise,togetyourkeysignedbysomeoneelse,youmustprove youridentitytohim.ManypeopleassumethatagovernmentissuedIDsuchasapassportordriver’slicensesufficesasproof ofidentity. Thismightseemlikeaweaksystem,butit’snoweaker thantheoneusedbyacentralCA.TheCAisstaffedbyhuman beingsjustlikeyou,afterall.Althoughthesestaffmembers havetrainingtodetectfalseIDs,theyhavelimitationssimply becausetheyworkremotely.Ifapersonisstandinginfrontof youwithherdriver’slicense,youcanlookatherpictureand compareitwithherface.TheCAhasnosuchoption. Also,mostofuscheckidentificationrarelyenoughthat itsverynoveltymeansweprobablypayenoughattentionto doadecentjobatit.ThosefolkswhoworkforaCAcheckIDs alldaylong,everyday.IremembermorethanoneMonday morningatworkwhenIwaslesscarefulandlessproductive 30 Chapter 2
thanmyemployerwouldhope.1Althoughanyonecouldgeta forgedIDcardiftheyknewwhototalkto,theycanfoolaCA almostaseasilyastheycanfoolyou.Justlookatthepeople whoworkfortheTSA;theycheckIDcardsalldaylongand quicklybecomeboredwiththeroutine. Ofcourse,youwon’tbeabletoverifyallstate-issuedID cards.IfImeetsomeonewhousesaTasmanianpassport,I’m goingtohesitateoversigninghiskeyunlesshehassomeother methodofprovinghisidentity.(TasmaniaisastatewithinAustralia,anddoesn’tissueitsownpassports.Ifyoudidn’tknow this,don’tblindlytrustgovernment-issuedIDs!)You’reperfectlywithinyourrightstoonlysignkeysforpeopleyouknow well.ManyexperiencedOpenPGPusersfollowthisstrategy; don’tbeoffendediftheywon’tsignyourkeybasedsolelyon yourstateID.Iwon’tsignyourkeyunlessIknowyou. OnecommonwaytoenhanceyourlinksintotheWeb ofTrustistoattendakeysigningparty.Atakeysigningparty, OpenPGPusersgathertoverifyeachother’sidentityandsign eachother’skeys.Keysigningpartiesareusuallyheldattechnicalconferencesandoccasionallyatothereventswherealarge numberoftech-literatepeoplehavegathered. Ifyouhaveneverheardofakeysigningpartyanddon’twant togolookingforone,askyourfriendsandinquirearoundyour placeofwork.Inanycommunityoftechnicallyorientedpeople, atleastonepersonhasanOpenPGPkeypair.Somesocialnetworkingsites,suchaswww.biglumber.com,existprimarilyto matchpeopleuptoexchangesignaturesonOpenPGPkeys. AsinglesignatureattachesyoutotheWebofTrust.After youstartusingOpenPGPyou’llbesurprisedathowmany otherpeoplealsouseit.
Where to Install AnOpenPGPprogramprovidesanaffidavitthatyouarewho youclaimyouare,likeyourdriver’slicenseoranotary’sstamp. And,justasyouwouldn’tleaveyourdriver’slicenselyingaround atthepubliclibrary,youshouldn’tuseOpenPGPonanycomputeryoudonotcompletelycontrol.Otherusersonthesame computermightbeabletoaccessyourkeyring,includingyour ultrasecretprivatekey.Evenifyouhavethepermissionsseton yourkeyssothatonlyyoucanseethem,don’tforgetthatpeople withadministrativeaccesstothesystemcanaccessthosefiles anyway.Thismeansthatyoushouldn’tinstallOpenPGPona sharedsystem,suchasthoseintheuniversitycomputerlab. 1
Notetotheboss:Thosedayswereallatpreviousjobs.Thisneverhappens now.Really. Understanding OpenPGP
31
Don’tinstallitonacommunalofficeterminal.Thecoffeeshop terminalisRightOut.AlthoughIreadmyemailonashared server,whenIuseanyOpenPGPprogramIcomposethemail onmylaptopanduploadittomymailserver. Yourpersonalcomputershouldalsobewell-secured;ifyou leaveyourcomputerintheofficeandhavenolockingscreen saver,peoplecouldaccessyourkeys. Nowlet’stalkaboutWindows.VersionsofWindows descendedfromWindows95(includingWindows98and WindowsMe)aren’ttruemultiuseroperatingsystems;their multiuserfunctionalityisboltedonratherthanintegrated throughoutthesystem.YoucannotsuccessfullysecureOpenPGPkeysonamultiuserWindows9xsystem;anyonewhouses thatsystemcouldaccessyourkeyswithoutyoueverknowing aboutit.ThepasswordfunctionalityintheseversionsofWindowsiseasilybypassedbyanyonewhocantouchthesystem, withoutanyspecialtoolsorsoftware.Assuch,Irecommend againststoringanypersonalinformation,includingOpenPGP keys,onWindows9xsystems. WindowsNT–basedoperatingsystemssuchasWindows Vista,WindowsXP,andWindows2000aremuchimprovedin thisregard;breakingintothemrequiresspecialsoftwaretools andtime,justlikeaUnix-likesystem.Ontheotherhand,they dohavethatpeskyAdministratoraccountthatcaninstallanythingitlikes.JustlikeaUnix-like“root”account,youmustbe certainthatnobodyelsecanaccessyourkeyring. We’lltouchonthistopic,butanin-depthlookisbeyond thescopeofthisbook.Ifyou’reinterestedindesktopcomputersecurity,therearemanybooksonthemarketthatdeal specificallywiththattopic.
Your Keypair NomatterwhichversionofOpenPGPyouchoosetouse,you havetocreateakeypairwhenyouinstallthesoftware.The stepsfordoingsowilldiffer,butbothsetsofsoftwareusethe sameunderlyingideas.Again,seeChapter3forspecificPGP instructionsandChapter4forGnuPGinstructions. N O TE
Remembertogenerateyourkeysonlyonamachinethatonlyyoucontrol.IfyouleaveyourGnuPGkeypairlyingaroundforanyonetouse, thatanyonecanpretendtobeyou!
Key Length Thekeylengthisthenumberofbits(zerosandones)inyour keypair.Atthetimeofthiswriting,bothPGPandGnuPG 32 Chapter 2
defaultto2048-bitkeys.A2048-bitsymmetrickeysufficesto providerobustsecurityforthenextseveralyears,unlessyour attackerhasquantumcomputersoroneofthoseultrasecret custom-built,code-bustingmachinestheNSAisrumored tohave. Increasingthekeysizeincreasestheamountofwork neededtoprocessyourkey—notjusttheamountofwork neededtosendencryptedemailsbutalsotheamountofwork othersmustdotoreadthem.Italsoincreasestheamountof workthebadguyshavetodotobreakyourkey,however.Stick withthedefaults,unlessyouknowthateveryoneyouwillever exchangeencryptedmessageswithhassufficientcomputing powertodecryptyourmessageswithouthavingtotakeacoffee breakwhilethemachinechurns.
Key Expiration Date Theexpirationdateofakeypairisamatterofdiscussion amongOpenPGPexperts.Havingakeyexpireregularlyprovidesacertainlevelofadditionalconvenienceforyourfuture self;ifyouleaveyournonexpiringkeypaironaCD-ROM,and someonefindsthatdiskin2038,theycanstillusethatkeypair topretendtobeyou.Ifyourkeyexpiresregularly,youwill needtogenerateanewkeyeveryfewyearsanddistributeit amongstyourcorrespondents. AsanewOpenPGPuser,however,youwillprobablyfind thingsthatyouwishyouhaddonedifferentlywithyourkey beforetoolong.Ifyourkeylastsforever,itwillbemoredifficulttogetridof.Irecommendthatyouhaveyourfirstkey expireinayear.Youcanprobablyhavesubsequentkeysexpire everytwotofiveyears,butyouwanttobeabletobailoutof anyteethingproblemsquickly.(AlthoughI’vedonemybest toguideyouthroughanypotentialproblems,someofyouwill findusesforOpenPGPthatI’dneverexpect!) Perhapsthemostcommonproblemwithanonexpiringkeyisthatwhenanoldkeyisusedtocontactsomeone whonolongerhasthekeypair,theycan’treadtheemail.If IhadpublicizedanonexpiringPGPkeywhenIfirstgave PGPatrybackin1995,thatkeywouldstillbeavailable viaGoogleandotherwebsites.Chancesare,todayIwould havehadtoscroungehardtodigupthesoftwaretoread amessageencryptedwiththatkey.Andin2015,Iwould haveseriousdifficultyopeningthatmessage,butthekey wouldstillbecachedfortheworldatlargetoview,andno matterhowhardIworkedtopublicizeanupdatedexpiringkey,peoplewouldkeeptrippingovertheoldone! Themoralofthisstoryis:Expireyourkeysregularly! Understanding OpenPGP
33
Name, Email, and Comment Yourname,youremailaddress,andanoptionalcommentfield combinetocreateyourOpenPGPuserID,orUID.Youmust beverycarefultoentertheseinthemostcorrectmannerto getthegreatestpossibleuseoutofOpenPGP. Your Name Useyourrealname.Remember,oneimportantpartofusing GnuPGisgettingpeopletosignyourpublickey.Althoughit’s easytogetyourfriendsandfamilytosignyourkeys,proving youridentitytostrangerssothattheywillsignyourkeysisa littlemoredifficult. Thebestwaytogetyourkeysignedistoprovidesome sortofgovernment-issuedIDwithyournameonit.Mypassportsays“MichaelWarrenLucasJr.,”mybooksareauthored by“MichaelW.Lucas,”mycompanyemailaccountlistsme as“MichaelLucas,”andmycoworkershavestillothernames forme.(BecauseIwantthisbooktoavoidanRrating,Iwon’t mentionthosenameshere.)IfI’mtryingtoprovemyidentity tosomeoneI’venevermetbefore,it’sbestifmykeymatches thenameonmygovernment-issuedidentificationascloselyas possible. Email Address Youalsoneedanemailaddress.Yourkeyistiedtoanemail address,forbetterorworse. Comment Thecommentisjustafewwordsaboutwhoyouareandwhat youdo.Thiscanbeimportantbecausemanypeoplehavesimilarnames.IfIperformaGooglesearchfor“MichaelLucas” Ifindawholebunchofinterestingcharacters:voiceoverartists,actors,firearminstructors,ministers,andsoon.Although Iwishthemallwell,Idon’twantanyonetotrytonegotiate mybookcontractwiththem(becausemypublisherissucha bastard,he’lltakethemforallthey’reworth).Thecomment fieldallowsmetodifferentiatemyself,sothatifanyoneelse goeslookingfortheOpenPGPkeyforarandom“Michael Lucas”Iwon’tgetunreadablemailintendedforsomeoneelse. User ID Thistripleidentifierofname,emailaddress,andcommentis calledauserID,orUID.UIDsareexpectedtorefertoaunique entity.Whensomeonegoeslookingforyourprivatekey,they 34 Chapter 2
won’twanttofinditbyastringofmeaninglesscharacters;they wanttouseyourname!Iftheycan’trememberyourfullname, they’llwanttouseyouremailaddress. Althoughit’sunlikelythatsomeonewantingtoreachme wouldsearchformypublickeybythefactthatI’manauthor, itwouldhelpsortmeoutfromalltheotherMichaelLucasesin theworldwhomightuseOpenPGP.
Revocation Certificates Arevocationcertificateallowsyoutoannouncetotheworldthat yourkeypairisnolongervalid.Youneedarevocationcertificateifyourprivatekeyislost,compromised,orstolen.You mightalsoforgetyourpassphrase,whichwouldlockyouout ofyourownprivatekeyandrenderyouunabletoreadany encryptedmessagesyoureceive. Youmightevenlosethetechnologytoreadyourkeypair! Occasionally,youwillhearaboutsomeuserwhoreceivesan emailencryptedwithaPGPkeydatingfrom1992,inaformat thatnomodernOpenPGP-compliantprogramcanread.(This isperhapsthemostimportantreasonwhyyourkeyshould expire!)Inanyofthesecases,you’llwanttobeableto“shut off”youroldkey. Generatearevocationcertificateimmediatelyupongeneratingakey.
Storing Your Keypair AfteryoustartusingOpenPGP,losingyourprivatekey(orthe wholekeypair)willcauseyounoendofgrief.I’vehadfilesdisappearduetousererror,filesystembugsdestroydataIdidn’t realizewasimportantuntilweekslater,andoperatingsystem bugsrendermachinesunbootable.Threeofmymachineshave caughtonfire.Unlikethecorporateworld,inwhichyoucan alwaysblamegoofsontheITdepartment,youaretheonly personwhocanprotectyourOpenPGPkeys.Youcannotdelegatethisresponsibility. Backupyourkeypairandyourrevocationcertificateona portablemedium,suchasaCD-ROMorfloppydisk,andstore itinasafeplacesuchasasafedepositbox.Perhapscarryit withyou,encrypted,onaUSBkey. Asafeisnotabadchoice,butalthoughafireproofsafe won’tgethotenoughtoignitepaperitwillgetmorethanhot enoughtocorruptdigitalmedia.Youcanalsoprintoutyour revocationcertificateandstoreitwiththedigitalbackup,so thatifyourbackupmediafailswithageyoucouldstillhandcopytherevocationcertificateandrevokeyourkeyifnecessary. Understanding OpenPGP
35
W A RN IN G
Donotstoreyourkeypairand/orrevocationcertificateonapublic machine,semipublicmachine,orsharedmachine!Yes,I’vesaidthis before,butitbearsrepeatinguntilitsinksin.
Storing Your Revocation Certificate Justasanyonewhogetsyourprivatekeyandpassphrasecan passhimselfoffasyou,anyonewhogetsyourrevocationcertificatecanmakeyourprivatekeyunusablebytheworldatlarge. Thiswouldbeannoyingforanovice,butifyouuseOpenPGP heavilyitwouldbecatastrophic.Storeyourrevocationcertificatejustassecurelyasyoustoreyourprivatekey.
Photo IDs and OpenPGP Keys OneofthemorerecentadditionstoOpenPGPistheabilityto storeapictureinapublickey.Thismakesverifyingkeyowners muchmorereliable,asyoucanactuallyviewapicturewhen you’redecidingwhetherornottosignakey.Italsogivesyou abetter“feel”fortheperson. BothPGPandGnuPGcanextractanddisplayphotos inkeys. Ifyouwanttoinsertyourownphotointoyourkey, you’llneedtohaveadigitalphotoofyourselfineitheraheadonlyorhead-and-shouldersshot.Forbestresults,itshouldbe 120x144pixelsandinJPEGformat—thiswillworkinbothPGP andGnuPG.KeysizeisacriticalissueinOpenPGP,soyour photoshouldtakeupaslittlespaceaspossible:Itdoesn’tneed tobesuper-detailedsolongaspeoplecanrecognizeyou.After all,howmanydriver’slicenseshavedecentphotographs? Insertingaphotointoyourpublickeyisn’thard,butit doesrequireslightlymoreadvancedskillsthanyouhaveright now.WewilldiscussmanagingphotoIDinChapters6(for PGP)and7(forGnuPG).
Key Distribution Puttingyourpublickeyonyourwebpagemightseemlike theobviousthingtodo,butthisonlydemonstratesthatthe obviouschoiceisn’talwaysthebest.Anyonecanputupa websiteclaimingtobe“TheOfficialWebsiteofMichaelW. Lucas!”Anyonecouldputapublickeyonthatsite.Worse, anyonecouldputanoteonthatwebpagesaying“Toreach theinternationally-renownedauthorofPGP&GPG,aswell asmanyotherfinetomesofcomputerwisdom,emailhimat 36 Chapter 2
[email protected]andusethisOpenPGP key!”(Ofcourse,thatisn’tmywebsite,myemailaddress,or myOpenPGPkey.Anyonetrustingthatwillfindthemselves talkingtosomeoneelse—andblamingmefortheresults.) Attimes,you’llseeemailsignatureswiththeline“My publickeyisavailableathttp://www.mywebsite.com/,”which seemslikeitwouldbebetter.It’scertainlysopopularthat you’dthinkitwouldwork.Ifsomeonetamperedwiththe email,however,theycouldalsoputinanewURLforthepublickeywebsiteandfooltherecipient.Thisworksbestwhenthe authorsendsalotofemail,socorrespondentscanverifythe URLwiththatdisplayedinothermessages.Thiswouldwork wellonlywithpeoplewhoknowmeandwouldbedisturbedifI suddenlystartedusingadifferentemailprovider. Unquestionably,thebestwaytodistributeyourkeyisin person.WhenacoworkersetsupanOpenPGPkeypair,Ihave himemailthepublickeytome,weverifyittogether,andthen Iaddittomykeyring. Thissimplydoesn’tscale,however—youcan’tgotrackingdownpublickeysforeveryoneintheworld!There’salsoa certainrecursiveprobleminsendinganemailtogetakeyto verifytheauthenticityofanemailyoujustreceived. Fortunately,OpenPGPhasakeydistributionmethodthat coversthewholeworld.
Keyservers OpenPGPhasspecialInternetserversdesignedspecifically forhandlingandsharingOpenPGPkeys.Thesekeyservers aremuchlikeotherInternetserversthatarecustomizedto handlewebpages,email,oranyotherprotocol.OpenPGP includeshookstoautomaticallycommunicatewithOpenPGPcompatiblekeyservers. Therearemany,manykeyserversthroughouttheworld. Mostofthemreplicatetheirkeydatabasesbackandforth, ensuringthateveryone’skeyswillbeavailableupondemand. TraditionalOpenPGPkeyserversallowedanyonetoupload akeyforanyemailaddress.ThiswasgreatwhentheInternet wasamoretrustingplace,buttodayitisn’tasuseful.The PGPCorporationprovidesa“verifiedPGPkey”service,in whichyoucanuploadakeyandsendanapprovalemailtothe addressinthekey.Onlythekeyownercanapprovethatkey forlistinginthekeyserver,whichprovidesacertainlevelof authorization—Mallorymustcontroltheemailaccountofa personhewantstospoofakeyfor,andifhecandothatthen OpenPGPwon’tdoanythingtostophimanyhow. Understanding OpenPGP
37
W A RN IN G
Beforesendingyourpublickeytotheworld,becertainthatyouhave madetheproperpreparationstouseOpenPGP.Backupyourpublic andprivatekeys.Createarevocationcertificate.Storethewholemess inasafeplace.Failingtodothesethingsmightresultinyourposting an“orphaned”keytotheworld,whichmeansthatyouwillreceive encrypted(andpresumablyimportant)emailthatyoucannotread.If indoubt,don’tputyourkeyonakeyserverforalittlewhile.Youcan alwaysuploaditlater. Keyserversarenotthebe-allandend-allofpublickey distribution.Itdoesn’thurttoputyourpublickeyonyour website;ifnothingelse,itprovidesonemorelevelofconfirmationofakey’saccuracyforthosepeoplesufficientlyparanoid tocheck. ManyuserswithaccountsonsharedUnix-likesystemsput theirpublickeyintheirfingertextorplanforothersystem userstosee.Thesemethodsareperfectlyfineasadd-onsbut don’tintegratewellwiththeOpenPGPinfrastructure.Your averageOpenPGPuserwon’twanttotrackdownthewebpage ofacorrespondent—shewantsheremailclienttosimplygoto akeyserverandgrabthekey! Somepeoplechoosetonotusekeyserversfortheir ownreasons.Perhapstheydon’twanttoreceiveOpenPGPencryptedmailfromrandompeopleortheyhavefundamental architecturaldisagreementswiththesecurityofthekeyserver system.Thesepeoplepublicizetheirkeyswiththeirownpreferredmethods,andyou’llhavetojumpthroughthehoops they’vedevisedtocommunicatewiththem. Peoplecananddohavelegitimateconcernsaboutthe reliabilityandintegrityofthekeyserversystem;they’rean exampleofsomethingthatwasimplementedbeforethe Internetbecamesopopularandthatwenowhavetolive with.IfOpenPGPwereimplementedfromscratchtoday, wewouldprobablyusesomethingdifferent,butthesame canbesaidfortheWeb,foremail,andforalltheother protocolsthatmaketheInternetwhatitistoday.However, keyserversareafarbettersystemthantheInternet’sdefault, whichistoprovidenomeansofverifyingauthenticity. Nowthatyouknowwhatthesoftwareyouchosewillbe doing,let’sseehowtoinstallbothPGPandGnuPG.
38 Chapter 2
3
INSTALLING PGP
PGPCorporationproduces severaldifferenttypesofPGP software,fromPGPDesktopto PGPCommandLine,andseveral differententerprise-levelproducts.We’ll focusonthedesktopPGPsoftwareuseful formostpeople.Toanenduser,alltheversionsbehavesimilarly;theyallimplement theOpenPGPstandard,afterall!Thevariousdesktopproductsdohaveslightlydifferentfeatures,however,andyou shouldtakethosefeaturesintoconsiderationwhenpurchasingthesoftware.Forexample,asofthiswritingPGPhas two“desktop”versions:HomeandProfessional.TheHome versionprovidesbasicemailfeatures,whereasProfessional givesyoutheabilitytoencryptyourentireharddriveaswell. Choosetheversionwhosefeaturesbestsuityourneeds.
Downloading PGP Tobegin,downloadPGPfromthecompanywebsite,www.pgp .com.(Iwon’tprovideanexactURL,mainlybecauseweb designersseemtomakeahabitofredesigningtheirwebsites withinaweekofoneofmybooksgoingtopress!)PGPprovidesafree30-daytrialofits“homedesktop”software,aswell astheoptiontopurchaseimmediately.The30-daytrialisn’ta badwaytogetatastewithoutlayingdowncashfortheprivilege.Ifyoulikeit,youcanbuyalicensecodeonthewebsite. Withinadayortwoofyourorder,you’llreceiveanemail thatincludesalinktowhereyoucandownloadthesoftware,a listofinstructions,andlicensenumbers.Keepthisemail!Not onlywillyouneedthisinformationtoinstallPGP,youwillalso needitifyourequiresupport.EachPGPdownloadandlicense keyisspecifictothepersonwhoorderedit:Ithastheuser’s name,emailaddress,andsoonhard-codedintoit.Thismeans thatifIorderPGPformywife,Imustputhername,heremail address,andherotherinformationontheorderform.IfIput myinformationinthedownloadform,thesoftwarewillbe licensedformyuseinsteadofhersandwillnotwork. ThedownloadincludesatypicalWindowsinstallationEXE file.Double-clickittogetstarted.
Installing PGP Theinstallerbeginswithatypicallicensescreen.Read thiscarefullyandagreeifyouwanttocontinuetheinstall. You’llthenseeapop-upthatcontainsthereleasenotes,and describesallthefeaturesandintegrationsupportedbythisversionofPGP.Afteratypicalslidingbluebarshowsyouthefiles beinginstalled,you’llbeaskedtoreboot.Afterthereboot,log intotheuseraccountinwhichyouintendtousePGP,anda pop-upwindowwillaskifyouwanttousePGP.SayYes. TheLicensingAssistantconfirmsthatyouhaveavalidPGP license.Enteryourname,organization,andemailaddress exactlyasyouenteredthemintheorderform.(Ifyouforgot,they’reincludedintheemailwithyourlicensecode.) Figure3-1showsasampleofthePGPLicensingAssistant. Thenextwindowasksforyourlicensecode.Asofthis writing,thelicensecodeisa28-characteralphanumericstring includedinyourorderform.Youcanalsorequesta30-day evaluation,purchaseafulllicense,orusetheprogramwithout alicenseinacrippledmode.(UsingPGPwithoutalicense allowsyoutoaccessfilesthatyouhavepreviouslyencrypted, butnotmuchelse.)Enteryourlicensekeyandcontinue. 40 Chapter 3
Figure 3-1: The PGP Licensing Assistant
AfterPGPvalidatesyourlicensekey,you’llbeaskedifyou’re anewuserorifyouwanttoimportpreviousPGPkeys.Select NewUser,andPGPwillbeginthekeygenerationprocess.The firstscreenofthePGPSetupAssistantrequestsyourfullname andyourprimaryemailaddress,asshowninFigure3-2.
Figure 3-2: The Name and Email Assignment screen
TheMorebuttonandtheAdvancedbuttonareimportant.Ifyouhavemorethanoneemailaccountthatyouwant tosecurewithPGP,selectMoretocreatemorespacetolist emailaddresses. Ifyou’replanningtocommunicateonlywithpeoplewho useofficialPGP,Inc.software,you’reallset.However,ifyou Installing PGP
41
wanttouseOpenPGPwithanyonewhousessoftwarefromany OpenPGPvendor,clicktheAdvancedbutton.You’llseethe AdvancedKeySettingsdialogbox,asshowninFigure3-3.
Figure 3-3: The Advanced Key Settings dialog box
Key Type OpenPGPsupportsmanydifferenttypesofkeys,includingkeys thatarevalidforsigningmessagesbutnotencryptingthem, keyscompatiblewitholderversionsofOpenPGP,andsoon. ThemodernstandardforaverageemailuseisRSA.
Key Size Thisisthekeylengthinbits,asdiscussedin“YourKeypair”on page32.Thedefaultis2048andshouldbesufficientformost people.Longerkeypairsareusefulonlyifyourdatashould remainconfidentialdecadesorcenturiesfromnow.
Expiration Choosewhethertohaveyourkeyexpireatacertaintime(as discussedinChapter2)ortoneverexpire.Irecommendthat yousetanexpirationdatenomorethanoneyearinthefuture, atleastonyourfirstkeypair.
Ciphers RememberfromChapter1thatacipherisamethod ofencryptingtext.PGPpresentsalistofciphersitwill 42 Chapter 3
understand,includingAdvancedEncryptionStandard(AES), Cast,TripleDES,IDEA,andTwofish.Thedifferencesbetween theseciphersaregenerallyonlyofinteresttocryptographers; today,almosteveryoneusesAES.The“preferred”cipheristhe oneyoursoftwarewillusebydefaultwhencomposingmessages.AlmosteveryonecomposesmessagesinAEStoday,and everyonewithmodernsoftwarecanreadit;itisbesttoleaveit asyourpreferredcipher. OnethingthatsetsPGPapartfromotherOpenPGPimplementationsisthatitcanusetheIDEAcipher,buttoday’sPGP doesn’tunderstandIDEAbydefault.IfyouwanttoreadIDEAprotectedmessages,youmustcheckitsboxonthelisthere.
Hashes DifferentOpenPGPimplementationssupportdifferenthash algorithms.(WediscussedhashesinChapter1.)Eachofthe algorithmslistedhereisjustadifferentwaytogeneratehashes. Checkingtheboxesforadditionalhashalgorithmsdoesn’t meanthatyou’llusethemwhencomposingmessages,but itdoesmeanthatPGPwillunderstandmessagessentusing thesealgorithms.Someofthesehashesareolder,weaker,and effectivelybroken,soyoumustchoosewhattosupport.For maximumsecurity,selecteverythingbutMD5andSHA-1. Formaximumcompatibility,includingcompatibilitywith messagessentbyoldersoftwareusingtheseolder,weaker algorithms,selectallthehashes.ClickOKtocontinuewith theinstallandbringupthePassphraseAssignmentscreen, showninFigure3-4.
Figure 3-4: The Passphrase Assignment screen Installing PGP
43
ThePassphraseAssignmentscreeniswhereyou’llenter yourall-importantpassphrase.AsdiscussedinChapter1,a goodpassphraseisafundamentalpartofusingPGP.Tohelp youchooseagoodpassphrase,agreenbarwillscrollacrossthe middleofthescreeninthePassphraseQualitybarasyoutype yourpassphrase.Ifyourpassphraseisgoodenoughforaverageuse,thegreenwillfilltheentirespaceprovided.Choosea goodpassphraseandsecureitasdiscussedinChapter1. PGPthengeneratesyourkey.You’llseeprettyflashing lightsonthescreentoassureyouthatthecomputerisactuallydoingsomethingasitcomputesawholebunchofrandom numbers,stringsthemtogether,andcallsthemyourkey.When complete,you’llbeaskedtoclickNext. Thenextscreenofferstopublishyourpublickeyusingthe PGPGlobalDirectoryAssistant,asshowninFigure3-5.We’re notquitereadytodothatyet,soclickSkip.(AlthoughtheofficialPGPcorporatekeyserversallowuserstoremovetheirown OpenPGPkeys,it’sbesttohavearevocationcertificatebefore publishingthecertificateanywhere!)
Figure 3-5: The PGP Global Directory Assistant
PGPthenofferstofindyouremailandAOLInstantMessengeraccounts,sothatcommunicationsbetweenyouand otherPGPuserswillbeautomaticallyencrypted.Letitdoso; itwillsaveyouthetroubleofconfiguringtheseaccountslater. (AddingPGPtoyourAIMoremailaccountswillnotinterfere withyourabilitytosendunencryptedmail.)JustclickNextto letPGPfindyouraccountsandcontinueonitsway. TheinstallerthendisplaysthestandardpoliciesthatdeterminewhenPGPwillencryptmessages.We’lldevotemostof 44 Chapter 3
Chapter9toPGPpolicies,sofornowjustclickNexttofinish theinstallation. Congratulations!PGPisnowinstalledonyourcomputer. Nextwe’llbackupyourkeyforsafety,andgeneratearevocationcertificatesoyoucanpublishyourPGPkey.
PGP Key Backups YoumanageallyourPGPsettingsandperformmostPGP tasksthroughthePGPDesktop,accessibleundertheWindowsStartProgramsmenu.We’llbeginbybackingupyour privatekey. 1. OpenthePGPDesktop.Youshouldseeadesktopsimilar toFigure3-6.
Figure 3-6: The PGP Desktop
2. You’llseetwokeyswhenyoufirststartyourdesktop:the onegeneratedduringtheinstall(forGregDonner,inthis example),andthePGPGlobalDirectoryVerificationKey. (Thelatter,whichisusedbythePGPCorporationtoverify keys,isincludedwithallPGPinstalls.)Right-clickyourkey andselectExport. 3. AfairlystandardSavepop-upwindowdisplays,asshown inFigure3-7,withoneexception:theIncludePrivate Key(s)boxinthelower-leftcorner.Youmustcheckthisbox beforesavinginordertosaveyourprivatekey.Ifyoudon’t,you willbebackinguponlyyourpublickey,whichisthesame informationthatwillbeavailableondozensofkeyservers worldwidebeforelong. Installing PGP
45
Figure 3-7: Saving an exported key
4. Saveyourprivatekeyandsavethefile.Bydefault,saving createsafileusingyournameanda.ascextensionunder yourMyDocumentsfolder.Backupthisfilesomewhere, asdiscussedinChapter1,soifyourmachineislostor destroyedyoucanaccessPGP-encryptedmessagesyou willreceiveonyournewcomputer.
Important Installation Locations PGPstoresitsapplicationdatainyourApplicationDatadirectoryunderafoldercalledPGPCorporation.Althoughthe installprocesssetthepermissionsonthisfoldersothatonly youcanaccessit,becertainthatyoudon’tchangeitinthe courseofday-to-daywork.Whenyoubackupyoursystem,be suretoincludethisfolder! Similarly,PGPinstallsRegistrykeysunderHKEY_LOCAL_ MACHINE/SOFTWARE/PGPCorporation.TheseRegistry keysarenotuser-configurable,butdobesuretoincludethem inyoursystembackups.
Revocation Certificates and PGP RememberfromChapter2thatarevocationcertificateallows youtotelltheworldthatyourpublickeyisnolongervalid. Thisisimportantifyourcomputerisdestroyedoryourpassphraseisstolen.IfyouareusingPGPonlytosecurefileson yourdisk,andnottoevertransmitencrypteddatatoothers, strictlyspeakingyoudonotrequirearevocationcertificate. Still,itisagoodideatogeneratearevocationcertificateanyway,eventhoughit’stediousandannoying.However,ifyou willeverusePGPtosendmailtootherpeople,youmusthavea revocationcertificate. 46 Chapter 3
PGPdoesallowyoutorevokeakeywithouttherevocationcertificate.Thissoundslikeiteliminatestheneedfora revocationcertificate,butitworksonlyforkeysstoredonthe PGPGlobalDirectory.Ifyoumakeyourkeyavailableonany keyserverotherthanthePGPGlobalDirectory,orifthereisa possibilitythatsomeoneelsemightmakeyourkeyavailableon someotherkeyserver,1youmusthavearevocationcertificate. PGPallowsyoutohave“designatedrevokers”whocan sendarevocationcertificateonyourbehalf,butthisisusefulonlyinacorporateenvironment.Icouldchoosetohavea familymemberasadesignatedrevoker,butifmycomputeris destroyed,it’sentirelypossiblethattheirswillbeaswell. Generatingarevocationcertificateisalittlebittediousin PGPDesktop,butnotundulydifficult.Togeneratearevocationcertificate,youmustdisableautomatickeyserverupdates, confirmthatyourkeypairisbackedup,generatetherevocationcertificate,savethecertificate,reinstallyourkeypairfrom thebackup,andsettheprivatekeyproperties.
Disabling Keyserver Updates AsdiscussedinChapter2,akeyserverisapublicrepositoryof publickeys.Beforeyougeneratearevocationcertificate,be surethatyourPGPinstallisnotautomaticallysendingupdates tothekeyserver;youdon’twantyourrevocationcertificate senttothekeyserverimmediatelyupongeneration! BeginwiththePGPOptionsmenu,asshowninFigure3-8. (InPGPversion9,thisisundertheToolsmenu.)Underthe Keystab,lookfortheSynchronizationsectionandacheckbox calledAutomaticallySynchronizeKeysWithKeyservers.Confirmthatitisnotchecked.
Figure 3-8: The PGP Options Keys tab with synchronization off
1
Yes,itisrudetopublicizesomeoneelse’spublickey.Theworldisfullofrude people,andIrarelygowrongbyassumingthatsomeonewilldosomething rudetomyproperty. Installing PGP
47
Rememberwherethisisbecauseyou’llwanttoturnitback onafterwecreatetherevocationcertificate.
Revoke the Key Nowit’stimetoactuallygeneratetherevocationcertificate. Beforeproceeding,beabsolutelycertainthatyouhavebacked upyourkey,includingtheprivatekey,asdiscussedin“PGP KeyBackups”onpage45.Generatingtherevocationcertificatewillmakethekeypairyouhaveinstalledunusable,and youwillneedtorestoretheusablekeypairfrombackup!If you’reinanydoubtwhatsoever,backupyourkeyagain,with theprivatekey. Togenerateyourrevocationcertificate: 1. Right-clickyourkeyinthePGPDesktopandselectRevoke. You’llseeapop-upwindowthatasksyoutoconfirmthat youwanttorevokethiskey,asshowninFigure3-9.Click Yes.Adialogboxdisplays,askingforyourpassphrase(see Figure3-10).
Figure 3-9: The PGP revocation warning
Figure 3-10: The PGP Passphrase dialog box
2. Afteryouenteryourpassphrase,notethattheentryfor yourkeyisinitalicsandnolongerhasagreendotbyit. Thiskeyisrevoked,atleastinyourPGPsetup. 3. Nowre-exporttherevokedkey,justasdescribedin“PGP KeyBackups”onpage45.Besuretoexporttheprivatekey aswell.Givethisbackupadifferentnamefromyourpreviousbackup,however;donotoverwriteyournonrevoked
48 Chapter 3
keywithyourrevokedkey!Thisexportedrevokedkeyis yourRevocationCertificate.Saveitforlater,andbackit upinasafeplacejustlikeyourotherbackup. Nowthatyouhavearevocationcertificate,deletethekey. GobacktothePGPDesktop,right-clickyourkey,andchoose Delete.Youwillgettwowarnings,asshowninFigures3-11and 3-12.Thefirststatesthatbydeletingtheprivatekey,others willbeabletoencryptmessagestoyouthatyouwon’tbeable toread.Becauseyouhaveabackupofyourprivatekey,this isn’tanissue.WhenyouchooseOK,PGPthenwarnsyouthat deletingtheprivatekeyispermanentandunrecoverable.If youdon’thaveabackup,thisisverytrue.YounowhaveaPGP Desktopwithonlyonekey:thePGPGlobalDirectoryVerificationKey.
Figure 3-11: First private key deletion warning
Figure 3-12: Second private key deletion warning
Re-import Your Private Key Touseyourprivatekey,youmustre-importit. 1. GototheFilemenuandselectImport. 2. Selectthebackupthatincludesyourprivatekey.Apop-up appears,asshowninFigure3-13,whichasksyoutoselect thekeyyouwanttoimporttoyourkeyring.There’sonly onechoiceinthisbackup:yourown.Selectitandclick Import. Youwillseeapop-upwindow,warningyouthatyouare importingprivatekeysandthatyouneedtoassignthetrust manually,asshowninFigure3-14.ClickOK. Installing PGP
49
Figure 3-13: Choose a key to import.
Figure 3-14: The private key import trust warning
Yourkeyisnowbackonthelistofkeys—congratulations! Notethatthelittlecircletothefarrightisgrayedout,however; thiskeyisn’tvalidatthemoment.Youneedtomanuallytell PGPtotrustthiskey.
Key Properties TotellPGPtotrustyourre-importedkey,beginbyrightclickingthekeylistingandselectingPropertiestobringup thekeypropertiesdialogbox,inwhichyouwillmakechanges toyourpersonalkeys(seeFigure3-15).Theoptionshereallow youtochangeanythingyouwant.Youcanmakemistakesthat willimpairyourabilitytousePGP,however,sobeverycareful withwhatyoudo.Unlessyouknowexactlywhatafieldmeans anditsimplicationsforOpenPGPinteroperability,it’sstrongly recommendedtoleaveextrafieldsalone! Thefunctionofmanyoftheoptionshereshouldbeobvious:Toaddanemailaddressorchangeyourpassphrase,click theappropriatebox.Youcanchangeorremoveanexpiration datewiththeExpirestab,andsoon.Whenrestoringaprivate keyfrombackup,weneedtheTrustfield. Trustindicateshowmuchyoutrustthekey,asdiscussedin Chapter2.Becausethisisyourprivatekey,generatedbyyou, you(hopefully!)trustitcompletely.Clickthedrop-downmenu andchangeittoImplicit.Thistakesplaceimmediately,withouttheneedtoclickOKsomewhere. 50 Chapter 3
Figure 3-15: PGP key properties
Using the Revocation Certificate IfyouforgetyourpassphraseorifyoubelievethatMalloryhas compromisedyourkeyinsomemanner,importyourrevocationcertificateandupdatethekeyserver.Thiswillpublishthe revocationcertificate,andeveryonewhoupdatestheircopyof yourkeywillgetanotificationthatyouhaverevokedyourkey.
Keyservers and PGP RememberfromChapter2thatakeyserverisamachinethat providesadirectoryofOpenPGPkeys.ThePGPCorporationprovidesakeyserverforPGPusers.Thisserviceworksa littledifferentlyfromotherPGPkeyserversinthatitisemailverified. WhenyouinstallPGP,thesoftwareautomaticallysubmits yourpublickeytothePGPGlobalDirectory.Asaverification step,theGlobalDirectorysendsanemailtotheaddressspecifiedinthekey;ifyougavePGPtherightemailaddress,you’ll receivethatemail.Clickingthelinkenclosedintheemailwill addyourkeytotheGlobalDirectory. Unlikemanyotherkeyservers,theGlobalDirectorydoes notshareitskeyswithotherkeyservers,nordoesitmirrordata inotherkeyservers;itisconsideredanew,“clean”keyserver thatlacksthedecade-plusofcruftthathasaccumulatedin otherpublickeyservers.Ifyouwanttoputyourkeyinother keyservers,youwillneedtosubmitittothemseparately. Installing PGP
51
OTHER PGP KEY DETAILS I said you don’t need to worry about the details of other fields in the PGP key properties screen, but some of you out there will wonder anyway. If not knowing things bugs you, here are the basics on what some of these other fields mean. Tampering with any of them is a good way to make your OpenPGP key unusable. You have been warned. ID is your OpenPGP keyid. Type is the cipher used in this key. The modern standard for average users is RSA. Size is the number of bits in the key. Keyserver allows you to assign a preferred keyserver for this key. Expires lets you set or change an expiration date for this key. Group lets you state whether this key is used by a group of people. (We’ll discuss keys for groups in Chapter 11.) Cipher lets you choose the algorithm this PGP key prefers to use. Hash lets you choose the hash method this PGP key prefers to use. Compression lets you choose the compression method this PGP key prefers. Note that there is a Change Passphrase button in the Key Properties screen, which you can use without damaging your key.
Tosubmityourkeytotheolderkeyserverhierarchy,finda websitethattakeskeysubmissions.Onethathasbeenrunning formanyyearsishttp://pgpkeys.mit.edu,andasimilarservice isavailableatmanysitesinhttp://subkeys.pgp.net.Ifthat siteisdown,aGooglesearchforsubmitPGPkeywillbringup anynumberofkeyserversthatprovidethisservice. Afteryoulocateyourkeyserver,right-clickyourkeyinPGP Desktop.You’llseeanoptiontoCopyPublicKey.Selectthis optiontocopythepublickeyintothesystemclipboard,then pasteitintothewebsubmissionform.You’redone—nottoo hard,wasit? Congratulations!YoufinishedsettingupPGP.Although PGPinvolvesalotofnitpickydetails,comparethesizeofthis chaptertothesizeofthenextandbegratefulthatyou’regettingoffeasierthantheGnuPGpeople.
52 Chapter 3
4
INSTALLING GNUPG
GnuPGisfreelyavailablevia theInternet,andyoucangeta varietyofready-to-useversions foranynumberofoperatingsystems,sourcecode,customizedversions, andadd-onsinawholevarietyofplaces. AlthoughGnuPGitselfisextremelyreliable,someoftheseadd-onsandversions mightnotofferthequalityyouhopefor. Gettingtherightsoftware,installingit properly,andconfiguringitsuitablywill preventalotofproblemslater. We’llbeginbydiscussingtheeasiest-to-useversionsof GnuPG—precompiledbinaries—andproceedtothemore obscureandunusualvariantsofthesoftware.
N O TE
Youmightfindthattheinformationyouneedappearsearlyinthis chapter.Ifthat’sthecase,feelfreetoreadonlywhatyouneedandskip therest.Thisisespeciallyapplicableifyou’reaWindowsuserwhois notinterestedinbuildingGnuPGfromsourcecode. TheofficialhomeofGnuPGontheInternetis www.GnuPG.org.Considerthisthemasterauthoritative sourceofGnuPGprograms,code,andinformation.Ifyou readanythingthatconflictswithinformationatthiswebsite, chancesarethatthewebsiteiscorrectandtheoutsidedocumentiswrong.(BecauseGnuPGisundergoingconstant developmentandthisbookisstatic,thewebsiteevenoverridesthebookyou’rereadingnow!)
Downloading GnuPG TodownloadacopyofGnuPG,startatthemainwebsiteand followtheDownloadlink.ThislinktakesyoutoapagecontaininglinksforvariousUnix-likeoperatingsystemsaswell asWindows.(Youcanchoosetodownloadfromamirrorsite insteadofthemainsite,whichwillreducetheloadonthe mainserverandwillalmostcertainlyresultinafasterdownload.)Chooseyourversionanddownloadit,butdon’tunzipor installityet! GnuPGisawell-knownsecuritypackage,usedbycountless peopleallaroundtheworld.Assuch,ifMalloryweretoreplace theofficialversionofGnuPGwithhisownslightlymodified version,hewouldhaveabackdoorintoeveryone’ssupposedlysecuredata.Therefore,theGnuPGsoftwaredistribution isatargetforallsortsofbadpeople,fromboredteenagersto criminals. Youmustbecertainthatthesoftwareyoudownloadis thesamesoftwarethattheGnuPGdevelopersmadeavailable. (ThisisequallytrueofthePGPsoftware,butPGPisprovided byacorporationwithastaffpaidtotakecareofdownload integrity.VolunteersprovideGnuPG.)That’swherechecksums comeintoplay.
Checking Checksums Achecksum(relatedtoahash,asdiscussedinChapter1)is a“fingerprint”ofafile.Ifthefilechangesinanyway,the checksumalsochanges.Mathematicianshavedevelopedmany differentmethodsofgeneratingchecksums,buttheGnuPG developersprefertheSHA1method. 54 Chapter 4
Ifyoulookatthedownloadsiteclosely,you’llseethree offeringsforanygivenversionofGnuPG. GnuPG 1.4.0a compiled for Microsoft Windows. Signature and SHA-1 checksum for previous file. 28be01b7f8eaa29db73d11bf8b9504e823c07c2b gnupg-w32cli-1.4.0a.zip
ThefirstentryistheGnuPGprogramitself.Thesecond entryisafilecontainingadigitalsignatureofthefirstdownload.Adownloadisamessagelikeanyother,andcheckingits digitalsignatureisthepreferredwaytoconfirmitsintegrity. Thisgivesusachicken-and-eggproblem,however:Howcan youverifythesignatureonthesoftwarethatverifiessignatures?Fortunately,youhaveanalternative.Thedevelopers havemadeachecksumavailableforthedownloadedfile gnupg-w32cli-1.4.0a.zip.(Remember,achecksumissimilarto ahash.)Althoughachecksumaloneisn’tasreliableasacompletedigitalsignature,it’sbetterthannothing.
Calculating Checksums Under Windows Microsoftoperatingsystemsdonotincludeachecksumcalculator,buttherearemanyfreelyavailable.GnuPGmakesa Windowschecksumcalculatorfreelyavailableatwww.gnupg .org,butit’snotasfull-featuredasIwouldprefer.Ilike DigestIT2004,afreewareprogramthatintegratesnicely intotheWindowsdesktop.YoucanfindDigestITeasilyvia aGooglesearchorbyfollowingthelinkonwww.pgp-gpg .com.Whenyouright-clickafile,a“digestIT2004”menuitem offersyouthechoiceofcalculatingorcomparingbothMD5 andSHA1checksums.Checksumsaresovaluableatoolfor verifyingtheintegrityofdownloadedsoftwarethatIhighly recommendinstallingandconscientiouslyusingthistool.
Calculating Checksums Under Unix ManyUnix-likeoperatingsystems(includinganyBSDand mostversionsofLinux)includeaSHA1checksumcalculator. Ifoneisnotincluded,youcandownloaditfromyoursystem vendor’swebsite.Computethechecksumofafilesimplyby runningthesha1orsha1sumcommand,asfollows.(Ifyoursystemhasneithersh1orsha1sum,itprobablyhasopenssl.Use openssl sha1instead.)
Installing GnuPG
55
# sha1 gnupg-w32cli-1.4.0a.zip SHA1 (gnupg-w32cli-1.4.0a.zip) = 28be01b7f8eaa29db73d11bf8b9504e823c07c2b #
Comparethechecksumgeneratedbyyourchecksum programtothechecksumprovidedbytheGnuPGdevelopers.1 Iftheymatch,youcanbefairlycertainthatMalloryhasnot tamperedwiththesoftwareyoudownloaded. N O TE
Forthebestpossiblesecuritywithoutusingdigitalsignatures,compare thechecksumofthefilewithachecksumtakenfromadifferentdownloadsite. Regardlessofhowyoucalculateyourchecksums,ifthey donotmatch,yourdownloadwascorrupted,yourchecksum programisdefective,theGnuPGdevelopersdidn’tupdate theirchecksumwhentheyupdatedthesoftware,orthesoftwaremighthavebeentamperedwithontheoriginalwebsite. Themostlikelycaseisthatyourdownloadwentamokinsome way.Trydownloadingagain,perhapsfromadifferentsite.If youstillcannotgetadownloadwithamatchingchecksum, askforhelponthegnupg-usersmailinglist(availableat www.gnupg.org). NomatterwhichversionofGnuPGyouinstall,you’llhave aGnuPGhomedirectorywithseveralimportantfiles.Although thatdirectorywon’texistuntilyouinstallyourdesiredversion ofGnuPG,we’lllookatthiscommoninformationbeforeproceedingtoplatform-specificdetails.
GnuPG Home Directory GnuPGstoresallitsinformationinahomedirectory.OnUnixlikesystems,thisdirectorydefaultsto$HOME/.gnupg.On Microsoftoperatingsystems,itdefaultstoC:\Documentsand Settings\username\ApplicationData\Gnu\GnuPG.We’llreferto thisdirectoryastheGnuPGhomedirectory.Unlessyouhave areallygoodreasontonotusethedefaultdirectorylocation (andenjoytypingadditionalcommand-lineoptionseverytime yourunaprogram),stickwiththedefault. GnuPGwillcreateseveralfilesinthisdirectory.
1
secring.gpg
Yoursecretkeyring
pubring.gpg
Yourpublickeyring
Ofcourse,inthisexamplewe’recheckingtheWindowsversiononaUnixlikesystem,whichisn’tentirelyuseful.Butyougettheidea.
56 Chapter 4
trustdb.gpg
Yourtrustdatabase
gpg.conf
YourGnuPGconfiguration
Theonlyoneofthesefilesthatyouneedtobeatallconcernedwithrightnowisgpg.conf(therestofthefilesare discussedinChapter7).Thegpg.conffileiswhereyoustore anylocaloptionsforusingGnuPG.(We’lldiscussvarious optionsthatyoumightsetthroughoutthebook.)
gpg.conf Ifgpg.confdoesn’texistinyourGnuPGhomedirectory,go aheadandcreateit.(OnaWindowssystem,besuretouse atexteditorsuchasNotepad,notawordprocessorsuchas MicrosoftWord.) Thegpg.conffilecontainsanumberofvariables,andeach variablenameisfollowedbyitsvalue.Forexample,here thevariablekeyserverisassignedthevaluehkp://subkeys.pgp.net. #preferred keyserver keyserver hkp://subkeys.pgp.net
Linesingpg.confthatbeginwithahashmark(#)are comments. Somevariableshavenovalue;theirmerepresenceenables them.Forexample,addingthestatementno-secmem-warning onitsownlinetogpg.confsilencesthoseannoying“using insecurememory”messagesthatyouseeonsomeUnix-like systems. N O TE
Ifyou’reusingaMicrosoftoperatingsystem,makesurethatWindowsdoesn’tautomaticallyaddanextensiontothefilenameswhen youedit,suchasgpg.conf.txt.ThiswillconfuseGnuPG,whichwill inturnconfuseyou.
Installing GnuPG on Windows GnuPGrunsonbothWindowsNT–basedsystems(including 2000,2003,XP,andtheirdescendants)aswellasWindows 95–basedsystems(suchasWindowsMeandthevariouspermutationsofWindows98). Ifyouaretheonlyuserofyoursystem,installationisvery simple,butthereareveryserioussecurityconcernswhenusing GnuPGonamultiuserWindows95–basedsystem.Remember, Windows95isn’treallyamultiuseroperatingsystem;themultiuserfunctionsareanafterthoughtandreallyonlyamount Installing GnuPG
57
tolettingeachuserchooseindividualwallpaperandicons. Anyonewithphysicalaccesstothatsystemcangetatyourconfidentialdata,andthere’snothingyoucandoaboutit. N O TE
NomatterwhichversionofGnuPGyouinstall,youprobablyalsowant toaddthegpgprogramtoyourPATHenvironmentvariable,sothat youcanrungpgfromacommandprompt.Todoso,right-clickMy ComputerandselectProperties.GototheAdvancedtabandselectthe EnvironmentVariablesbutton.IntheSystemVariablesbox,you’llsee aPATHvariable.EditittoincludethepathtoyourcompletedGnuPG installation.
Command-Line GnuPG Win32 Installation Atheart,GnuPGisacommand-lineprogram,whichmeans thatinstallingitwon’tbeaspointy-clickyas,say,installing MicrosoftOffice.MostWindowsuserspreferaGUIclientwith nicebuttonsandboxes,however,andGnuPGhasseveral.We’ll discussthefreelyavailableWindowsPrivacyTray,orWinPT,in thenextsection.Butfirst,here’showtoinstallthecommandlineversionofGnuPGonyourmachine. N O TE
Ifyoupreferapointy-clickyGnuPG,skiptothenextsectionandinstall WinPTinsteadofthecommand-lineversion. 1. Gotowww.gnupg.organdfollowtheDownloadlink.You’ll seealinkforGnuPGforWindows.Downloadthesoftware toatemporarylocationonyourharddriveanddoubleclicktheEXEfiletobegintheinstallation. 2. GnuPGwillstartbyaskingyouwhichlanguageyouwant theinstallertouse,asshowninFigure4-1.Asofthiswriting,theGnuPGinstallersupportsEnglishandGerman, butmorewillbeaddedasvolunteersdothework.Itwill thenshowaverytypicalWelcomescreen,displaytheGPL licenseforyourperusal,andfinallyallowyoutochoosethe componentsyouneed.AcompleteGnuPGversion1.4.2 installtakesonly4.2MB,soyoumayaswellsimplyinstall thewholething.(Thisissmallerthanmanyvideofiles peoplemailaroundtoday!)
58 Chapter 4
Figure 4-1: Installer Language selection
3. You’llgetachancetochoosethelanguageGnuPGwill use—nottheinstallerlanguage,asyouwereshown before,buttheactualinstalledlanguage.Asshownin Figure4-2,youcanchooseamongmanydifferenttongues, fromBelarusiantoTurkish,includingassortedvariants ofChinese,Portuguese,Spanish,andotherdialectsof commonlanguages.
Figure 4-2: GnuPG Language Selection
4. Allowtheinstallertousethedefaultfolder,asshownin Figure4-3—manyadd-ontoolsexpecttofindGnuPG thereandwillbeeasilyconfusedbychanges—andletit createtheStartMenuitem.WhenyouclickNextagain, GnuPGwillbeinstalledonyourmachineandreadytogo! AfterGnuPGisinstalled,youmustcreateanOpenPGP keypair,asdiscussedattheendofthischapter.Thekey creationprocessisthesameforbothWindowsandUnixlikeversionsofGnuPG.
Installing GnuPG
59
Figure 4-3: The GnuPG installation folder
Graphical GnuPG Installation SeveralpeoplehavewrittenGnuPGforWindowsfrontends, includingsuchprogramsasGPGShellandGPGEE.Myfavorite isWindowsPrivacyTray,orWinPT,agraphicalinterfacefor GnuPGthatisintegratedintothedesktopjustlikeanyother Windowsprogram.
WinPT WinPT(www.winpt.org)concealsmuchofthecomplexityof GnuPGbehindafriendlyinterface.Ifyou’rejustinterested ingettingGnuPGworkinginahurry,WinPTisforyou.Ifyou findthatyoudon’tlikeWinPT,checkoutsomeofthealternativefrontends.Theyallhavesimilarfunctions,andwhenyou canworkone,youcanworkthemall. N O TE
WinPTisintegratedwithaparticularreleaseofGnuPG,and changestoGnuPGmightmakeWinPTstopworking;therefore,WinPT includestheappropriateversioninitsinstallfile.Thismeansthatyou shouldn’tinstallthecommand-lineversionofGnuPGbeforeinstalling WinPT. ToinstallWinPT: 1. First,createaWinPTfolderinMyDocumentsandsetthe permissionsontheWinPTfoldersothatonlyyouhave therighttoaccessit.Asofthiswriting,theWinPTinstaller
60 Chapter 4
doesnotallowyoutocreatethisfolderduringtheinstall. (Thismightwellbefixedbythetimeyoureadthis;WinPT isimprovingrapidly.) 2. Afteryoucreatethefolder,runtheinstallerbyclickingthe EXEfile.Theinstallerwilldisplayawarningaboutuser rights,asshowninFigure4-4.Thiswarningonlymeans thatifyou’renotanadministrativeuserofthismachine, youwon’thavethepermissionsneededtoinstallWinPTin thestandarddirectory.Youknowyoushouldbeinstalling GnuPGonlyonasystemthatyoucontrol,butyoumight decidetodootherwise.GnuPGallowsyoutoverifysignaturesevenifyoudon’thaveyourownprivatekey,afterall, andsignatureverificationisanimportanttoolinmany environments.
Figure 4-4: WinPT user rights message
3. You’llbepresentedwiththetypicalWelcometotheGnuPT SetupWizard–CloseAllYourOtherApplicationsscreen andclick-throughlicenses.Thelicenseinthiscaseisthe GNUGPL,justliketheGnuPGlicenseitself. 4. Whenaskedtochoosetheinstallationfolder,usethe defaultC:\ProgramFiles\GnuPTfolderifatallpossible. OtherpeoplewillbemoreabletohelpyouuseWinPTif youholdclosetothestandards. 5. Setupwillaskyoutochooseafolderforyourkeyrings:the filescontainingyourprivatekeyandanypublickeysyou accumulatewhileusingGnuPG.UsetheWinPTfolderyou createdunderMyDocuments. 6. TheSelectComponentsscreen(seeFigure4-5)allows youtochoosewhichcomponentsofWinPTyouwantto install.WinPTincludesthreemainprograms:GnuPG itself(mandatory),WindowsPrivacyTray,andGPGRelay. Installing GnuPG
61
GPGRelayworksaroundproblemswithemailclientplugins,andisneededonlyforveryspecificsituations.You almostcertainlydon’tneedit,andIrecommendnot installingit.UnselecttheGPGRelayboxandcontinue.
Figure 4-5: WinPT components selection
7. Severalmorescreensoffertheoptionstoadddesktop shortcuts,StartMenuoptions,andalltheusualWindows bellsandwhistles.TheSelectAdditionalTasksscreen determinesexactlyhowWinPTwillintegrateGnuPGwith yoursystemandallowsyoutochoosewhichfiletypeswill beassociatedwithWinPTandGnuPG.Takethedefaults, lettingWinPThandle.asc,.pgp,.gpg,and.sigfiles.Also keepthedefaulttohaveWinPTstartwithWindows. 8. Afteryoufinish,theinstallerconfiguresWinPTonyour systemasyouspecified.Ifyou’veneverusedGnuPGon thissystem,itwillthencomplainthatitcannotopenyour publicandsecretkeyrings,asshowninFigure4-6.This isnormal—youhaven’tcreatedthemyet!Fortunately,it offersyoumoreoptionsifyoujustclickYes.
Figure 4-6: WinPT failing to find its keys 62 Chapter 4
9. WinPTofferstwooptions,asshowninFigure4-7:Generate anewGnuPGkeypairorcopyaGnuPGkeyfromanother location.Thelatteroptionisusefulifyouareupgrading yourWinPTinstallormigratingfromanothercomputer, butwe’restartingfromscratch,sowewanttogeneratea newkeypair.
Figure 4-7: WinPT key options
Creating Keypairs in WinPT WinPTdisplaystheKeyGenerationWizard,beginningwitha screenthatasksforyourrealnameandemailaddress.Strictly speaking,youcanhaveanOpenPGPkeythatcontainsonlya nameandanemailaddress,butafterreadingChapter2you shouldknowallsortsofthingsthatyourkeyshouldinclude. NotetheExpertboxinthelower-rightcorner,asshownin Figure4-8.Becauseyou’rereadingthisbook,WinPTwillconsideryouanexpert.Selectit.
Figure 4-8: The basic WinPT key generator
Theexpertformismuchmoreusefulanddetailed,allowingyoutocreatekeyswithallthefeatureswe’vediscussed. Figure4-9showstheexpertform. WediscussedthedetailsofOpenPGPkeysinChapter2, buthereareafewreminders.LeavetheKeyTypeandSubkey Sizefieldsattheirdefaults,unlessyouhavesomereasonfor Installing GnuPG
63
wantingakeywithlimitedabilitiesoraveryhard-to-breakkey. Useyourreallegalnameasitappearsonyouridentification ifyouwantpeopletosignyourkey.Thecommentisfree-form texttoseparateyoufromalltheotherpeoplewithyourname. Theemailaddressshouldbeanaddressthatyoucontrol.Give thekeyanexpirationdateoneyearfromthecurrentdate,and enteryourchosenpassphrasetwice.
Figure 4-9: The expert WinPT key generator
WinPTwillfilltheProgressDialogwithplussigns(+)asit generatesthekey.Figure4-10showsapartially-completedkey generationasitruns.Ifitseemstoberunningslowly,wiggle yourmouseorbrowsetheWebforawhiletofeedyoursystem somenicefreshentropy.WinPTwilltellyouwhenithascompletedyourkeys.
Figure 4-10: Key generation is proceeding. 64 Chapter 4
Key Manager AfteryoucompleteyourWinPTinstall,you’llseeamagnifyingglassiconinthesystemtray(thelower-rightcornerofthe screen).ThisistheWinPTprocess.Double-clickthisiconto bringuptheWinPTKeyManager:asimpleGUIthatlistseach keyinyourkeyringwithmenustohandlethemostcommon GnuPGoperations.TheKeyManagershouldlistthekeyyou createdduringtheinstall,alongwithlotsofspacetolistother keysyou’llaccumulate,asshowninFigure4-11.
Figure 4-11: The WinPT Key Manager
Besuretobackupyourkey,includingtheprivatekey. Todoso,selectyourkeyintheKeyManagerandchoose KeyExportSecretKey.You’llgetawarning,statingthat youshouldn’tmakethiskeypublic,andthenWinPTwill letyouchooseaplacetostorethebackupfile.Copythe secretkeytoasecurelocation,asdiscussedinChapter2.
WinPT Revocation Certificate Next,createarevocationcertificatewithWinPT. 1. OpentheKeyManager,right-clickthekey,andselect Revoke.Thepop-upwindow(showninFigure4-12)gives youeverythingyouneedtocreatearevocationcertificate. 2. Althougharevocationcertificatecanlistastandardreason whythekeyisbeingrevoked,inthiscasewedon’tknow why—weonlyknowthatwewanttohavearevocationcertificateonhandincaseitbecomesnecessary.SelectNo ReasonSpecifiedinthefirstfield. Installing GnuPG
65
Figure 4-12: WinPT revocation certificate creation
3. Thedescriptiontextisoptional,butIfinditusefultostate thatthisrevocationcertificatewascreatedwiththekey. 4. Toaccessyourprivatekey,youmust,ofcourse,useyour passphrase. 5. Listafileinwhichtherevocationcertificatewillbestored. AlthoughWinPTusesadefaultfilenameofthekeyid,you needtospecifyadirectorytoputthefilein.Don’tforget toputtherevocationcertificateinasafeplace,perhaps withyourbackupofyoursecretkey. 6. LeavetheMakeOutputPGPCompatibleboxchecked,so PGPuserswillrecognizeyourrevocationcertificate.
Sending Your Key to a Keyserver Afteryouhavearevocationcertificate,youcanpublishyour keytoakeyserver.Todoso,right-clickyourkey,selectSend ToKeyserver,andchooseoneofthelistedkeyservers. YoucansetadefaultkeyserverintheKeyManagerby selectingtheKeyservertab.Thelistofkeyserversdisplayed hereisstoredinthefileC:\ProgramFiles\GnuPT\WPT\ keyserver.conf;ifyouhaveadifferentpreferredkeyserver, addittothisfileandrestarttheKeyManager. N O TE
66 Chapter 4
Ifyou’reonlyusingWinPT,andnotthecommand-lineGnuPGtools, youcanskiptherestofthischapterandproceeddirectlytoChapter5. TherestofuswilltakealookatGnuPGonaUnix-likesystemand thenseehowtocreateakeyonthecommandline.
Installing GnuPG on Unix-like Systems Ifyoudon’twanttobuildyourownGnuPGbinaryfrom source,checkthefreewareandsharewaredownloadsitesfor youroperatingsystem.VolunteersmaintainGnuPGforcommercialoperatingsystemssuchasAIX,Solaris,HP/UX,and soon.Thesepackagesareusuallybuiltwiththeoperating system’snativepackagingtools,andyoushouldreadthedocumentationcarefully. Open-source,Unix-likeoperatingsystemssuchasLinux andBSDeitherincludeGnuPGoutoftheboxorsimplify GnuPGinstallation.Youshouldconfirmthattheversion ofGnuPGincludedinyourOSisrecent,however,because someopen-sourceoperatingsystemsarenotoriouslyslowto updatetheirincludedpackages.Usegpg --versiontoprintthe installedprogram’sversion. ThetwomostcommonwaystoinstallGnuPGarewith RPMsunderLinuxsystemssuchasFedoraCoreandRedHat, andtheports/packagessystemusedbyBSDs.ToinstallGnuPG fromanRPM,downloadtheRPMandrunthefollowing: # rpm --install gnupg-rpm-name.rpm
TheBSDsplaceGnuPG’sinstallationkitineither/usr/ ports/security/gnupg(FreeBSD,OpenBSD)or/usr/pkgsrc/ security/gnupg(NetBSD).Gotothatdirectoryandrunthe followingtoautomaticallybuildandinstallGnuPGconfigured appropriatelyforthatOS: # make all install clean
Thoseofyouwithmorethanapassingfamiliaritywith RPMand/orBSDportsknowofmorefeaturesinyoursystem’s packagingtools(andtherearealsoDebian’sapt-getand Solaris’pkgadd).Feelfreetousewhatevertoolispackaged withyourOStoinstallGnuPGaspackagedforthatOS.
Randomness and GnuPG GnuPGusesrandomnumberstoproducekeypairsand toencryptmessages.Althoughrandomnessisveryeasyto comebyintherealworld—justdropaneggandlookatthe splash—oneofacomputer’sdefiningcharacteristicsisitslack ofrandomness. Computersaresupposedtoproduceidenticalresultsevery timetheyrepeatanaction.Althoughtherearewaystogeneratetrulyrandomnumbersonacomputer,someoperating Installing GnuPG
67
systemsdon’tusethemandinsteadprovidepseudo-random numbergenerators.(Worse,someclaimthattheirpseudorandomnumbergeneratorsareactuallyrandom!)Malloryhas usedtheseknownpseudo-randomnumberstobreakcryptographickeys.UsingGnuPGsuccessfullyrequiresareasonably excellentrandomnesssource. AlthoughWindows,Linux,andBSDsprovidegoodrandomness,manycommercialUnix-likeoperatingsystemsdo not,includingevencommercialsystemssuchasAIX,HP/UX, andolderSolaris.Someofthesesystemshaverandomnessgeneratingadd-ons,orexperiencedsysadminshavesometrick thatcanbeusedtoproviderandomness,butthesemethods mightormightnotbestandards-compliantandmightnot workwithGnuPG. Entropy Gathering Daemon TheEntropyGatheringDaemon,orEGD,waswrittentoproviderandomnessforGnuPG.EGDisaPerlscriptthatruns varioussystemprogramsthatproduceunpredictableoutput (suchastop,vmstat,andsoon)andscramblesitalltogether intoanacceptablerandomnesssource.YoumusthavePerl 5.004orgreaterinstalledtouseEGD. EGDisnotasgoodarandomnesssourceastheonesavailableinotheroperatingsystems,butit’ssufficientforaGnuPG usertofeelreasonablysecure.Windows,Linux,andBSDdo notrequireEGD.YoucandownloadEGDfromtheGnuPG websiteoramirror.Afteryoudownloadit,verifythechecksum ofthedownloadedpackageandextractit.ToinstallEGD,followthesesteps: 1. Changetothedirectorywhereyouextractedthefilesand runthefollowing: # perl Makefile.pl # make test # make install #
Youwillfindegd.plineither/usr/binor/usr/local/ bin,dependingonyourPerlconfiguration. 2. Ifyou’veneverrunGnuPGonthisparticularcomputer before,createa.gnupgdirectoryinyourhomeaccount. 3. EGDdefaultstoprovidingrandomnessinthefile.gnupg/ entropy,butitcannotcreatethatdirectoryitself.Tocreate thedirectory,startEGDafewmomentsbeforerunning 68 Chapter 4
GnuPG(or,betterstill,beforeeveninstallingGnuPG—the buildprocesscreatesadecentchunkofentropy). # egd.pl ~/.gnupg/entropy #
4. YoumustinformGnuPGwhenyouuseEGDinsteadofthe system’s(nonexistent)randomness-providingdevice.To doso,addthefollowinglinetoyourgpg.conffile: load-extension rndegd
Or,addthecommand-lineargument--load-extension= rndegdwheneveryourunGnuPG.(Personally,Idon’tcare torememberortypeanymorecommand-lineoptionsthan Istrictlymust!)
Building from Source Code YouraccesstosourcecodeisthewholepurposeofGnuPG’s license.Ifyou’reacomputeruserwhojustwantsyourprogramstoworkandyoudon’tcareabouthowtoactually buildthesoftwarefromsourcecode,youprobablywantto skiptothenextsectionnow.Thoseofyouwhousemakelike otherpeopleuseSolitairecancontinue. GnuPGbeganasaUnix-onlyprogram,anditssourcecode showsit.Infact,theWindowsversionofGnuPGdistributedby theGnuPGprojectisactuallycross-compiledonaUnix-like system. N O TE
AlthoughyoucanbuildGnuPGonaWindowssystem,youneeda fairlyhighlevelofskilltodoso.We’llassumethatyou’rebuildingin theGnuPGnativeUnix-likeenvironment.
Installing GnuPG GnuPGisusuallybuiltwiththeGnuCcompiler(GCC), gmake,andautoconf,whichareallfreelyavailableinany numberofplacesontheInternet.Ifyoudon’thavethem installedonyoursystem,you’llneedtogetthembeforeyou canbuildGnuPG.Seethedocumentationfortheseprograms separatelytoinstallthemcorrectly.Afteryouhavetheseprograms,followthesesteps: 1. DownloadtheGnuPGsourcecodefromthewebsiteora mirror.Verifythechecksumtoconfirmthatyouhavegood sourcecode. Installing GnuPG
69
2. TheGnuPGsourceisdistributedasabzippedtarball,so uncompressandextractit: # bunzip gnupg-1.4.0.tar.bz2 | tar -xf -
Theresultingdirectorycontainsseveraltextfilesof informationandthefilesnecessarytobuildthesoftware. SomeinterestingfilesincludeREADME,whichcontainsa briefintroductiontoGnuPG,andINSTALL,whichgives detailedinstructionsonhowtobuildGnuPGfromsource codeandgetitrunningonyoursystem. 3. Theconfigurescriptchecksyoursystemtoseeifyouhave everythingreadytoactuallycompileGnuPG.Forastock GnuPGsetup,justrunthefollowing: # ./configure
Configuration Options Mostoftheuser-configurablechangesprovidedbyGnuPGcan besetbycommand-lineoptionsattheconfigurestep.Foralist ofpossibleconfigureoptions,youcanusethe--helpoption. Foryourconvenience,however,hereareacoupleofpopular options: •
IfyouneedtouseEGDtoproviderandomnessonyour particularoperatingsystem,youcantellGnuPGabout itwiththe--enable-static-rnd=egdoption.Thisoption eliminatesanyneedforconfigurationfilesettingsor command-lineoptionstotellGnuPGyou’reusingEGD.
•
The--prefixoptionallowsyoutochoosewheretoplacethe completedprogramsanddocuments.
Forexample,tobuildyourownversionofGnuPGthat requirestheEGDandinstallsthebinariesunderyouraccount, runthefollowing: # ./configure --enable-static-rnd=egd --prefix=/home/mwlucas
IfyoursystemhaseverythingyouneedtobuildGnuPG, theconfigureprocesswillspewseveralscreensofinformation andreturnyoutoacommandpromptwithoutcomplaining. However,ifyoursystemcannotbuildGnuPGforsomereason, theconfigurescriptwillissuewarningsandterminateearly. Thoseerrorsmustbefixedbeforeyoucancontinue!
70 Chapter 4
AfteryouconfigureGnuPG,buildandinstallit: # make # make install #
IfyouhaveaproblembuildingGnuPG,you’reprobably notthefirstonewhohashadyourexactproblem.First,read thefailureandseeifyouunderstandit.Ifyoudon’t,check Googleandthegnupg-usersmailinglistarchive(available fromwww.gnupg.org)forotherappearancesofthesameerror message.Ifneitheroftheseprovidesananswer,askthequestiononthegnupg-usersmailinglist.
Setuid Root GnuPG WheneveryoustartGnuPGonaUnix-likesystem,youmight seeamessagelikethis: gpg: WARNING: using insecure memory! gpg: please see http://www.gnupg.org/faq.html for more information
Operatingsystemshaveafeaturecalledvirtualmemory, inwhichtheless-frequentlyusedcontentsofthesystem memoryarewrittentodisktomakememoryspaceforprogramsthataremoreactive.GnuPGiscomplainingthatit’s usingmorememorythantheoperatingsystemcouldwriteto disk,possiblyallowinganothersystemuserwhohassuperb2 systemsknowledgetoaccessyourprivatekey.Thisisdefinitely aproblem. Tomakethisproblemgoaway,allowtheprogramgpgto runasrootbyturningonthesetuidbit.Setuidprogramscannothavememorytheyusewrittentodisk.Theseprograms haveabadreputationinthesecurityworldbecausetheyhave beenusedtobreakintomorethanoneserver.Forthisreason, GnuPGdoesn’tinstallitselfasasetuidrootprogram.Each systemsadministratorshoulddecidewhetherhewantstoadd anothersetuidprogramtothesystem.
2
Thosepeoplewhoknowhowtodothiswillprobablytellmeit’seasy.I’m sureitisafteryoudoitonce.Justlikerunningamarathonorbowlinga perfectgame.
Installing GnuPG
71
InthecaseofGnuPG,usingsetuidrootmakesalotof sense.TochangeyourinstalledGnuPGprogramtobesetuid root,runthefollowing: # chown root /usr/local/bin/gpg* # chgrp wheel /usr/local/bin/gpg* # chmod 4755 /usr/local/bin/gpg*
Ifyoudon’thaveprivilegetodothisonyoursystem,talkto yoursystemsadministrator.(AndstopusingGnuPGonasystemyoudon’tcontrol!) Ifyoudon’twanttoinstallgpgasasetuidrootprogram, youcanatleastsilencethewarningbyaddingtheoptionnosecmem-warningtoyourgpg.conffile.Itdoesn’teliminatethe “memorywritingtodiskproblem,”butatleastGnuPGwillstop rubbingyournoseinit.
Don’t Run GnuPG as Root NowthatyouhaveyourGnuPGprograminstalledexactlyas youlike,let’susethisbeastie.Althoughyoumustberootto installGnuPGonyoursystem,youshouldnotberootwhen runningGnuPG.Therootaccountisreservedforsystem administrationandproblemresolutionandshouldnotbe usedforday-to-daywork. N O TE
Thoseofyouwhosesystemsdisplayahashmark(#)foraroot-level commandpromptshouldnotbeconfusedbythepresenceofahash markasapromptintheexamplesinthisbook.GnuPGisdesigned tobeusedbyauniqueregularuserineverydaywork,notbytheroot account.(Andstoprelyingontheprompttotellyouwhetheryouare rootornot;Mallorycanmuckwithyourpromptwithonlyminimal difficulty!)
Command-Line GnuPG Keypairs AswithanyotherOpenPGPimplementation,youmustcreateakeypairbeforeyoucanusemostofGnuPG’sfunctions. Remember,generateyourkeysonlyonamachinethatyou control.Ifyouleaveyourkeypairlyingaroundforanyone touse,thatanyonecanpretendtobeyou!(Bytheway,the keypairsusedintheseexamplesarenotmyrealOpenPGP key.Youcanfindmyrealkeyidandfingerprintonavarietyof keyservers.)
72 Chapter 4
Youmightbeusingcommand-lineGnuPGoneitherUnixlikeorWindowssystems.Bothhavecommandpromptsthat lookverydifferent,buttheGnuPGfunctionsareidentical.I willuseaUnix-stylehashmarkasacommandprompt,ifforno otherreasonthanbecauseit’sshorterthantheWindows-style C:>ProgramFiles\prompt.Openwhicheversortofcommand promptyouhaveandfollowalong. CreateyourOpenPGPkeypairbyenteringthefollowing: # gpg --gen-key gpg (GnuPG) 1.4.0; Copyright (C) 2004 Free Software Foundation, Inc. This program comes with ABSOLUTELY NO WARRANTY. This is free software, and you are welcome to redistribute it under certain conditions. See the file COPYING for details. gpg: please see http://www.gnupg.org/faq.html for more information gpg: keyring `/home/mwlucas/.gnupg/secring.gpg' created gpg: keyring `/home/mwlucas/.gnupg/pubring.gpg' created
The--gen-keyoptiontellsGnuPGtocreateanew keypair.EverytimeyoustartGnuPG,itremindsyouofits warranty(none)anditslicensingterms(GPL).Thefirst timeyourunGnuPG,theprogramcreatesadirectorytostore yourprivatekeys,yourpublickeys,andotherGnuPG information.We’lllookatthesefilesinmoredetailthroughoutthenextfewchapters. Please select what kind of key you want: (1) DSA and Elgamal (default) (2) DSA (sign only) (5) RSA (sign only) Your selection? 5
Whilethedefaultkeygenerationmethodhasbeenused forseveralyears,itisbeginningtoshowitsage.Choosean RSAkeyinstead. RSA keys may be between 1024 and 4096 bits long. What keysize do you want? (2048) 2048 Requested keysize is 2048 bits
GnuPGusesadefaultkeysizeof2048bits,whichwill providerobustsecurityforthenextseveralyearsunlessyour attackerhasquantumcomputersoroneofthoseultra-secret, custom-builtcode-bustingmachinestheNSAisrumored tohave.
Installing GnuPG
73
AsImentionedearlier,increasingthekeysizeincreases theamountofworkneededtoprocessyourkey.Remember thatunlessyouknowthatthepersonyou’resendingthemessagetohassufficientcomputingpowertodecryptthemessage, stickwiththedefaultshere. Onceyouchooseakeysize,GnuPGwillaskfortheexpirationdateofthiskey. Requested keysize is 2048 bits Please specify how long the key should be valid. 0 = key does not expire = key expires in n days w = key expires in n weeks m = key expires in n months y = key expires in n years Key is valid for? (0) 1y Key expires in 1 year Is this correct? (y/N) y
WediscussedexpirationtimesinChapter2.Havingyour firstkeylastforayearisasensiblechoice;anon-expiringkey mightseemsimpler,butonlystoresupfutureproblems. Nowassignanameandemailaddresstoyourkey: You need a user ID to identify your key; the software constructs the user ID from the Real Name, Comment and Email Address in this form: "Heinrich Heine (Der Dichter) " Real name: Michael Warren Lucas Jr Email address: [email protected] Comment: Author, consultant, sysadmin
Whenyouenterinformationhere,giveyourlegal,real nameasitappearsongovernmentdocuments(forreasonswe discussedinChapter2),aswellasyouremailaddressand acommenttodifferentiateyoufromalltheotherpeople intheworldwhohaveyourname.GnuPGrespondswiththe following: You selected this USER-ID: "Michael Warren Lucas Jr (Author, consultant, sysadmin) " Change (N)ame, (C)omment, (E)mail or (O)kay/(Q)uit? o
You’dfeelratherdaftifyougeneratedakeyandgotit signedbyawholeslewofpeople,onlytodiscoverthatyou’d madeatypo.Thisisyourchancetodouble-checkyourwork
74 Chapter 4
andmakesurethateverythingisspelledcorrectlyandthat youhaveusedthedesiredvalues.Youcanchangeanyentryby choosingtheappropriateoptionorjustenterotocontinue. Afteryouconfirmyouridentityinformation,GnuPGwill letyouselectapassphrase: You need a Passphrase to protect your secret key. Enter passphrase:
RememberfromChapter1thatapassphraseislikeapassword,butcanbemuchlonger.Thispassphraseprotectsyour secretkeysothatonlyyoucanuseit.Makeyourpassphrase somethingthatyoucanrememberwithouttoomuchtrouble butwillbedifficultforotherpeopletoguess.GnuPGprompts foryourpassphrasetwiceandcomplainsifyourentriesdiffer,justasifyouwerechangingyourpasswordinmostother programs. Andnowthis: We need to generate a lot of random bytes. It is a good idea to perform some other action (type on the keyboard, move the mouse, utilize the disks) during the prime generation; this gives the random number generator a better chance to gain enough entropy. ..+++++.+++++++++++++++++++++++++++++++++++..++++++++++++++h++++++u.++++ ...
Youroperatingsystemprovidesrandomnessondemand, eitherviaitsbuilt-inrandomnessfacilitiesorthroughanaddonsuchasEGD.Thisrandomnesscomesfromactionsthatthe computercannotcontrol,suchaswhenthemouseismovedor whennetworkpacketsarrive. Attimes,yourcomputercanrunshortofrandomnumbersandmightneedyourhelpcreatingsomemore.Ifthe key-generationprocesstakesmorethanafewseconds,wiggle yourmouse,openupawebpage,ortypeadocumentwhile leavingyourcommandpromptrunninginthebackground. (Wigglingamouseisgenerallyagreedtobeanexcellent randomnesssourceifyouroperatingsystemsupportsit. Windowsdoes;LinuxandBSDmight,dependingonthe versionyou’reusing;andmostcommercialUnix-likeoperatingsystemsdon’t.)Shortly,GnuPGwillspitoutconfirmation ofyournewkeypair: gpg: /home/mwlucas/.gnupg/trustdb.gpg: trustdb created gpg: key D4ED7B9F marked as ultimately trusted public and secret key created and signed.
Installing GnuPG
75
gpg: checking the trustdb gpg: 3 marginal(s) needed, 1 complete(s) needed, PGP trust model gpg: depth: 0 valid: 1 signed: 0 trust: 0-, 0q, 0n, 0m, 0f, 1u pub 1024D/D4ED7B9F 2007-02-10 Key fingerprint = 9F53 C982 D561 3506 95B5 5C82 7EC4 29B8 D4ED 7B9F uid Michael Warren Lucas Jr (Author, consultant, sysadmin) sub 2048g/A3D15F1E 2007-02-10 #
Hereyoulearnaboutyourkey.First,thekeyisknownby akeyid,or“shorthandname”ofD4ED7B9F.Althoughthis keyidisnotuniqueamongtheworldwidepoolofOpenPGP users,ithelpstoeasilydifferentiateamongkeysonyourprivate keyring.Youcompletelytrustthiskey—it’sbeengenerated onthelocalmachine,andifyoucan’ttrustyourselfthenyou haveproblemsthatGnuPGcan’thelpyouwith.Youalsosee thatboththepublicandsecretkeyshavebeencreatedand signed. Thekeyfingerprintisahuman-readablemethodof identifyingapublickey.Thisisnotabsolutelyguaranteedto beunique—likehashes,it’sjustbarelypossiblethatsomeone else,someoneintheworld,hadtheextremefortunetohavea matchingkeyfingerprint,muchasitisjustbarelypossiblethat youcouldbekilledbyameteorite.Whencombinedwithyour nameandemailaddress,though,thefingerprintiscertainly unique.
GnuPG Revocation Certificates Generatingarevocationcertificaterequiresthatyouhave accesstoyourprivatekey,knowyourpassphrase,andhavea compatibleversionofanOpenPGP-compliantsystem.The easiestwaytoguaranteethisistogenerateyourrevocationcertificateassoonasyouhavecreatedyourkeypair!Todoso,run thefollowingonacommandline: # gpg -a --output [email protected] --gen-revoke [email protected]
Here,wetellGnuPGtoputitsoutputinafilecalled [email protected].(Istorerevocationcertificatesinafilenamedaftertheemailaccount they’reassociatedwith,butifyouhaveabettersystemfeel freetouseit.)
76 Chapter 4
WetellGnuPGtogeneratearevocationcertificatefor theUIDcontaining[email protected].GnuPG willfirstprintoutthekeyinformationandthengiveyoua chancetoconfirmthatyouwanttocreatearevocationcertificateforthiskey. sec 1024D/D4ED7B9F 2007-02-10 Michael Warren Lucas Jr (Author, consultant, sysadmin) Create a revocation certificate for this key? (y/N) y Please select the reason for the revocation: 0 = No reason specified 1 = Key has been compromised 2 = Key is superseded 3 = Key is no longer used Q = Cancel (Probably you want to select 1 here) Your decision? 0
Becauseyou’vejustgeneratedthiskeyandhavenoidea whyyoumighteventuallywanttorevokeit,entera0here. Thereasonforrevokingthekeyisnotasimportantasthefact thatithasbeenrevoked,andtherevocationcertificatewillbe respectedwithoutareason. Enter an optional description; end it with an empty line: > Revocation certificate generated when key created > Reason for revocation: No reason specified Revocation certificate generated when key created Is this okay? (y/N) y
GnuPGwillaskforareasonforrevokingthekey(it doesn’tneedtobelong).Endyourdescriptionwithasingle emptyline,andsayyeswhenprompted. You need a passphrase to unlock the secret key for user: "Michael Warren Lucas Jr (Author, consultant, sysadmin) " 1024-bit DSA key, ID D4ED7B9F, created 2007-02-10 Enter passphrase:
Afteryouenteryourpassphrasetounlockyourprivate key,GnuPGwillcreatetherevocationcertificateinthefileyou specifiedandspitoutabriefmessageabouthowtohandleand secureyourkeyandrevocationcertificate.
Installing GnuPG
77
Publicizing Your Key IfyouusePGP,thesoftwareautomaticallypublicizesyourkey inthePGPGlobalDirectory(aka“ThePGPCorporation’s Keyserver”).AsaGnuPGuser,youcanchooseanykeypublicizingmethodfrom“don’tpublicize”to“broadcasttotheworld.” Thestandardwaysincludepostingonawebpageorother Internetmedium(finger,ftp,andsoon),orexportingtoa keyserver.We’lllookatboth.
Text Exports Whileyourpublickeyisstoredinthefilepubring.gpginyour GnuPGhomedirectory,don’tjustputthisfileoutonyourweb page!Italsocontainsalltheotherpublickeysyou’veaddedto yourkeyring.OpenPGPdefinesastandardmethodforpresentingpublickeysintext,sothatwebbrowserscandisplaythem easily.GnuPGprovidestoolstoextractyourpublickeyfrom yourkeyringinaformatthatismostusefultoothers. Unlikeextractingarealkeyfromaphysicalkeyring, extractingyourpublickeyfromyourkeyringsimplycopies thekeyintoanotherfile. # gpg --output [email protected] --export mwlucas
Here,weuseGnuPGtocreateafile,pubkey.mwlucas@ blackhelicopters.org.gpg,whichcontainsourpublickey.Wetell GnuPGwhichkeytoexportbyusingpartoftheUID.Ifmy publickeyringcontainedmorethanonekeywiththestring “mwlucas”init,I’dneedtouseamorecompletedescription ofthekey. Ifyoulookatthethepublickey’sfilewejustcreated,you’ll seenothingbutcomputer-readablebinarydata(alsoknown as“garbage”).Binarydataisgreatformachines,butlousyfor email,webpages,orotherhuman-friendlysystems.Tomake yourpublickeymorefriendlytotheeye,youcanconvertitto ASCIIcharacterswiththe--armor3option: # gpg --output [email protected] --export mwlucas
3
--armor
Differentoperatingsystemshandlebinarydatadifferently,andemailsystems candamagebinarydata.ArmoringbinarydataprotectsitbyencodingitinoldfashionedASCII.Thefactthatthearmoreddataishuman-readableisonlya (beneficial)sideeffect.
78 Chapter 4
Theonlydifferencebetweenthiscommandandthepreviousoneistheadditionofthe--armoroption.Butthefilewe getishuman-readable,andlookssomethinglikethis: -----BEGIN PGP PUBLIC KEY BLOCK----Version: GnuPG v1.4.0 (FreeBSD) mQGiBEIL3skRBADyThL7faGX/JL7xZYL6TPYJzvxn5qHUTAO9Hw4o99OLTLMI7J3 14g6i7XTS37C90ntI8hAFZV7yaXXj5dA5pduIkuEVAmxat4OydPqqE31XNScIAnq ...
Afterafewdozenlinesofthesecharacters,you’llseealine likethisone: -----END PGP PUBLIC KEY BLOCK-----
There’syourpublickey,inhuman-readableform.Of course,human-readableisobviouslyaverylooseterm; althoughyoucanreadthis,itdoesn’tmeanyou’dwantto. Still,it’saloteasierontheeyesthanthebinarydata.You canpostthisfileonyourwebsite,orjustcopyandpastethe textintoyourpage.Peoplehuntingforyourpublickeyon yourwebpagewouldpreferthatyoumakeyourpublickeya downloadablefile,however;it’smucheasiertoimport.
Keyservers Beforesubmittingyourpublickeytoakeyserver,youneedto pickakeyserver.Thelistofkeyserverschangesfrequently,soI won’tprovidea“topten”listhere;instead,Irecommendthat youusesubkeys.pgp.netorjustGoogleforalistofOpenPGP keyservers. Ifyouliketotype,youcanspecifythekeyserveronthe GnuPGcommandlinewiththe--keyserveroption: # gpg --keyserver subkeys.pgp.net --send-keys mwlucas@blackhelicopters .org gpg: success sending to 'subkeys.pgp.net' (status=200) #
Herewetransmitthepublickeytiedtoouremail addresstothekeyserversubkeys.pgp.net.Thekeyserver repliesthatithasreceivedthekey.Ourpublickeywillbe globallyvisibletoanyonewhosearchesforitintheglobalkeyserverpoolveryshortly,assoonasthekeyservershavetimeto replicatetheirinformationamongthemselves. Thedownsideofthecommand-lineoptionisthatyoumust includeiteverytimeyoucommunicatewithakeyserver.This getsoldquick. Installing GnuPG
79
Tosetadefaultkeyserverinthegpg.conffileinthe GnuPGhomedirectory,setthekeyserveroption. keyserver x-hkp://subkeys.pgp.net
Ifyoumustuseadifferentkeyserverwhileyouhavethis set,settingakeyserveronthecommandlinewilloverridethe settingingpg.conf.
Web Forms Someusersreportdifficultyincontactingakeyserverfrom theirnetwork.I’veneverexperiencedthisproblemmyself, butit’sbeenreportedinenoughplacesthatI’mperfectlywillingtobelievethatsomenetworkdesignsdon’tplaywellwith keyservers.Ifyouhaveproblemscontactingakeyserver,trya web-basedOpenPGPkeysubmissionmethod.Ifyoubrowseto http://subkeys.pgp.net,youwillprobablyfindaweb-basedsubmissionformsomewhereonthesite.Ifyoudon’t,refreshthe pageagain.CopyyourASCIIpublickeyandpasteitintothe submissionform.Thisprocessshouldworkevenwithminimal Internetaccess.
80 Chapter 4
5
THE WEB OF TRUST
Nowthatyouhaveyourown personalkeypairandhavepublicizedyourpublickey,you’re readytoreadanyencryptedmessagesintendedforyou,andotherpeople canverifythatmessagesyousendareactuallyfromyou.That’sonlyhalftheprocess ofconfidentialcommunication,however; youalsoneedtobeabletosendpeople messagesthatonlytheycanreadandyou needtobeabletoverifythatmessages fromotherpeopleareactuallyfromthem.Thesetasks requireotherpeople’spublickeys.Publickeysallowyouto buildyourownpersonalWebofTrustandverifytheidentity ofanyOpenPGPuser. Tobegin,youmustbecomfortablegettingotherpeople’s publickeysfromonlinesourcessuchaskeyservers.
Keyservers KeyserversstoreOpenPGPpublickeysforgeneralpublic access.IfyoufollowedtheinstructionsduringtheOpenPGP installprocess,yourpublickeyshouldnowbeavailableonthe keyserverssubkeys.pgp.netandkeyserver.pgp.com,andpeople shouldhavenotroublefindingit.
subkeys.pgp.net Thekeyserversubkeys.pgp.netisanold-stylePGPkeyserver, fromatimewhenonlythetechnicallyeliteusedPGP(orthe Internet,forthatmatter).It’sactuallyseveralkeyserversrunby volunteersfromallovertheworld,andeachtimeyoucontact thismachine,you’reactuallyreachingadifferentserver.After youuploadapublickeytoanyofthesekeyservers,itshouldbe replicatedandavailableonallofthemwithinhours. Inthecaseoftheseservers,andunlikethekeyserver hostedbyPGPCorporation,anyonecanuploadanykeytothis keyserver.Oldkeysareneverremoved,andnoverificationof keyownershiptakesplacewhenkeysareuploaded.Thismeans thatifyou’relookingforanolderkey,youcanfinditonthis server.Italsomeansthatpeoplecanuploadtest,bogus,orotherwiseinvalidkeystothiskeyserver,andthesekeyswillremain thereforever.(Itshouldbeobvious,butjustincase:Donot submittestkeystokeyservers!Itisrudeandannoying,andlike discardedplasticbottles,testkeyslitterthelandscapeforever.) Ifyou’reusingGnuPG,Irecommendsubkeys.pgp.net asadefault(unlessyou’reluckyenoughtohaveamorelocal keyservermirror,suchasthoseavailableatsomeuniversities). PGPcanaddsubkeys.pgp.nettoitskeyserverlisttocheckit automatically.
keyserver.pgp.com ThePGPCorporationprovideskeyserver.pgp.comasapublic service,butitworksdifferentlyfromsubkeys.pgp.net.Wheneveranyoneuploadsakeytokeyserver.pgp.com,theserver sendsanemailtotheaddressembeddedinthekeytoconfirm thatthekeylegitimatelybelongstothataccount.Whenthe emailrecipientvisitsthelinkintheemail,thekeyismade availableonthekeyserver. Additionally,unlikesubkeys.pgp.net,keyspostedto keyserver.pgp.comthatareunusedforaperiodoftime(six monthsasofthiswriting)arepurgedfromtherecords.This hastheeffectofprovidinganup-to-datekeyserver,butitisn’t entirelycompatiblewiththeexpectationsoftheolderOpenPGPworld. 82 Chapter 5
TheweakpointofthismodelisthatthePGPsoftware assumesthatthekeysacceptedbykeyserver.pgp.comarevalid. Thereisacertainsafetyinthisassumption:Toregisterakey, youmusthaveaccesstotheemailaddress,butanyonecan openanemailaddressatafreeproviderandclaimanylegal nametheylike,however,1sothisdoesn’tguaranteeidentity. N O TE
PGPautomaticallychecksforkeysonkeyserver.pgp.com,butGnuPG usersmustcheckforthesekeysmanually(orsetkeyserver.pgp.comas theirdefaultkeyserver).
Searching for Keys Ifyourmailclientdoesn’tautomaticallyfetchthepublickeyof OpenPGP-encryptedmessages,you’llneedtosearchthekeyservers.BothGnuPGandOpenPGPcansearchkeyserversfor keysthatmatchparticularconditions. Also,mostkeyservershavewebinterfaces.Forexample,to searchforkeysonkeyserver.pgp.com,justcalluptheserverin awebbrowser,entertheemailaddressofthepersonwhosekey youwant,andthewebinterfacewillletyoudownloadthekeyif it’sonthatkeyserver. Thewebinterfaceforsubkeys.pgp.netismoreerratic. Becausetheseserversarerunbydifferentvolunteers,the websitelooksdifferentbetweenvisits.Youmayfindanintroductorypageinfrontofthekeyserverqueryform,butthelink togotothekeyserverpageshouldbeprettyobvious.Ifyou don’tliketheparticularkeyserverpagewhereyouwindup, exityourbrowserandstartover;you’llhitanotherserver. Afteryoudownloadthekeyandaddittoyourkeyring,you canexchangeprivatemessageswiththatperson.Youcanalso attachyourselftotheWebofTrustbysigningkeysandhaving yourkeyssigned.
Signing a Key Bysigninganotherperson’skey,youareaffirmingthatyou haveverifiedthatperson’sidentity.Thisiscalledtrustinthe OpenPGPworld.Remember,trustinthePGPsensemeans onlythatyoutrusttheperson’sidentity,nottheirtrustworthinessasaperson.Perhapsyouwenttoschoolwiththelocal carthiefandknowexactlywhoheis.Youcouldsignhiskey 1
“OfcoursethePresidenthasaGmailaccountforpersonalstuff!The whitehouse.govaddresslookssostuffy,don’tyouknow.Now,aboutyour creditcardnumbers...” The Web of Trust
83
withoutaqualmbecauseyoucantrustthatheiswhohesayshe is.Youcannottrusthimwithyourwalletoryourpets,butyou cantrusthisidentity,andthat’sallthatOpenPGPcaresabout. Tosignsomeone’skey,thekeyownermustprovidethe prospectivesignerwiththefollowing: •
Herpublickeyfingerprint,keyid,anduserID(UID) deliveredviaanythingbuttheInternet
•
Herpublickey(onakeyserver,webpage,floppydisk,or similarsource)
•
Heremailaddress
•
Herfullname
•
Proofofheridentity
Eachkeyhasauniquefingerprintandakeyidthatis uniquewhencombinedwiththeUID.BothGnuPGandPGP willshowyouthefingerprintandkeyidifyouask(you’llsee howexactlyinthefollowingchapters).Forinstance,myexamplekeyhasafingerprintof9F53 C982 D561 3506 95B5 5C82 7EC4 29B8 D4ED 7B9FandakeyidofD4ED7B9F.(Theastuteamongyou mightnoticethatthekeyidissimplythelasteightcharactersof thefingerprint.)Everykeypairhasasimilar-lookingkeyidand fingerprint. Thekeyidandfingerprintmustbedeliveredbyany meansotherthantheInternet.Thisseemstobeanunnecessaryhassle,butthinkaboutit.Ifabadguyhashackedinto yourfriend’semailaccount,howcanyoutrustthatthefingerprintyoureceivefromhisemailaccountisaccurate?The sameappliestofingerprintsmadeavailableonhiswebpage. Youmustreceivethekeythroughsomeofflinemechanism. AfteryouhavethefingerprintandUID,youcanfindthe publickeyeasilyenoughonkeyservers. Therequirementsforproofofidentitywillvaryfrompersontoperson,dependingonyourrelationshiptothatperson. Let’slookatacoupleofexamples.
Signing Keys of Friends and Family Perhapstheeasiestwaytogrowyourkeyringisthrough coworkers,friends,andrelativeswhouseOpenPGP.Ievenuse OpenPGPwithinmyfamily—ifI’msendingmywifeprivate information,Iencryptitbeforesending.WhenIsendsecurityrelatedinformationtocoworkers,IprotectitwithOpenPGP, sothosecoworkersneedanOpenPGP-compliantprogramto readit. 84 Chapter 5
Let’sassumethatahypotheticalnewemployee(we’llcall himMatt)hasjustgeneratedhiskeypairandneedsmetosign it.Ialsowanthimtosignmykeypair;notonlywillthisexpand hisWebofTrustbuttosignmykeyhemustalsoaddmykey tohiskeyring.Thismeansthathewillbeabletoverifyemail thatIsendhim.Mattproducesapieceofpaperwithhiskeyid andfingerprint,andinformsmethathispublickeyisonakeyserver.Healsohastwopiecesofgovernment-issuedID. Now,IknowMatt.Ihiredhim.I’vealreadydoneacertain amountofidentityverificationonhimbydoingabackground check,filingpaperworkwiththestate,andsoon.Ifhe’s attemptingtodeceivemeabouthisidentity,he’sdoingitwith farmoredepththanI(ormostpeople)canpossiblypenetrate. First,IexaminethephotoIDtoconfirmthathisname matchesthenameonthekey.Althoughyouprobably wouldn’trequiregovernment-issuedIDtotrusttheidentity ofacoworkerorfriend,itisstillsmarttopaycloseattention totheformofthenameusedonthekeypair.IfMatt’sdriver’s licenseshowshisnameasMatthewPeterSmith,buthecreatedakeyasMattSmith,hemighthavetroubleusingthekey later,dependingonotherpeople’ssigningstandards.Iinsist thatallkeysusedforworkhavenamesthatmatchthecorrect legalidentity—astheboss,that’smyright.Withafriend,I’ll justpointoutthediscrepancyandlethimdecide.Inthiscase, asMatt’sgeneratedkeydoesn’tmatchhislegalidentity;hence doesn’tmeetmysigningrequirements,andIwon’tsignit. (He’llprobablywanderoff,mutteringunderhisbreathsomethingaboutworkingforahardcasenutjob,butthat’sOK.The soonerheunderstandsthatIamahardcasenutjob,thebetteroffhe’llbe.)IfhisUIDmatcheshislegalnameandemail address,andhiskeyidandfingerprintmatchthosehegaveme separately,I’llacceptthatthisidentitygoeswiththiskey. AfterIhaveconfirmedhisidentity,I’lldownloadhiskey, signit,andreturnit.
Signing Strangers’ Keys Ifyoutrulydon’tknowsomeoneatall—thatis,iftheyarea truestranger—donotsigntheirkey.ButifImeetaclientor prospectiveclientwhohappenstouseOpenPGP,I’llofferto verifyandsignhiskeyforhim.WhenImeetthemanagerof anITdepartmentathisoffice,I’mprettysurethatheiswho heclaimstobe.Evenifneitherofushasacomputerathand, IcangathertheinformationIneedtosignhiskeyandsign thekeyatmyconvenience.
The Web of Trust
85
INFORMAL KEYSIGNING Keysigning doesn’t have to be so formal. For example, if I receive an email from a friend who wants me to sign his new GnuPG key, I’ll pick up the phone and have a conversation much like this: “Dude, I just got your key in an email. Can you verify that C3D15ECA is your keyid? Great, and what’s your fingerprint? And what’s the name on your driver’s license? No, don’t just tell me your name; go grab your driver’s license and read what it says on the top. Uh huh. Listen, the name on your key doesn’t match the name on your driver’s license. Make a key with your proper name and give me a ring. Oh, and you still owe me 50 bucks. What do you mean, you don’t remember that?”* *
Here’s yet another case where nonrepudiation is important.
First,IcheckhisID.Thispersonshouldhavetwoformsof IDwithhisfulllegalnameonthem.Ipreferadriver’slicense andpassport,butwhensomeonedoesn’thaveapassportI’ll settleforstudentIDcards,organizationmemberships,and thelike.IalsochecktoseewhethertheIDisobviouslyforged. (AlthoughIcan’tdetectevenafair-to-middlingforgery,Ihave seenacoupleofdrivers’licensessobadlyforgedthatevenI rejectedthem.)AfterI’mconvincedthattheIDislegitimate, Igettheperson’skeyid,fingerprint,keyserver,andemail address. AfterIreturntomycomputer,I’lldownloadtheperson’s keyfromthekeyserverandcomparethese: •
ThenameintheUIDtotheperson’slegalname
•
TheemailaddressintheUIDtotheperson’sstatedemail address
•
Thefingerprintofthekeytotheperson’sprofessedkey
Iftheyallmatch,then—andonlythen—willIsignthekey. N O TE
86 Chapter 5
Ifyou’rewillingtoverifytheidentityandsignstrangers’keys,you mightcheckoutOpenPGPsocialnetworkingsitessuchaswww .biglumber.com.ThesesitescoordinatemeetingsbetweenOpenPGP usersincitiesaroundtheworld.YoucanenteryourkeyintotheBig Lumbersite,alongwithyournameandcity,andsearchforother OpenPGPuserswithinthesamecityornearby.It’sfairlyeasyto contactthesepeopleandmeetatalocalcoffeeshopforfiveminutes toverifyidentityandexchangefingerprints.
BAD WAYS TO VERIFY IDENTITY In short: If you have never met someone in person, you cannot sign the key! Anyone can open an email account at a free provider and put someone else’s name on it. You might correspond with someone for years and become familiar with their writing style and thoughts. You might even become fast friends with these people you’ve never met, and you might trust that the person at this distant email account is who they claim they are. Still, you cannot be certain that the person claiming to be [email protected] is actually named Brad Pitt; you have not seen any identification whatsoever, no matter how long you’ve known the person online. This is tedious, but attention to detail is what makes OpenPGP work. By signing the key, you are putting your own reputation on the line. You are swearing that you have verified this person’s identity to the best of your ability. If you sign any loser’s key without validating their identity, others can decide to not trust your identity or your signatures. (We’ll consider this sort of trust a little later.)
What to Do with Signed Keys Soyou’vesignedakey;nowwhat?Justasyoulearnedasa child,afteryou’redonewiththekey,putitbackwhereyou foundit.Ifyoudownloadedthekeyfromapublickeyserver, youcanupdatetherecordonthatkeyserver.Ifyougotthekey elsewhere,returnthesignedkeytothekeyowner. N O TE
Youcansendsomeoneelse’spublickeytoanold-stylekeyserver. Althoughyoumightthinkthiswouldbeafavor,it’sactually extremelyrude.Thepublickeyownermighthavereasonsfornot usingakeyserverandmightprefertodistributehispublickeyvia someothermethod—orhemightnotwanttopublicizethekeyat allbeyondasmallgroupofpeople.Neverpublicizesomeoneelse’s keyforthem!
When You Get New Signatures So,you’veverifiedyouridentitytosomeone,andthatperson sentyouanewpublickeyfile.Howdoyougetthatnewsignatureontoyourpublickey?Thisissimplicityitself.Justimport thepublickeyfileintoyourownpublickeyring.Yoursoftware willfigureoutthatit’syourownkey,sortoutthenewsignatures,andaddthemtoyourring.Wewilldiscussimporting keyswithPGPinChapter6andGnuPGinChapter7.
The Web of Trust
87
Keysigning Parties Thefastestwaytoaccumulatesignaturesonyourpublickey istoattendakeysigningparty,whichisagatheringofpeople forthespecificpurposeofverifyingeachother’sidentitiesand signingOpenPGPpublickeys.Youdon’thavetoknowthese peopletohavethemsignyourkey,butyouneverknowwho knowswhoandwhatfriendsandacquaintancesyoumight haveincommon.Youmightbeaskedtoprovideyourkeyid, fingerprint,andUIDtothehostaheadoftime,ortobring severalcopiesofitwithyou.(IrecommendprintingyourUID andfingerprintmultipletimesonasheetofpaperandcutting thepaperintomultiplecardsorstripssothatyoucandistributethisinformationyourself,nomatterwhatproblemsthe hosthas.)BringyourphotoID,butdonotbringacomputer. BringatleastonecopyofyourUIDandfingerprintwithyou, sothatyoucancomparethecopiesotherpeoplehavetoyour original. Keysigningpartiesflowinavarietyofways,butthegeneral methodisthateachpersonidentifieshimselftoeveryother personintheroom.Ifyou’veprovidedyourkeyinformation tothehostaheadoftime,hewillfrequentlygiveeachperson intheroomalistofkeystobeverifiedandsigned.Otherwise, you’llneedtogiveeachpersonawrittencopyofyourkey information. Aftereveryonehastheinformationonallthekeysto besigned,peoplewilltaketurnsreadingtheirowncopyof theirkeyfingerprintandUIDtotheattendees.(Youmightbe askedtowriteyourkeyinformationonanoverheadprojector instead,orotherwisebroadcastyourfingerprint.)Thisconfirmsthatthepartyhostdidn’tmixupkeyfingerprintswhen preparingthekeylistsandensuresthatevenifMalloryishostingthekeysigningpartyhecandoverylittledamage. Whenotherpeoplepresenttheirkeyinformationand ID,checkthemcarefullyjustasifyouweresigninganyother stranger’skey.Afteryouaresatisfiedwiththeowner’sidentity, markachecknexttothatkeyonyourlist.Ifsomethingabout theownerorthekeydoesn’tfeelrighttoyou,crossthatkey offthelist.Thisisasituationinwhichyoushouldlistentoyour gut—ifyouhaveanydoubtwhatsoeveraboutthekey’svalidity, crossitoffyourlist! Aftertheparty,butwithinthenextdayortwo,getout yourlistofkeys.Downloadthosekeysfromthekeyserversand comparethemwiththecheckedonesonyourlist.Ifyouare
88 Chapter 5
satisfiedthatthosekeysyoudownloadedhavethesamefingerprintasthefingerprintsyoucheckedatthekeysigningparty, andiftheUIDonthedownloadedkeymatchestheinformationyougotatthekeysigningparty,signthekeyandreturnit totheownerorthekeyserver.
Key Trust ThewordtrusthasmanydifferentmeaningsinOpenPGP, butwhenwespeakofthetrustwehaveinakeysigner,we’re concernedwithhowwellthepersonverifiestheidentityof otherOpenPGPusers.Eachpublickeyyouaddtoyourkeyring andsignneedstohaveoneofthreelevelsoftrustassignedto it.ThemethodforassigningtrustvarieswiththeOpenPGP programyou’reusing,andisdiscussedineitherChapter6or Chapter7. None AlthoughIhaveverifiedtheidentityofthekeyowner, Idonottrustthisperson’sabilitytoverifytheidentity ofotherpeople’skeys.Youmightusethistrustlevelfor familymembersorpeoplewhoareobviouslyfartoo trusting. Marginal Ihaveverifiedtheidentityofthiskeyowner,andthis personseemstobereasonablycompetentatverifyingthe identityofothers.Youmightusethistrustlevelforpeople youdon’tknow,butwhoyoumeetatakeysigningparty.If they’vebotheredtoshowupforakeysigningparty,atleast theyknowhowthingsshouldwork! Trusted Itrustthispersoncompletelywhenitcomestoverifying theidentityofpeopleandsigningtheirOpenPGPkeys. You’llalsoseeafourthleveloftrust:implicit.Thisis reservedforkeysthatyoualsohavetheprivatekeyfor.Ifyou canuseakey,chancesarethatyoutrustthatkeysignercompletely—they’reyou,afterall! You’llseehowtoassigntrusttokeysasweimportandsign theminbothPGPandGnuPG.
The Web of Trust
89
Avoiding the Web of Trust UsingoftheWebofTrustisnotnecessaryforusingOpenPGP. Infact,someuserswillnotwanttosignkeysorparticipate intheWebofTrustatall.TheWebofTrustshowseveryonein theworldalistofpeopleyouhavemet,afterall.Ifsomeone investigatesyou,signaturesonyourOpenPGPkeywillprovide aready-madelistofassociateswhoshouldalsobeinvestigated. The“networkprofiling”investigatorytechniqueinvolvesidentifyingahubofactivityanddrawinglinesbetweenthishub andothergroupstoidentifyotherhubs.TheCIAusesthisfor trackingterroristcells,theDEAusesittoanalyzedrugtrafficking,andthecasinoindustryusesittoidentifycomplexfraud schemes.TheWebofTrustcanassistnetworkprofilers. Forexample,mywifeandIhavepetrats.Wecommunicate withotherpetratownerstodiscusshealth,breeding,training, andexchangephotosofourfour-footedfamilies.Wemightuse OpenPGPtoretainmessageconfidentiality.Oneday,though, thegovernmentmightannouncea“WaronRats.”Asapublic rat-friendlyfigure,Iwouldcomeundersuspicionasapossiblehubofrattyactivity.Thegovernmentcanthenusemy OpenPGPkeyringasastartingplacetobuilditslistofother suspectsandwatchfortrafficbetweenusrat-pushingfiends. Ifyoudon’twanttobeonthelistofsuspects,havingmesign yourkeyisnotyourwisestmove.Likewise,Idon’twanttobe investigatedwhenyourhobbyisdeclaredillegal,immoral,or fattening. Asafermethodofkeymanagementisforyoutopersonallyverifythekeysofpeopleyoumustcommunicatewith.You canmakelocal(ornon-exportable)signaturesonthosekeysso thatthesignaturesremainonlyonyourlocalkeyringandare notdistributedtokeyservers.Thisgivesyoualltheadvantages ofOpenPGP,atthecostofpersonallyverifyingeachkey.Personalverificationisstillthebestwaytoverifyidentity,anyway. Fortherestofthisbook,we’llassumethatyouwillparticipateintheWebofTrust.Rememberthatyouhaveachoice, however.Everyone’sthreatmodeldiffers,andonlyyouknow therisksyourun.
90 Chapter 5
6
PGP KEY MANAGEMENT
ManagingOpenPGPkeys withPGPisassimpleascan be.Afteryouconfigureyour client,taskssuchasfindingand signingkeysshouldtakeonlyseconds. Adding Keyservers PGPdefaultstousingthekeyserverprovidedbythePGPCorporation,whichisperfectlyadequateifallyourcorrespondents arealsousingPGP,butpeopleuseavarietyofkeyserversout onthepublicInternet.Tothatend,PGPallowsyoutoadd keyserverstoitssearchlist,sothatyoucanfindnewkeysmore automaticallyinthefuture. N O TE
Somekeyserversarebetterthanothers,sodon’taddkeyserverswillynilly.PGPincludessomebuilt-inrecommendationsthataregenerally safe,andsubkeys.pgp.netisreasonablyreliable.
Toaddakeyserver: 1. SelectToolsEditKeyserverstobringupthePGP KeyserversList,asshowninFigure6-1.
Figure 6-1: The PGP Keyservers List
2. Atfirst,you’llseeonekeyserverlisted.Toaddanother, selectAdd.You’llseeascreenmuchlikeFigure6-2.
Figure 6-2: The New Server dialog box
3. PGPsupportsseveraldifferenttypesofkeyservers,from theLDAPusedbyitsownGlobalDirectorykeyserverto secureLDAPusedinenterpriseenvironments,toplain old-fashionedHTTP(orWeb).Touseanold-fashioned OpenPGPkeyserver,selectaTypeofPGPKeyserver HTTPandentertheURLintheAddressspace. 4. ClickOK,andthenewkeyservershouldappearinyourlist. Theentryforyournewkeyserverisn’texactlylikethe entryforkeyserver.pgp.com—specifically,thespacethatsays TrustedreadsNoinsteadofYes.ThisisbecausePGPincludes acopyofthepublickeyusedbytheGlobalDirectory,andall 92 Chapter 6
keysdistributedbythePGPGlobalDirectoryhavebeensigned bythiskey,providingacertainlevelofvalidation;thePGP softwaretruststhosekeys.However,averagepublickeyservers performnovalidationuponsubmittedkeys,sothosekeysare notinherentlytrustworthy.(Youcanchoosetofindindividual keystrustworthy,buttheirpresenceonakeyserverdoesnot implythis.) Althoughmanypeoplehaveuploadedtheirkeystothe PGPGlobalDirectory,youwon’tnecessarilyfindeveryone ofyourcorrespondentsthere.Ifyoufindthatyoufrequently receivemessagessignedorencryptedbypeoplewhodonot usethePGPGlobalDirectory,addingadditionalkeyserversto yoursearchwillmakefindingpublickeyssimpler. Ataminimum,Isuggestaddingsubkeys.pgp.netto yourkeyserverslistsothatwhenPGPDesktopsearchesfor someone’spublickeyitwillhaveabetterchanceoffindingit. Youmighthavetoaddotherkeyserverstothelistasyoulearn moreaboutwhichcorrespondentsusewhichkeyservers.For example,ifyou’reatauniversitywithitsownkeyserver,youwill probablywindupaddingthatkeyservertoyourkeyserverlist.
Adding Keys to Your Keyring Afteryouhavefoundsomeonewhoseidentificationseems correct,it’stimetofind,verify,andsigntheirkey.We’llwalk throughthisprocessusingPGPandaddthisperson’skeyto ourkeyringbyusingtheemailaddresstofindthekeyandthe fingerprinttoverifythatwehavethecorrectkey.
Searching Keyservers OntheleftsideofthePGPDesktop,underthePGPKeysheading,youshouldseeanoptiontoSearchforKeys.Clickitto bringuptheSearchforKeysscreen,asshowninFigure6-3, whichallowsyoutobuildveryselectivequeriesthatallowyou toidentifyaparticularkeyveryquickly.Youcansearchany keyserverinyoursystemforkeysthatmatchaparticularname, emailaddress,keytype,orjustaboutanyothercharacteristic. TheSearchboxallowsyoutochoosewhichkeyserversorlocalkeyringstosearch.(Mostpeopleonlyhaveone localkeyringcalledAllKeys,butifyou’vebeenplayingwith yoursoftwareyoumighthavemore.)Youcanbuildcomplex searchesbyrequiringasearchtomeetall,any,ornoneofthe conditionsyoudefinebelow.Theplusandminussignstothe rightallowyoutoaddadditionalconditions,includingname, emailaddress,keycreationdate,andsoon. PGP Key Management
93
Figure 6-3: The PGP Search for Keys screen
Forexample,supposethatyou,aPGPuser,wanttosign mykey.Youhavecheckedmyidentificationandthename onmykeyandareconvincedthatIamwhoIclaimtobe. Ialsogaveyoumylegalname(MichaelWarrenLucas,Jr.), keyfingerprint(67FF24978C3CC0A4B012DB67C073AC55 E68C49BC),andemailaddress(mwlucas@blackhelicopters .org).You’llopenupyourPGPDesktop,openthesearch screen,selecttheEmailsearchoption,andentermyemail addressinthetextbox. Thesearchscreenbringsupalistofallkeysthatcontain thatemailaddress.Notsurprisingly,there’sonlyonekey attachedtomyemailaddress. Toaddafoundkeytoyourlocalkeyring,right-clickthe keyandchooseAddTo,whichbringsupalistofkeyringsyour PGPsoftwareknowsabout.Mostpeoplehaveonlyonekeyring, calledAllKeys.Choosethatone,andthekeywillbeaddedto yourlocalkeyringandbevisibleinPGPDesktop.
Importing from a File Supposethatthekeyyouwanttosignisn’tonakeyserver,but isinsteaddistributedviasomeothermethodsuchasaweb page.Insuchcases,thekeyisusuallydistributedasafileyou candownload. Toimportatext-basedkey: 1. Downloadthekeytoyourdesktop,makingsuretosaveit witha.ascextensionsothatPGPwillrecognizeitasakey. 2. Right-clickthesavedfileandselectOpenWith.One optionistoimportthefilewithPGPTray,aprogramthat offerstoimportthekeyintoyourpublickeyring,sothatit willbeavailableinPGPDesktop.Choosethatoption.
94 Chapter 6
Fingerprint Comparisons Thenextstepistoconfirmthatthekeyyoufoundisthesame onethatIshowedyou.Todoso: 1. Right-clicktheimportedkeyandselectPropertiestoopen theKeyPropertiesscreen,asshowninFigure6-4.Atthe bottomoftheKeyPropertiesscreen,you’llseethefingerprint.(PGPprovidesfingerprintsbothinthestandard hexadecimalformatandabiometricformatmadeupof words.Althoughthebiometricformatlookslessintimidating,IhaveseenitonlyinsoftwarefromPGPCorporation. EverybodyelseIknowofuseshexadecimal.)
Figure 6-4: The Key Properties screen
2. Comparetheentirefingerprintwiththatlistedonthe screen.(Althoughitmightbetemptingtojustmakesure thefirstfourcharactersmatch,ifsomeonewasseriously attemptingtoimpersonateme,hemightwellkeepgeneratingrandomOpenPGPkeysuntilhegotoneinwhicha sectionofthefingerprintoverlappedtherealfingerprint, hopingthatpeoplewouldbetoolazytochecktheentire fingerprint.) 3. Ifthefingerprintmatches,leaveKeyPropertiesandrightclickthekeyonthesearchscreenagain.
PGP Key Management
95
4. Choosethefirstoption,AddTo,toaddthekeytotheAll Keyslist. 5. ReturntothemainPGPDesktopscreenbyselectingAll Keys,andyoushouldseemyprivatekeyaddedtothelist. 6. Right-clickthekeyandselectSignfromthedropdownmenu. 7. PGPdisplaysadialogboxsimilartoFigure6-5witha stronglywordedwarningatthetoptoremindyouthatif yousignthekey,youareprovidingyourpersonalcertificationthatthekeyyou’resigningactuallybelongstothe personwhoclaimstoownit.
Figure 6-5: The PGP Sign Key dialog box
8. AcheckboxatthebottomrightofthescreensaysAllow SignatureToBeExported.Ifyou’recertainthatyouverifiedthekey,checkthisbox.Thenexttimeyouupdate yourkeyring,yoursignaturewillbeaddedtothoseonthe keyserver.You’llbeattachingthiskeyowneralittlemore deeplyintotheWebofTrust.Althoughnotstrictlynecessary,signingotherpeople’skeysisconsideredthepricefor gettingyourkeysigned. 9. Adialogboxwillrequestyourpassphrase;whenyoutype it,you’vesignedthekey. 10. NowreturntotheKeyPropertiesscreenforyournewly importedkey.YoushouldseethattheValiditytabnow hasagreendotandthewordValidbesideit.Whileyou’re here,youneedtodecidewhatleveloftrustyouhavein thisparticularkeysigner(asdiscussedinChapter5).You cansetthetrustbysimplyclickingthevalueandchoosing eitherNone,Marginal,orTrusted.
96 Chapter 6
Returning the Signed Key Nowthatyouhavesignedthekey,returnit(withyouradded signature)towhereyougotitfrom.Ifthekeywasdistributed fromakeyserver,justright-clickthekeyinPGPDesktopand selectSynchronizetotransmititbacktothekeyserver.Ifyou gotthekeyfromafile,website,orsomeothermethod,however,youreallyshouldreturnittothekeyownerdirectly.The keyownerhasagoodreasonfornotpublicizingakeyviaakeyserver.Neversubmitsomeoneelse’skeytoakeyserver! Toreturnthekeytoitsowner,right-clickthekeyentry andchooseExport,thenchooseafileinwhichtosavethe exportedkey.Returntheexportfiletotheownerinwhatever methodseemsbest;emailisOKforexportedkeys.
Viewing Signatures Whenyouaddapublickeytoyourkeyring,onequestionto askis“Whoelsehassignedthiskey?” Toviewotherkeysigners,usethePGPDesktop.Justclick thelittleplussign(+)bythekeytoexpandthekeydescription, andyou’llseealistofallthesignersofthatkey,asshownin Figure6-6.
Figure 6-6: Signatures on a key
HerewecanseethatthekeyforMichaelWarrenLucas,Jr. hasbeensignedbyhimself,byGregDonner,andbythePGP GlobalDirectory.
Updating Signatures Overtime,keysarerevoked,arereplaced,andaccumulatenew signatures.Thesechangesaremadeavailableonthekeyservers.UsetheSynchronizeKeysfunctionsinPGPtoupdateyour keyring. TheKeystabofthePGPOptionspanel(accessibleunder theToolsmenu)includesacheckboxforautomaticsynchronization.Ifthischeckboxisselected,PGPwillregularlyupdate itslocalkeyswiththelatestonesfromthePGPGlobalDirectory(oranyotherkeyserveryoumighthaveaddedtoyour system).
PGP Key Management
97
Adding Photos to Your Keys Nowthatyou’realittlemoreconversantwiththefeaturesof PGPandcanwanderatwillthroughthemanyoptionsPGP Desktopoffers,let’saddaphotographtoyourkey.Getadigital photographofyourself,andmakesureit’sinaformatsuitable foranOpenPGPkey,asdiscussedinChapter2.Onceyouhave aphotographready,followthesesteps: 1. OpenuptheKeyPropertiesscreenforyourpublickey, asshowninFigure6-4. 2. Right-clickonthelargekeylogoontheleft-handsideand selectAddPhoto.ThisbringsuptheAddPhotodialog box,asshowninFigure6-7.
Figure 6-7: The Add Photo dialog box
3. Draganddropyourphotointothisdialogbox.PGP Desktopwillaskforyourpassphrase.Onceyouenter yourpassphrase,yourkeywillbeupdatedwithyour photograph! Toviewanotherkey’sphotograph,checktheKey Propertiesforthatkey. Nowthatyou’vegotagoodgriponyourkeyandtheWeb ofTrust,let’sgoontolookatemailandOpenPGP.
98 Chapter 6
7
MANAGING GNUPG KEYS
ManagingkeysinGnuPG canbealittlemoredifficult thanwithPGP,simplybecause thevarietyoftoolsdon’talways integrateseamlessly.We’llfocusonthe command-linemanagementofkeys,with somepointerstotheWinPTgraphic interface. Keyservers GnuPGallowsyoutochooseadefaultkeyserver,whichyoucan overrideonthecommandline.LikesomanyotherGnuPGfeatures,yousetyourdefaultkeyserverinthegpg.conffile: keyserver hkp://subkeys.pgp.net
ThehkpstandsforHorowitzKeyserverProtocol,whichisused toexchangekeysoveranetwork.ManyOpenPGPclientsuse HKP,butyoudon’tneedtoknowanythingaboutitsinternals. HKPrunsoverTCPport11371,soifyou’rebehindafirewall andcannotaccessthatport,you’llhavedifficultycommunicatingwiththekeyserver. Listthehostnameofthekeyserverafterthehkp://,much liketheURLforawebsite. Afteryouhaveaddedthisentryintogpg.conf,GPGwill assumethatthisisyourkeyserver.Youcanoverridethischoice atanytimewiththecommand-lineoption: --keyserver NOTE
Fromhereon,theexamplesassumethatyouhavesetakeyserveroption inyourgpg.conffileoryourWinPTinstallation.Ifyoudon’twantto dothatbutarefollowingtheexamples,addthecommand-lineoption --keyserver subkeys.pgp.nettoeverycommandinvolvingakeyserver throughouttherestofthisbook.
Keyserver Options YoucantweakGnuPG’sinteractionswithkeyserversextensively. MostofthosetweaksareusefulonlyfordebuggingGnuPG problems,butacouplewillcomeinhandyfordailyuse.(Read thegpg(1)manpageforthecompletelistofoptions.) OneoptionIfindusefulisautomatickeyretrieval.When youreceiveasignedorencryptedmessage,GnuPGchecksits localkeyringforakeythatmatchesthesenderofthatmessage. Ifitcan’tfindamatchingkeyforamessagethatit’strying todecryptorauthenticate,GnuPGnormallystopsdeadand waitsforyoutoloadtheproperpublickeyintoyourkeyring.If you’relazyanddon’twanttosearchforakeybyhand,youcan setthekeyserveroptionauto-key-retrieve.Althoughthisprocedurewon’thelpifyou’resigningsomeone’skey,itwillmakeit simplertohandleexchangingdocuments(suchasemail). AnotherhelpfuloptioncanmakeGnuPGproducemore detailedoutputabouttheactionsittakesandanyproblemsit encounters.Ifyou’retryingtounderstandhowGnuPGworks, eitheroutofcuriosityorinanattempttodebugaproblem, youcanusetheverboseoptiontomakeGnuPGmorechattyas itgoesaboutitswork. keyserver-options auto-key-retrieve, verbose
100 Chapter 7
Keyservers and WinPT ToseethelistofkeyserversinWinPT,openupKeyManagerandselecttheKeyserveroptionfromthetopofthe window.(Figure4-11showstheKeyManagerwiththe Keyserveroption.)TheKeyserverAccessscreenwilldisplay withalistofsupportedkeyservers,asshowninFigure7-1.
Figure 7-1: The Keyserver Access screen
YoucanselectadefaultkeyserverfromthelistbyhighlightingaservernameandclickingDefault.Thedefaultkeyserver willthenbemarkedwithanXintheDefaultcolumn.InFigure7-1,thedefaultkeyserverissubkeys.pgp.net. WinPTdoesnotcontrolitskeyserverswithgpg.conf. Instead,WinPTkeepsitsownlistinC:\ProgramFiles\GnuPT\ WPT\keyserver.conf.ThisisjustaplaintextfilelistingkeyserversthatshowupintheWinPTGUI,withonekeyserverper line.YoumustrestartWinPTforchangesinthekeyserverlist totakeeffect.
Adding Keys to Your Keyring Supposethatonedayyoureceiveadigitallysignedmessage frommyemailaddress([email protected]). Althoughyoudon’tneedmypublickeytoreadthismessage, Managing GnuPG Keys
101
youneedtogetacopyofittoverifythatIactuallysentthis message.Ifyou’reusingGnuPG’sautomatickeyretrieval, you’reallset;ifnot,you’llneedmypublickey’skeyidtofetch thekey. Ifyouremailclientdoesn’tdisplaymykeyid,youneed tosearchyourkeyserver’swebinterfaceforit.Mostkeyservers,includingallthosethatservesubkeys.pgp.net,haveaweb interface.Ifyousearchforkeysusingmyemailaddressasa searchterm,you’llgetananswermuchlikethis: pub 1024D/E68C49BC 2007-02-21 Michael Warren Lucas Jr (Author, consultant, sysadmin) Fingerprint=67FF 2497 8C3C C0A4 B012 DB67 C073 AC55 E68C 49BC
Thekeyserverspitsbackmykeyid,thedatethekey wascreated,theowner’suserID(UID),andthekey fingerprint.Toimportthekey,weneedthekeyid,whichis E68049BCinthiscase.
Command-Line Key Fetching Tofetchakeyusinggpgfromthecommandline,usethe --recv-keysoptionandthekeyidtodownloadthekeyfrom yourpreferredkeyserver,likeso: # gpg --recv-keys E68C49BC gpg: requesting key E68C49BC from hkp server subkeys.pgp.net gpg: key E68C49BC: public key "Michael Warren Lucas Jr (Author, consultant, sysadmin) " imported gpg: Total number processed: 1 gpg: imported: 1 #
Here,weaskedourpreferredkeyserverforthe publickeywiththekeyidE68C49BC.Itrespondedwith apublickey,anditprintsouttheUIDsothatweknowwe gottherightkey.Finally,GnuPGliststhenumberofkeys ithasimported.
Command-Line Key Viewing Toviewallthekeyscurrentlyonyourpublickeyring,usethe gpg --list-keysoption,likeso: # gpg --list-keys /home/mwlucas/.gnupg/pubring.gpg -------------------------------pub 1024D/E68C49BC 2007-02-21
102 Chapter 7
uid Michael Warren Lucas Jr (Author, consultant, sysadmin) sub 2048g/A67199A7 2007-02-21
GnuPGbeginsbyprintingoutthenameofthefilein whichthepublickeyringiskept,whichshouldalwaysbethe pubring.gpgfileinyourGnuPGhomedirectory.(Remember, wediscussedtheGnuPGhomedirectoryinChapter4.) Next,you’llseealabelforthetypeofkeydisplayed;in thiscase,it’sapublickey.Wehavethekeylengthand thekeyidofthiskey,andthecreationdate.Thekey’s UIDisgivenonitsownline,withanysubkeysofthe mainOpenPGPkeylistedafterward.(Subkeysarekeypairs thataresubordinatetothemainOpenPGPkey,andmany peoplehighlyskilledwithOpenPGPhavethemontheirkeys. Yougenerallydon’thavetoworryaboutthesesubkeys,but don’tbeconcernedwhentheyappear.) Toviewthekeysonyourprivatekeyring,usethe--listsecret-keysoption. # gpg --list-secret-keys /home/mwlucas/.gnupg/secring.gpg -------------------------------sec 1024D/E68C49BC 2007-02-21 uid Michael Warren Lucas Jr (Author, consultant, sysadmin) ssb 2048g/A67199A7 2007-02-21
Theresultlooksmuchlikethepublickeyslist,witha coupleofexceptions:Theprivatekeyislabeledsecfor secret,andthesubkeyislabeledssbforsecretsubkey. Asyourkeyringsgrow,thecommands--list-keysand --list-secret-keyswillcreatemultiplescreensofoutput.In theseexamples,ourkeyringonlyhasasinglekeyonit:mine. Ifeachkeyentrytakesuponlythreelines,whenyouhave ninekeysonyourkeyringitwillmorethanfillanaverage command-linewindow.Youalsodon’twanttohavetosort throughdozensorhundredsofentriestofindthesinglekey youwant.Toviewonlytheentryforasinglekey,enteraunique keyidentifierafterthe--listoption.Forexample,toviewonly mypublickeyinformation,youcouldrunthefollowing: # gpg --list-keys [email protected]
Whenyouhavehundredsofkeysonyourkeyring,using thiscommandtolistonlyspecifickeyscanmakekeyviewing muchmorereasonable. Managing GnuPG Keys
103
WinPT Key Viewing and Fetching TovieworfetchyourkeysusingWinPT: 1. OpentheWinPTKeyManagerbydouble-clickingthe WinPTiconinthelower-rightcornerofthescreen.The KeyManagerlistsallkeys(bothpublicandprivate)on yourkeyrings.(RefertoFigure4-11foradiagramofthe KeyManager.) 2. ClicktheKeyservertaboftheKeyManager.TheKeyserver Accessscreendisplays(refertoFigure7-1). 3. Highlightthekeyserveryouwanttouse,enterthekeyid oremailaddressinthespaceatthebottomofthepage, andclickReceive.WinPTshouldcontactyourchosenkeyserver,downloadthechosenkey,andaddittoyourpublic keyring.
Command-Line Key Imports Ifapublickeyisdistributedviaamethodotherthanakeyserver(suchasawebsite),youcanbringitintoGnuPGby usingthe--importoptionandthefilename.Forexample, here’showIwouldimportmyfriendGreg’spublickey: #gpg --import gedonner.asc gpg: key E2F41133: public key "Greg Donner " imported gpg: Total number processed: 1 gpg: imported: 1 (RSA: 1)
GnuPGimportsthenewpublickeyfromthefile gedonner.asc,thenprintsthekeyidithasfoundinthepublickeyfileaswellastheUID.
WinPT File Imports ToimportakeywithWinPT: 1. Savethekeyfilewitha.ascextension. 2. Right-clickthekeyfileandselectOpenWith;youshould seeWindowsPrivacyTray(WinPT)asanoption. 3. SelectWindowsPrivacyTray(WinPT).WinPTshould importthekey(s)inthefileandreportonitsresults.
104 Chapter 7
Signing a Key Nowthatyouknowhowtograbotherpeople’skeysfroma keyserver,let’shookthosekeysintoourWebofTrust.First,of course,youneedtochecktheotherperson’sID,confirmthe identity,andalsonotetheemailaddressandkeyfingerprint. Afteryouhaveconfirmedthisinformation,youneedtosign thepublickey,whichinvolvescheckingthefingerprintofthe downloadedpublickey,digitallysigningthekey,andthen returningthekeytotheowner.
Checking Fingerprints Let’sassumethatyouimportedakeythatlooksliketheother person’skey.Inthisexample,I’mconsideringsigningmy friendGreg’skey.AlthoughI’veknownGregforyears,Istill checkedhisIDandmadehimgivemehiskeyfingerprint.He sayshisfingerprintisB1475969B88D3582C05EBB8391B5 AA6AE2F41133.Toshowthefingerprintforonlyhiskey,Iuse the--fingerprintoptionandgivehisemailaddressasfollows. #gpg --fingerprint [email protected] pub 2048R/E2F41133 2007-06-25 Key fingerprint = B147 5969 B88D 3582 C05E BB83 91B5 AA6A E2F4 1133 uid Greg Donner sub 2048R/8373FD79 2007-06-25
Theoutputcloselyresemblesthe--list-keysoutput,with theadditionofthelinethatprintsthefingerprint.With thisinformationconfirmed,right-clickthekeyinWinPT’s KeyManagerandselectKeyPropertiestoshowthefingerprint.Afteryouconfirmthefingerprint,youcansignthekey.
Signing Keys on the Command Line Tosignkeysatthecommandline,usethe--signoptionand thekeyid. # gpg --sign-key E2F41133 pub 2048R/E2F41133 created: 2007-06-25 expires: never usage: CS trust: unknown validity: unknown sub 2048R/8373FD79 created: 2007-06-25 expires: never usage: E [ unknown] (1). Greg Donner pub 2048R/E2F41133 created: 2007-06-25 expires: never usage: CS trust: unknown validity: unknown Primary key fingerprint: B147 5969 B88D 3582 C05E BB83 91B5 AA6A E2F4 1133
Managing GnuPG Keys
105
Greg Donner Are you sure that you want to sign this key with your key "Michael Warren Lucas Jr (Author, consultant, sysadmin) " (E68C49BC) Really sign? (y/N) y
Asyoucansee,GPGshowsdetailsaboutthekeywiththe givenkeyid,includingthekeyid,thefingerprint,and theUIDofthepublickey.Itthenaskswhetheryoureally wanttosignthekeywithyourprivatekey.Ifthekeyid,fingerprint,andUIDmatchtheowner’sidentification,entery tosignthekey.You’llbepromptedforyourpassphrase,after whichGnuPGwillsignthekey.
Signing Keys in WinPT TosignkeyswithWinPT: 1. Right-clickthekeyyouwanttosign,whichshouldbringup aKeySigningdialogboxthatliststhefingerprintandthe selectedkey’sUID. NOTE
Bydefault,WinPTsignskeysinanonexportablemanner,meaningthatthesignatureisgoodonlyforyourpersonalWebofTrust, butotherpeoplecannotrelyonyourvalidation.Althoughthismight begoodsafeguardforuneducatedOpenPGPusers,younowhavea prettygoodideaofhowtoverifyanidentity.IrecommenduncheckingtheSignLocalOnlyboxifyouareparticipatingintheWeb ofTrustandyouhaveproperlyvalidatedthekeyowner’sidentity. (Ifyouhaven’t,youshouldn’tbesigningthekey!) 2. Choosetoenteranexpirationdateforthesignatureifyou want,althoughthat’snotgenerallynecessary. 3. Ifyouhavemultipleprivatekeys,WinPTallowsyouto choosewhichonetouseforsigningpurposes. 4. Finally,you’reaskedforthepassphraseforyourkey.Enter itandyoushouldseeadialogboxaskingyouhowcarefullyyouhaveverifiedtheidentityofthekeyowner.These rangefromIHaveNotCheckedAtAlltoIHaveChecked VeryCarefully.Presumably,youcheckedverycarefully; checktheappropriatebox.
106 Chapter 7
Viewing Key Signatures Afteryousignakey,youshouldconfirmthatthesignatureis reallythere. Command Line Todothisfromthecommandline,viewthesignatureswiththe --list-sigsoptionandthekeyidofthepublickeyinquestion. # gpg --list-sigs e2f41133 pub 2048R/E2F41133 2007-06-25 uid Greg Donner sig N E2F41133 2007-06-25 Greg Donner sig E68C49BC 2007-07-19 Michael Warren Lucas Jr (Author, consultant, sysadmin) sub 2048R/8373FD79 2007-06-25 sig E2F41133 2007-06-25 Greg Donner
Here,we’reaskingforthecompletelistofsignatureson thekeywiththekeyidE2F41133.Thiskeyhasonlytwosignatures:oneistheoriginalowner’ssignature,andtheother ismine. Now,whenIreceiveOpenPGP-encryptedor-signedmail fromGreg,Iknowitisauthentic.Presumably,Greghasalso verifiedandsignedmykey,andwehaveourownpersonal WebofTrust.However,totieeachotherintothepublicWeb ofTrustwemustpublicizethesignaturesonourkeys.(Just remembertoputthesignedkeybackwhereyougotit!) WinPT ToviewsignaturesinWinPT,right-clickthekeyyouwantto checkandselectViewSignaturesfromthedrop-downmenu. Toexportsomeoneelse’spublickeythatyousigned,do thesameasifyouwereexportingyourownpublickeytoafile.
Command-Line Exports Toexportapublickeyfromthecommandline,you’llneedthe keyidandafiletoputitin. # gpg --output gedonner.asc --armor --export E2F41133
Here,wetellGnuPGtoputtheresultsofitsworkin thefilegedonner.asc,protectthecontentswithASCII armor,andexport(orcopy)thepublickeywiththe
Managing GnuPG Keys
107
keyidE2F41133fromyourpublickeyring.Thisisalmostidenticaltoexportingyourownpublickey. ThisexportedfileincludesGreg’spublickey,mysignatureofhiskey,andanyothersignaturesthatwereonthekey beforeIsignedit.Anotherusercanimportthisexported keyfile,eitherbyaddingthekeytohiskeyringorbymerginganynewsignaturesontotheexistingcopyofthatkeyas appropriate. Youshouldreturnthesignedpublickeytothekeyowner inanencrypted,signedemailandallowhimtointegrate yoursignatureintohispublickeyandthendistributeitashe seesfit.
WinPT Exports ToexportakeyfromWinPT,right-clickthekeyinKeyManagerandselectCopyKeyToClipboard.Youcanthencreate anewtextfileandcopythekeyintoit.Givethefileaname indicativeofitscontentsanda.ascextension,sootherpeople’s systemswillrecognizeitasaproperOpenPGPpublickey.
Importing New Signatures Whensomeonesendsyouafilewithasignatureaddedto yourpublickey,youaddthatsignatureontoyourpublickey byimportingthepublickeyintoyourownpublickeyring. GnuPGwillsortoutthenewsignaturesandintegratethem withyourpublickey.
Pushing Signatures to Keyservers Ifyouretrievedaperson’spublickeyfromakeyserver,youcan updatethekeydirectlyonthekeyserver(althoughonlyifthe keyhasalreadybeenpublicizedonakeyserver!). Command Line Todosofromthecommandline,usethe--send-keysoption toupdatethekeyserver’srecordofaparticularkey,justasif youwerefirstpublicizingyourkey.Here,IrefreshGreg’skey (keyidE2F41133)onthekeyserver: # gpg --send-keys E2F41133
WinPT ToupdateakeyserverinWinPT,right-clickthekeyinKeyManagerandselectSendToKeyserver.Thenchooseyourdefault keyserver. 108 Chapter 7
Updating Keys Wheneveryouaddsignaturestoyourpersonalpublickey,you shouldannouncethoseadditionalsignaturesusingthesame keyserveryouuploadedyourkeytointhefirstplace.Every monthorso,checkyourkeyringtoconfirmthatthekeysyou downloadedpreviouslyarestillvalidandtoupdateyourcopies withanyadditionalsignaturesthatyourkeyshavecollected. Youcandosowiththe--refresh-keysoption. # gpg --refresh-keys gpg: refreshing 31 keys from hkp://subkeys.pgp.net gpg: requesting key D4ED7B9F from hkp server subkeys.pgp.net gpg: requesting key ... ...
GnuPGannouncesthenumberofkeysonyourpublic keyringandthekeyserveritistryingtocheckthemagainst, andthenlistseachkeybykeyidasittriestofetcheachfrom thekeyserver.Ifakeyisnotonthekeyserver,you’llseeabrief noticelikethis: 1718CCCE595F038CA0D83C12EC398AB271 not found on keyserver
Inthisexample,Iinstalledthisparticularkeyfroman exportedfile,andthekeyisnotavailableonakeyserver.To checkthiskeyfornewsignatures,IneedtoreturntowhereI gotthekeyfrominthefirstplaceandgetanewpublickeyfile. NOTE
Ifakeyhaschanged,GnuPGwilldisplaythosechangesandupdate thecopyofthatkeyonyourpublickeyring. Attheendoftheupdateprocess,GnuPGprintsthenumberofkeysit’schecked,thenumberofunchangedkeys,and thenumberofnewsignaturesithasfound.
Deleting Public Keys from Your Keyring Ifyouhaverefusedtosignapublickeyforwhateverreason, youprobablydon’twantitonyourpublickeyring.Thesame goesforthepublickeyofsomeonewithwhomyounolonger correspond. Command Line Todeleteapublickeyfromyourkeyring,usethe--delete-key optionandthekeyid. Managing GnuPG Keys
109
# gpg --delete-keys E2F41133 pub
2048R/E2F41133 2007-06-25 Greg Donner
Delete this key from the keyring? (y/N) y
GnuPGgivesyoueverychancetodouble-checkthekey thatyouwanttodeletebypresentingthekeyidanditsUID beforerequestingconfirmation.Ifthisreallyisthekeyyou wanttodelete,entery,andthekeywilldisappearfromyour publickeyring. WinPT TodeleteakeyfromWinPT,right-clickthekeyinKeyManagerandselectDelete.
GnuPG and Photos GnuPGcanaddphotostoOpenPGPkeysandviewthekeyson otherpeople’skeys.PhotoIDscanbeaniceadditiontoyour OpenPGPkey,asdiscussedinChapter2.Nowthatyouknow alittlemoreaboutGnuPGandkeymanagement,youcanadd photostoyourownkeyandviewphotosonotherusers’keys.
Adding Photos to Your Key GnuPGincludesaverysophisticatedandpowerfulkeypaireditor.Thiseditorgivesyouthepowertotweakyourkeyinany wayyoucanimagine.Mostofthesetweakswillrenderanaverageuser’skeyuseless,soIwon’tcovertheeditorinanydepth. Youmustusethiseditortoaddaphoto,however.Entertheeditorwiththe--edit-keyoptionandyourkeyidoremailaddress. # gpg --edit-key [email protected] Secret key is available. pub
1024D/E68C49BC created: 2007-02-21 expires: never usage: CS trust: ultimate validity: ultimate sub 2048g/A67199A7 created: 2007-02-21 expires: never usage: E [ultimate] (1). Michael Warren Lucas Jr (Author, consultant, sysadmin) Command>
GnuPGwilltellyouthatyouhavethesecretkeyforthe keyyou’rechoosingtoedit—whichyoucertainlyshould,as it’syourkey!ItwillalsolistthekeyidandtheUIDofthis 110 Chapter 7
key.Makesurethatthisisyourkeybeforecontinuing.Finally, GnuPGwillprovideacommandpromptfortheeditor.Use theaddphotocommand. Command>addphoto Pick an image to use for your photo ID. The image must be a JPEG file. Remember that the image is stored within your public key. If you use a very large picture, your key will become very large as well! Keeping the image close to 240x288 is a good size to use. Enter JPEG filename for photo ID: c:/temp/photo.jpg
WhenGnuPGasksforthefilenameforthephoto,give thefullnameincludingthepath.(Youdon’tneedthefull pathifyou’rerunningthecommandfromthedirectorywhere thefilecanbefound,butIusuallyspecifythefullpathjustto becertain.)GnuPGwilllaunchanimageviewertoshowthe picture.Lookatthepictureandmakesurethatit’sreallythe photoofyouthatyouwishtoadvertisetotheworld.Ifthis pictureiscorrect,exittheimageviewer.GnuPGwillprompt youagain: Is this photo correct (y/N/q)? y
GnuPGwillthenrequestyourpassphrase,toprove thatyouareactuallyallowedtomakethischange.Enter yourpassphrase. Command> save
Thiswillreturnyoutoacommandprompt.Ifyoumadea mistake,youcanenterquitinsteadofsavetoabortthechange.
Viewing Photos with GnuPG Youmustuseagraphicaloperatingsystemtoviewphotos withGnuPG.ThisincludesMicrosoftWindowsorUnix-like operatingsystemsrunningXWindows.Toviewaphotograph attachedtoakey,usethe--list-options show-photocommandlineoptionbefore--list-keys. # gpg --list-options show-photos --list-keys [email protected]
Thiswilldisplaytheinformationformykeyandlaunchan imageviewertodisplaythepictureinyourchosenkey.Becarefulthatyoudon’tjustlistallthekeysonyourkeyring;chances Managing GnuPG Keys
111
arethatmanyofthosekeyshaveapicture,andyou’llspawna separateimageviewerforeachkeywithapicture.Ifyouhavea largekeyring,thisopensdozensifnothundredsofimages!
WinPT and Photos ToaddaphototoyourkeypairusingWinPT,opentheWinPT KeyManager(asshowninFigure4-11onpage65).Right-click onyourkey,andchooseAdd... FromtheAddsubmenu,selectPhoto.WinPTwillopenthe AddPhotoIDdialogboxasshowninFigure7-2.
Figure 7-2: The Add Photo ID dialog box
Givethefullpathtoyourphotoandenteryourpassphrase. WinPTwilladdthephototoyourkey. ToviewaphotowithWinPT,double-clickonthephoto inKeyManager.TheKeyPropertiesdialogboxwillappear,as showninFigure7-3.
Figure 7-3: The Key Properties dialog box with a photograph 112 Chapter 7
WinPTisperhapstheeasiestwaytohandlephotoswith GnuPG.
Building the Web of Trust with GnuPG Nowthatyouknowhowtomanageyourkeyring,let’sbuild ourWebofTrustwithGnuPG.
PGP YousawinChapter6thatPGP’strustmodelisverystraightforward:Ifapublickeyissignedbysomeonewhosekeyyouhave signed,thatkeyistrusted,whichmakesitveryeasytobuilda WebofTrustwithPGP.
GnuPG GnuPGisalittlemoreparanoid(or,ifyouprefer,“proper”). Youcanassigndegreesoftrusttoeverypublickeyonyourkeyring(asIdiscussedatthetailendofChapter5).ForGnuPG totrustapreviouslyunknownkey,thatkeymustbesignedby onefullytrustedpersonorthreemarginallytrustedpeople. Remember,thisisnottrustasin“Here,holdmywinninglotteryticket.”We’respecificallytalkingabouttheperson’sability tovalidatetheidentityofothersandtheirconsistencyindoing socorrectly.Youcanassignyourtrustofaparticularkeywith eitherthecommandlineorWinPT. GnuPGstorestrustinformationinthefile$GPGHOME/ trustdb.gpg.Trustinformationisindependentfromthepublic keysthemselvesbecausewealltrustdifferentpeopletodifferentdegrees. NOTE
Updatethetrustdatabaseregularlytokeepthisfrombecominganoverwhelmingjob.It’smucheasiertoaddtrustvaluesforthehalf-dozen newOpenPGPusersyoutalkedtointhelastweekthantoaddthem forthehundredsofpeopleyoucorrespondedwithinthelastyear!
Command-Line Trust Configuration Usethe--update-trustdboptiontoassignatrustleveltoevery keyonyourpublickeyring.Thiscommandwilliterateover everykeyinyourpublickeyringandgiveyouanopportunity toassignatrustvaluetoeachone. # gpg --update-trustdb ... Please decide how far you trust this user to correctly verify other users' keys (by looking at passports, checking fingerprints from different sources, etc.) Managing GnuPG Keys
113
1 2 3 4 s q
= = = = = =
I don't know or won't say I do NOT trust I trust marginally I trust fully skip this key quit
Your decision? 1
GnuPGwilldisplaythebasicinformationforeachkey, includingitsUIDandfingerprint,andthenaskyoutochoose howmuchyoutrustthisperson’sabilitytoidentifyother OpenPGPusers.Picktheappropriatevalueforeachperson inyourkeyring,andGnuPGwillbuildyourpersonalWebof Trustbasedonyourpreferences. Ifyou’reinanydoubtwhatsoeveraboutakey,use“Idon’t knoworwon’tsay,”whichallowsyoutousethosekeyswithout makinganycommitmentstotrustingtheuser.
WinPT Trust Configuration ToconfiguretrustinWinPT: 1. Right-clickthekeyinKeyManagerandselectKey Properties. 2. Atthebottomofthedialogbox,you’llseeaspacelabeled Ownertrust.SelecttheChangebuttontoassignalevelof trusttothisowner. Nowthatyouhavetrust,let’sseehowOpenPGPworks withemail.
114 Chapter 7
8
OPENPGP AND EMAIL
LearninghowOpenPGPworks andhowtouseittomanage yourkeyringhasjustbeena warm-uptotherealmeatofthis book:usingOpenPGPwithemail. BothPGPandGnuPGextendmailprogramstoinclude OpenPGPfunctions.Asyou’llsoonsee,OpenPGPoperations inallmailprogramsareverysimilarafteryoulearnwhereyour particularclientputsthe“encrypt”and“sign”buttons.After youcanuseoneOpenPGPprogramwithaparticularemail client,youcanextendthatknowledgetocoverotheremail clients. BackinChapter1,wehadatablethatlistedalltheactions youcouldperformwithOpenPGP.Thatwasbeforeyouknew wordssuchasnonrepudiation,however,andsoitmightnothave meantasmuchtoyouasitdoesnow.Takealookatitagain here(Table8-1)withyournewfoundcryptographicwisdom, andseehowpublickeys,privatekeys,anddigitalsignaturesall
tietogethertocreateachosenlevelofprivacy.Afteryoubegin workingwithOpenPGPonadailybasis,itwon’ttakelongto learnwhentousethesixfeaturesinTable8-1. Table 8-1: Key Usages Desired Effect
Action
I want anyone who reads this message to know beyond a doubt that I sent it—I cannot
Digitally sign the message with your private key.
repudiate it. I want to verify the identity of the person who sent a digitally signed message to see whether the apparent sender is the real sender.
Verify the signature with the sender’s public key.
I want to send a message that only my intended recipient can read.
Encrypt the message with the recipient’s public key.
I want to decrypt a message that I received.
Decrypt the message with your private key.
I want my message to be readable only by my intended recipient, and I want the recipient to be able to verify that the message came from me.
Encrypt the message with the recipient’s public key and digitally sign the message with your private key.
I want to decrypt and verify a message that includes a digital signature.
Decrypt the message with your private key and verify the signature with the sender’s public key.
Message Encoding Whenusedwithemail,OpenPGPusestwodifferentmethods toencodemessages.PGP/MIMEisthemoremodernchoice, beingattachment-based,butnotallmailclientssupportit.The olderinlineencoding,alsoknownasclearsigning,workswellfor basicemailmessages.ThechoiceofencodingvarieswithdifferentemailclientsandOpenPGPprograms,andI’lldiscuss theoptionsinthefollowingsections.
Inline Encoding Inlineencodingoccursdirectlywithinthebodyoftheemail message.Whenyousignamessagewithinlineencoding,the messagebodyiseditedtoincludeanOpenPGPsignatureat theveryendofthemessage.Whenencryptingandsigninga message,theencryptedmessagereplacestheoriginalmessage bodycompletely.
116 Chapter 8
Ifyouopenaninline-encryptedmessagewithoutusing anOpenPGPprogram,itwillstartofflookingmuchlikethe following: -----BEGIN PGP MESSAGE----Version: PGP Desktop 9.0.2 (Build 2433) qANQR1DBwU4D2jTKQaZxmacQCACbxrL+clBol8wB1R16tr5vXFFLurHsug9Qk6Cq ...
Notmuchtolookatifyoucan’tdecodeit. Inline Encryption Trade-Offs Inlineencryptionisaboutassimpleasyoucanget,butas timehaspassed,itslimitationshavebecomemoreandmore apparent.Inlineencryptioncanhavetroublewithnon-English charactersets,attachments,andbinarydocuments. Non-Englishcharactersets(suchasthesymbolsused forChineseorRussiantext)cancauseproblemsforinline encryption.EmailwasdesignedbyEnglishspeakersforEnglish speakers,andmailprogramsalreadyjumpthroughhoopsto managenon-Englishcharactersets.1CombiningthesecharacterswithOpenPGPcancauseunpredictableeffects,depending onyourcombinationofemailclientandOpenPGPsoftware. Similarly,attachmentscanbeproblematicwithinline encryption.Youremailclientmightencryptyourmessagebody butleavetheattachmentunencrypted.Touseinlineencryptioninsuchacase,youwouldneedtoencryptyourattachment separatelyandattachthesignatureandtheencryptedattachmenttothemessage.Also,whenusinginlineencryption,you cannotencodebinarydata,suchasPDFs,MicrosoftWord documents,digitalphotos,andsoon. Finally,asifallthisweren’tenough,mailserverscancorruptclearsignedmessages. Ontheotherhand,inspiteofthesechallengeswithinline encryption,OpenPGP-signedmessagesthatuseinlineencodingcanbereadbyanymailclient. Whenyouuseinlineencryption,youmustbeawareofhow yourmailclientinteractswithyourOpenPGPsoftwareinthese circumstances.Wediscusstheseinteractionsinthenexttwo 1
Iliketothinkthatiftheoriginalcreatorsofemailrealizedthatitwouldbe usedbypeopleallovertheworldinsteadofjustahandfulofhighlyskilled engineers,theywouldhaveanticipatedtheseproblemsanddesignedaround them.Thenagain,ifthecreatorshadrealizedwhattheirinnocenttoolwould become,theymighthavejustgivenupthewholethingasabadideaand boughtextrastamps. OpenPGP and Email
117
chapters.Inanutshell,PGPCorporationputsalotofwork intomakinginlineencryptionworkproperlyandeasilyfor everyone,whereasGnuPGvarieswithdifferentclients. PGP/MIMEwasdesignedtoaddressalltheseissuesand handlethesecaseswithouttrouble.
PGP/MIME Ifyou’reacomputergeek,you’veprobablyseentheexpressionMIMEtypebefore.MIME,orMultipurposeInternetMail Extension,isawholesetofstandardsforencodingemail. PGP/MIMEistheencodingmethoddesignedforOpenPGP email.PGP/MIMEgetsaroundtheproblemswithinline encryptionbytreatingabsolutelyeverythingasanattachment: Theencryptedmessageissentasanattachment,thesigned messageandsignaturesaresentasattachments,andanything youattachisencryptedandattached. Mailserversandmailclientstreatattachmentsandemail messagesdifferently:Mailserversnevermodifyattachments, andmailclientstreatattachmentsasseparateobjects.Because attachmentsareleftalone,PGP/MIMEmakesitmuchsimpler toencryptmessagesthatusedifferentcharactersetsorbinary files. Generallyspeaking,allemailclients,aswellasOpenPGPimplementations,canreadbothinlineandPGP/MIME encodingunlessotherwisenotedintheprogram.PGPwill handleeachtypeofencoding,whereasGnuPGhaslimitations dependingonthemailclientyou’reusing.Somemailclients workbetterwithGnuPGthanothers. OTHER ENCODINGS Many people and companies have created their own email security systems in the last two decades. Most of these systems have received limited acceptance, whereas others were popular for a time and then disappeared. You might see references to these other encoding systems, such as S/MIME. Some mail clients include support for S/MIME, but that’s not OpenPGP. If you’re exploring your email program and find a checkbox that says something about S/MIME, you’re in the wrong spot.
Email Client Integration YoucanintegrateOpenPGPwithyouremailclientusingeither proxiesorplug-ins. 118 Chapter 8
Proxies Aproxyisasmallprogramthatrunsonyourcomputerand sitsbetweenyouremailclientandyourmailserver.Theproxy sendsandreceivesemailsenttoyourmailserver,andthemail clientsendsandreceivesmailonlythroughtheproxy. Proxiesworkwithanymailclient,buttheyarenotas tightlyintegratedwiththeclientasmostpeoplewant;you configuresigning,encryption,anddecryptionintheproxy programratherthaninthemailclient.Too,whenusinga proxy,youwon’tgetan“encryptandsign”buttonormenu optioninyouremailclient;instead,you’llhavetoopenthe proxyprogramandsay“Encryptallmessagesnow”or“Encrypt messagestothisemailaddress.”(PGPusesaproxytohandle messages,asI’lldiscussinChapter9.)
Plug-Ins Theotheroptionisplug-ins,whichareusedbyGnuPG. Aplug-inintegrateswithyouremailclient,providing“sign” and“encrypt”buttonsdirectlywithintheclient. Eachmailclientplug-inisunique,whichmeansthata plug-indesignedforMicrosoftOutlookwillnotworkinMozilla Thunderbird. Becauseplug-insarewrittenseparately,eachbehaves slightlydifferentlyandhasadifferentinterface.Usually,the plug-iniswrittentolooklikeit’spartofthemailclientprogram;integrationisthewholepoint,afterall!(I’lldiscuss GnuPGplug-insforthethreemostpopularWindowsemail clientsinChapter10.)
Saving Email—Encrypted or Not? Likemanypeople,Isaveallmyoldemail2becauseIfinditvery usefulforreference.Infact,I’veworkedatcompaniesinwhich savingeverypieceofemailfromyourmanagerwastheonly wayyoucouldkeepyourjoblongerthanamonth. OpenPGPpresentssomeinterestingproblemswhen archivingmail,however.Forexample,whenyousendsomeone encryptedemail,thereadermustusetherecipient’sprivate keytoreadit.However,becauseyoudon’thavetherecipient’s 2
Ihaveacompletearchiveofmyemailsince1985,minusonlypiecesthatI havedeliberatelychosentodelete.Isuspectthatthemereexistenceofthis archivewillbesubmittedasevidenceatmyeventualsanityhearing.Thator mypublisherwillpublishitall.Imean,theguypublishedabookcontaining nothingbutmessageswrittentospammers!Ican’timaginewholethimoutof hiscage,letalonegavehimajob. OpenPGP and Email
119
privatekey,youcan’treadthemailthatyousent,eventhough youcreatedit!
Saving Unencrypted Email Someemailclientplug-insallowyoutosavemailasunencrypted.Theproblemwithchoosingthisoptionisthatitwill protectyouremailduringtransitandwhileontherecipient’s computer,butnotonyourharddrive.Anyonewhocanaccess yourcomputerwillbeabletoreadthoseencryptedmessages. Althoughthisoptionmightbefineinacorporateenvironment,ifyou’reinatotalitariancountrybeingthreatenedby someuglymanwitharustymacheteandseriousangerissues, thosemessagesjustmightmeanlifeanddeath(foryourcorrespondents,ifnotforyou).(Iwishthiswereajoke;infact, OpenPGPhassavedlivesinexactlythissituation.) Onepopularoptionistosaveallyouremailunencrypted, butonanencrypteddiskpartition.Wediscussthisbrieflyin Chapter11.
Encrypt to Self Anotherpopularoptionistoalso“encrypttoself”(inother words,toencryptthesavedemailwithyourpublickeysothat youcanopenitusingyourprivatekeyandpassphrase).Using thisoptionwillstoppeoplefromgettingthedocumentevenif yourcomputerisstolen,anditisoftenagoodmiddleground formanypeople.(YoucangetthesameeffectinanemailclientthatsavessentmailasencryptedbyCc-ingyourselfwhen yousendtheoriginalmessage.) N O TE
Ifyou’reusingaproxyprogramtoprovideOpenPGPservices,themail clientwillseeonlyunencryptedemails.Thismeansthatyourmailis alwayssavedunencrypted. We’lldiscusswhichoptionseachpieceofsoftwareprovides (ifany)inthenexttwochapters.
Email from Beyond Your Web of Trust PeopleacrosstheworlduseOpenPGP,andyoudon’tknowall ofthem.Chancesarethatyourkeyringwillstartoffpopulated withkeysforfriendsandcoworkers,andslowlygrowasyou communicatewithmoreOpenPGPusers.Ifyoureceivean encryptedemailfromacountryonthefarsideoftheworld, however,it’squitepossiblethatyouwillhavenobodyincommonandhenceyouwon’treallybeabletotrulyverifytheir identity.Whatdoyoudo? 120 Chapter 8
OnepossibilityistouseonlythecorporatePGPkeyserver andonlycorrespondwithpeoplewhousethatkeyserver.PGP Corporation’skeyserversignspublickeysafteritverifiesthe emailaddressthey’reattachedto. However,OpenPGPiscalled“open”becauseanyonecan implementit,andyoucan’tcontrolwhowillsendyouemail anymorethanyoucancontrolwhosendsyoupostcards.IcorrespondwithpeopleallovertheworldwhouseOpenPGP,and quiteafewhavepublickeysthataren’tevenvaguelyhooked intomyWebofTrust.HowcanItrustthem?Herearemythree choices: •
ExpandmyWebofTrust
•
TracetheWebofTrusttothatperson
•
Usethekeybutlimitmytrustofthesender
Expanding Your Web of Trust ThemostcorrectansweristoexpandyourWebofTrust. Exchangesignatureswithmorepeople,evenpeoplewith whomyou’renotlikelytoexchangeencryptedmail.More peoplethanyoususpecttravelbetweencompanies,countries, continents,andcultures.Signtheirkeysandhavethemsign yours,whichwillembedyoumoredeeplyintheWebofTrust, makingiteasierforyoutoreachothersandforotherstoreach you.Thistakestime,however,andifyoureceiveamysterious emailyoudon’twanttowaitweeksormonthstoreadit.
Tracing the Web of Trust SearchGooglefor“PGPpathfinder”andyou’llfindanynumberofwebsitesinwhichyoucantracethepaththroughthe WebofTrustbetweenanytwoOpenPGPkeysavailableon publickeyservers.Thesesitesusethekeyidforthetwokeys involved(remember,thekeyidisjustthelasteightcharacters ofthefingerprint).Themorepathsthatexistthroughdifferentpeople,themorelikelyIamtotrustthatkey.Having hadmykeysignedatacoupleofdifferentkeysigningparties, IwouldexpecttohaveseveralpathstoanyoneintheWebof Trust. Forexample,supposethatafterpublishingthisbookIget anemailfromsomeonewhoclaimstobePhilZimmermann, theoriginalcreatorofPGP.Thekeyidofthemessagesender isB2D7795E.IcangrabPhilZimmermann’spublickeyfroma keyserver,orfromhiswebpage,butit’spossiblethatsomeone uploadedaboguskeyforhimjusttofoolpeoplelikeme. OpenPGP and Email
121
IvisittheWebofTrustpathfinderatwww.cs.uu.nl/people/ henkp/henkp/pgp/pathfinder(Google’sfirstresult)and enterthekeyidofthemessageIreceivedandmykeyid.This servertellsmethatthereareeightdisjunctpathsbetweenthis keyandmine.Inotherwords,mykeyislinkedtotheotherkey byeightdifferentpathsthathavenopeoplewhatsoeverincommon.Forthatkeytobefake,thefakerwouldhavehadtofool awholelotofpeople.AlthoughIhavenevermetPhilZimmermann,Iwouldbelievethatthiskeyislegitimate.(Iftheonly pathhadbeenthroughoneofmyincorrigiblepracticaljoker friends,oriftherehadonlybeenonepath,Iwouldhavebeen farmoresuspiciousandinfinitelylesstrusting.) MostoftheseWebofTrusttracingprogramsarebased onwotsap,afreelyavailablePythonprogramdesignedtotrace relationshipsbetweenkeys.WotsapisavailableatmanyInternetsites;ifyou’reseriouslyinterestedinanalyzingtheWebof Trust,Isuggestyoustartthere.
Repeatable Anonymity Nomatterwhatyoudo,onedayyouwillreceiveanOpenPGPencryptedmessagefromsomeoneyoudon’tknow,whose keyyoucannotverify,andwhoisnotintheWebofTrust. Whatdoyoudo? Well,youhavethreechoices.One,youcandeletethemessageunread.Two,youcanleavethemessagesittingaround untilyoucanverifytheowner’sidentity.Three,youcaninstall thesender’spublickeyandreadthemail,whichisactuallyperfectlysafe. “Safe?Howcanitbesafe,whenyoucan’tverifythe identityofthesender?”Becauseinstallinganypublickey isharmless:Anunknownkeyonyourpublickeyringwon’t causeyourmachinetobeinsecure,can’tleakyourpassphrase totheworld,andwon’tallowMallorytostealyourbank records.(Yes,Mallorycouldfinda“magicpublickey”that wouldexposeasoftwarebuginyourOpenPGPimplementationanduseittocrackyourmachinewideopen,butboth PGPandGnuPGhandlekeysverycautiouslyandareaudited forjustsuchproblems.) Untrusted,unknownkeysthataren’tattachedtoyour WebofTrustcanactuallybeextremelyusefulforanonymous orpseudonymouscommunications.Forexample,whenI beganthisbookIaskedfortechnicalreviewersonvarious OpenPGP-relatedmailinglists.Apersonwhoregularlymade valuablecontributionstoaGnuPGlistunderafairlyobvious
122 Chapter 8
pseudonymofferedtoreadthebook.Ihavenoideawhothis personisintherealworld.Ihavenoideaofhiscredentials, otherthanhisintelligentcontributionstothelist.Idon’teven knowifheisreallyahe,she,it,orperhapsevenahyperintelligentmousewhoisattemptingtoengagemeinhislatest overcomplicatedplantotakeovertheworld.Ihavethis person’sOpenPGPpublickey,however.WhenIreceivean emailsignedorencryptedwiththatkey,Iknowthatthesender hasthematchingprivatekeyandpassphrase.Theauthoris pseudonymous,andyetIknowthathe’sthesamepersonevery time.Animpostorwhowantedtoassumethisperson’sidentity wouldhavetogetthepassphraseandprivatekeyfromthereal person,andthenbeabletowriteemailinthesamestyleand withthesameknowledgeastheoriginalperson. Thisfeatureisveryusefulforanyonewhohastodeal withanonymoussourcesonaregularbasisorwhowantsto remainanonymousforthepresentbutreservetheoptionof provingtheiridentitylater.Forexample,imagineacorporate whistleblowerwhowantstoanonymouslyleakinformation. AstringofOpenPGP-signedmessagesisaperfectwaytodo this.Thewhistleblowercandistributeincriminatingdocuments,allsignedwithOpenPGP.Afterthecorporategiantis destroyedandtheCEOcartedofftojailforbeingreally,really naughty,thewhistleblowercanprovethathewasthedocument sourcebyproducingtheprivatekeyandpassphrase—ornot. Therealquestionhereis“Howfardoyoutrust?”Addinga keytoyourkeyringdoesn’tmeanyouhavetosignitorbelieve whattheemail’sauthorwrites;itonlymeansyoucanreadthe sender’smessageandmakeupyourownmind.Ifyoudecide thatthepersonisfullofbaloney,youcanremovethekey fromyourkeyringandhaveyouremailclientdeletefurther messagesunread.Ifyoudecidetocorrespondwiththeperson further,atleastyouknowthatsubsequentmessagesarefrom thesameperson. IfyoucanusekeysdisconnectedfromtheWebofTrust, doesthismaketheWebofTrustlessuseful?Notatall;theWeb ofTrustiswonderfulforverifyingtheidentitiesofcorrespondents,especiallywhenyouusepathtracing.TheWebofTrust isagreatwaytoverifythatyouarewhoyouclaimtobe. Bythesametoken,theWebofTrustisnotastraitjacket; usingOpenPGPwithouttheWebofTrustprovidesdifferent possibilities.WithouttheWebofTrust,tryingtoprovesomeone’sidentityislikesearchingatmidnightinacoalcellarfora blackcatthatisn’tthere.TheWebofTrustgivesyouanetand aflashlight,oratleasttellsyouthatthecatmightbeatiger.
OpenPGP and Email
123
Unprotected Email Components OpenPGPgoesthroughanynumberofhoopstoprotectthe contentsofthemessage,butyoushouldrememberwhatit doesn’tprotect.Inparticular,OpenPGPdoesnotencryptthe subjectlinesinemail.Asubjectsuchas“Ransompickupat 8PM,CityPark”doesn’tleavemanyquestionsforanyonewho interceptsyouremail.EmailmessagessentwithPGPshould haveinnocuoussubjects(orperhapsnosubjectatall). Also,yourmailclientmightdefaulttostoringunencrypted versionsoftheOpenPGPemailsthatyousend.Besurethat youknowhowyourOpenPGPsystemstoresmessages.MypreferredOpenPGPmailclient(mutt)storesthesentmessages inencryptedformat,whichmeansthatIcannotreadmessages thatIhavesentunlessICcmyself.Somepeoplefindthisirritating,andconfiguretheirmailclientstostoresentmessages inunencryptedformat. Thisreallyisamatterofwhatbestsuitsyourneeds.Ifyou areunconcernedaboutsomeonewhogetsaccesstoyourcomputerbeingabletoreadyoursentmails,fine.Ifyouareina life-threateningsituation,however,itisbesttokeepyoursent messagesencrypted,asI’lldiscussinthenexttwochapters. YounowknowenoughtoactuallyuseOpenPGPandthe WebofTrustinday-to-daywork.Let’sseehowtoconfigure emailclientsunderbothGnuPGandPGP.
124 Chapter 8
9
PGP AND EMAIL
PGPmakesemailuseaseasy aspossiblebymanaging muchofOpenPGP’scomplexityforyou,soitisanexcellent choiceasanemailplug-inforpeoplewho wantencryptedemailto“justwork.”The PGPCorporationiscommittedtomaking OpenPGPsimpletouse. OnewaythatPGPmakesmanagingemaileasyisthrough policy-basedencryptionandsigningrules.Youdefinerules thatdictatehowPGPtreatsmessages,andthesoftwarewill automaticallyencryptandsignemailsasyourequire.PGP transparentlyinterceptsalltheemailyousendandreceive, processesitaccordingtoyourpolicies,andreinjectsthe messagesintotheemailsystemforprocessing.Thisprocess workswithanyemailclientandeliminatesanychanceof yoursaying“Oops!Iforgottoencryptthatlastmessage!”
PGP and Your Email Client ConfiguringyouremailclienttoworkwithPGPissimple.After youinstallPGPDesktop,theprogramlurksinthebackground, waitingforyoutosendanemail.Whenitdetectsanemailin progress,PGPDesktopwillintercepttherequestanddisplay adialogboxaskingifyouwanttosecurethisemailaccount. AnswerYesandgotothenextscreen.You’llbeaskedtochoose betweengeneratinganewPGPkey,usingyourexistingPGP Desktopkey,orimportingaPGPkeypair.ChoosePGPDesktopKeyandselectyourprivatekeyfromthelist.That’sit!You haveconfiguredthisemailaccounttoworkwithPGP. Be sure to run PGP Desktop any time you send email. If your PGP proxy is shut off, it cannot intercept your mail for you. Any mail you send will be unencrypted and you cannot read any encrypted mail you receive! What’s more, you might not even notice that your outgoing mail isn’t encrypted. Watch for the little padlock icon of PGP Desktop in the lower-right corner of your desktop.
IfyouhaveproblemswithPGPinterceptingyouremail, yourmailclientisprobablyusingasecureconnectiontoyour mailserver.Thesesecureconnections,alsocalledSSLconnections,preventPGPfromproxyingyouremail.Checkyouremail accountsettings;mostemailclientshaveadialogwindowin whichyouenteryouremailserversandacheckboxlabeled somethingsimilartoThisServerRequiresASecureConnection.Confirmthatboxisnotchecked.Ifyourmailserveroffers SecureSocketsLayer(SSL)connections,PGPDesktopwill automaticallydetectthatcapabilityanduseit,butyoucannot letyourmailclienthandlethatitself.
Identifying OpenPGP Mail BecauseallOpenPGPactivityishandledentirelybytheproxy, youremailclientisnotinvolvedinthePGPprocess.Received messagesappearentirelyincleartext,butthePGPproxyaddsa linelikethistothetopofthemessage: * PGP Signed: 9/22/07 at 11:45:28
Attheendofthemessage,PGPaddstwoadditionallines, listingtheuserID(UID)oftheauthorandthekeyid.
126 Chapter 9
Forexample,amessagefrommewouldincludethe following: * Michael Warren Lucas Jr (Author, consultant, sysadmin) * 0xE68C49BC
Theselinesaretheonlynoticewithintheemailmessage thatPGPwasinvolved,sobesuretowatchforthem!
Email Storage Anothersideeffectofanemailproxyisthatallemailisstored unencryptedonyourlocalcomputer.Ifyouhaveconfidential datainyouremailandcomputertheftisaconcern,besureto protecttheemailonyourharddrive.PGPDesktophasfeatures toencryptanddecryptfilesandfoldersthatyoumightwishto usetoencryptyourentiremailarchive.You’dhavetounencryptthemailarchivetosendandreceivemail,ofcourse,but insomecircumstancesthat’ssaferthanhavingyouremailpublic.(PGPDesktop’sVirtualDisksoftwareallowsyoutoencrypt anddecryptpartitionsorcreateencryptedvirtualpartitions, whichareencryptedfilesthatcanbeusedtostoredatamuch likeavirtualfloppydisk.)
PGP Policies PGPDesktopdoesn’taddanybuttonstoyouremailclient,so whenusingityoucan’tdecidewithintheclientwhetherto encryptorsignparticularmessages.Thosedecisionsareall madeintheproxy,whichisconfiguredviaPGPDesktop.This ensuresthatyouruseofPGPisconsistent;youcannotforget toencryptaconfidentialmessageafteryoutellPGPDesktop thatmessagesofthattypeareconfidential.Tomanagethe proxyyoumustknowhowtocreateandmanagePGPpolicies. TomanageyourPGPpolicies,openthePGPDesktopand selecttheMessagingtab.Youshouldseetwopolicyoptions: NewMessagingPolicyandEditPolicy.Themainwindowof PGPDesktopalsoshowsyourcurrentpolicylist,asshownin Figure9-1. PGPDesktopincludesseveraldefaultpolicies.These defaultswillsufficeformostpeople,butyoumustunderstand themtousePGPsuccessfully.Thefourpoliciesincludedin PGP9.0areOpportunisticEncryption,RequireEncryption, MailingListSubmissions,andMailingListAdminRequests (discussedinthefollowingsections).
PGP and Email
127
Figure 9-1: PGP Messaging showing active security policies
Opportunistic Encryption OpportunisticEncryptionsimplymeans“Useakeyforaparticular recipientifyoucanfindit.”Ifyoureceiveemailfromaparticularcorrespondentandyourkeyringhasapublickeyforthis person,PGPwillusethatkeytoencryptthemessagebefore sending.However,ifyourkeyringhasnokeyforthisperson, PGPwillconsultitskeyserversforanappropriatekeyanduse itiffound.(Bydefault,PGPusesthePGPGlobalDirectory keyserver,whichworksperfectlyforcorrespondingwithany PGPuserandwithOpenPGPuserswhohavesubmittedtheir keystothiskeyserver.SeeChapter6forinstructionsonaddingadditionalkeyservers,ifdesired.)Ifnopublickeyisfound forthiscorrespondent,PGPsendsthemessageunsignedand unencrypted.
Require Encryption RequireEncryptiontellsPGPthatamessagetoaparticularrecipientmustbeencrypted.IfPGPcannotencryptthemessage, themessageisrejected;whenyouclickSend,you’llseeawarningsomewhatlikethis: An error occurred while sending mail. The mail server responded: No encryption key found for recipient: mwlucas@blackhelicopters .org. Please check the message and try again.
ThistellsyouthatPGPinterceptedthismessagebut couldnotfindapublickeyfortherecipient,soitrejectedthe message. 128 Chapter 9
ToactivatetheRequireEncryptionpolicy,putthestring [PGP](includingthesquarebrackets)somewhereinthe subjectofyouremail.PGPwillseethisstringandengagethe policy.
Mailing List Submissions TheMailingListSubmissionspolicyisdesignedtocatchemails tomailinglistsbecausemessagessenttoapublicforumshould neverbeencrypted(afterall,whosekeywouldyouuse?).You canstillsignthesemessages,however,sothateveryoneknows thattheyreallyarefromyou. TheMailingListSubmissionspolicyiscontrolledbythe emailaddressyouaresendingmailto.Asofthiswriting,any emailaddresscontaining-users@,-bugs@,-docs@,-help@, -news@,-digest@,-list@,-devel@,and-announce@ishandled bythispolicy.(ToseethecurrentlistforyourversionofPGP, selectMessagingEditPolicyMailingListSubmissions.) Forexample,IsubscribetotheNetBSD-usersmailinglist, withanemailaddressof[email protected].AnymailI sendtothisaddresswillbesignedbutnotencrypted. N O TE
Thispolicydoesn’tcoverallpossibleemailmailinglists,ofcourse,but we’lllearnhowtoaddacustompolicylater.
Mailing List Admin Requests Finally,theMailingListAdminRequestspolicyisusedwhen managingsubscriptionstomailinglists(manymailinglists aremanagedviaemailmessages). Howoftenhaveyouseenaninstructionsuchas“Send mailto[email protected]togetonourmailinglist”? Theprogramsthatreadtheseemailscannotunderstand OpenPGP,andmightinterpretyoursignedorencrypted emailunpredictably. ThisPGPpolicyhandlesrequeststoanyemailaddress thatcontains-subscribe@,-unsubscribe@,-report@,-request@, and-bounces@.(Toseethecurrentlistforyourversionof PGP,selectMessagingEditPolicyMailingListAdmin Requests.) Thesefourpoliciesareprocessedinorder,withthefirst matchingpolicyhavingprecedence.Toseethecurrentpolicy order,selectPGPMessagingfromtheleftsideofthePGP Desktoptodisplaythelistofsecuritypolicies. N O TE
Tochangetheorderinwhichthepoliciesareprocessed,chooseEdit Policiesontherightofthepolicylist. PGP and Email
129
Creating Custom Policies Notsurprisingly,almosteveryone’semailactivityismore complicatedthanfoursimplerulescanexpress.You’llhave correspondentstowhomyouwillwanttosendonlysigned (notencrypted)messages,eveniftheyhaveapublickeyona keyserver;youmighthaveothercorrespondentswithanemail addressthatmatchesanotherpolicybuttowhomyouwantto sendonlyunencryptedandunsignedmailbecausethey’reconfusedbyencryptionorsignatures.Forthesespecialcases,you willneedtocreatecustompolicies.Tocreateacustompolicy inPGPDesktop,selectMessagingNewMessagingPolicyto displayablankMessagePolicytemplateliketheoneshownin Figure9-2.
Figure 9-2: A blank Message Policy template
EnteradescriptionofyourpolicyintheDescriptionfield. Youmustthendefinetheconditionsunderwhichthepolicy willtakeeffect,theactionsthatwillbetakenwhentheconditionsaremet,andwhattodoifthedesiredactionsfail. Conditions Thefirstsectiondescribestheconditionsunderwhichthe policywillbeapplied.Youcandefineseveralconditionsand declarethatifall,any,ornoneoftheconditionsaremetthe policywillapply.PGPletsyoubuildconditionsbasedonthe email’srecipient,recipientdomain,messagesubject,message header,messagebody,messagepriority,ormessagesensitivity,allavailablethroughdrop-downboxes.Forexample,you couldsaythatifthemessageissenttoaparticularaddresswith 130 Chapter 9
aparticularsubject,itmustbeencrypted,butthatotherwise messagesshouldpassincleartext.Let’slookateachofthese optionsandseewhenandhowtheymightbeused. •
TheRecipientistheemailaddressofthepersonwith whomyouarecorresponding.Forexample,youmight createapolicytodictatethatanymessagetome, [email protected],mustbeencryptedand signed.(Ofcourse,theOpportunisticEncryptiondefault policyshouldmakethishappenforyou,anyway.)
•
Similarly,theRecipientDomainisthedomainnameof theemailaddressofthepersonwithwhomyouare corresponding.Forexample,theRecipientDomainfor myemailaddress([email protected])is blackhelicopters.org.Asanotherexample,youmightwant tosendallemailtoaservicesuchasGmailunencrypted; GmaildoesnotofferPGPtools.
•
TheMessageSubjectoptionallowsyoutochoosemessage subjectsthatwilltriggerencryption.Forexample,you couldwritearulethatsays,“Anymessagewithasubjectof SecretProjectmustbeencryptedandsigned,”muchlike thedefaultpolicyinwhichanymessagewithasubjectof [PGP]mustbeencryptedandsigned.Whenyoucompose amessagewithasubjectofSecretProject,PGPwillautomaticallyintercept,sign,encrypt,andtransmitthatmessage foryou.
•
Somemailclientsallowyoutoinsertcustomizedmessage headersintoyouremailmessages.Youcanwriteapolicy thatactsdependinguponthecontentofthoseheaders. Ifyoudon’tknowwhatmessageheadersare,don’tworry aboutit;youdon’tneedtounderstandemailheadersto usePGP.
•
MessagePriorityandMessageSensitivityaresetwithinthemail clientwhenyoucomposeamessage.Mostclientswilloffer theseoptions,thoughfrequentlythey’redifficulttolocate. However,thissortoffilteringisbettermanagedbyeither recipientorsubjectrules.Forexample,youcouldwritea policythatsays“Ifthesensitivityisconfidentialorgreater, encryptandsign.”
Afteryouhavesetyourconditions,youcandetermine whetherthepolicyrequiresallconditionstobemet,anyofthe conditionstobemet,ornoneoftheconditionstobemet.The plussignnexttotheconditiondescriptionletsyouaddadditionalterms. PGP and Email
131
Actions ThenextsectionintheMessagePolicydialogbox,PerformThe FollowingActionsOnTheMessage,tellsPGPDesktopwhat todowhentheconditionsyousetaremet.Yourchoicesare eitherSign,Encrypt,orSendInCleartext. Ifthispolicysendsemailincleartext,you’redone. Ifyouchoosetoencryptorsignmessagesthatfitthispolicy,youcanalsochoosewhichsortofencodingyouwishtouse forthismessage.(WediscussedinlineandPGP/MIMEencodinginChapter8.) Ifyouchoosetoencryptmatchingmessages,youcan choosewhichkeytousetoencryptthemessage.Thedefault optionisanUnverifiedKey,meaningakeythatyouhavenot personallysigned.AVerifiedKeyisonethatyouhavesigned. Youcanalsoexplicitlyencryptthemessagewithanexplicitlist ofpublickeys. Exceptions Ifyourpolicyencryptsmatchingmessages,youmustdecide whattodoifPGPDesktopdoesnotalreadyhaveakeyforthat recipient.YoucanhavePGPDesktopsearchforthekey,send themessageincleartext,orblockthemessage. Bydefault,PGPDesktopwillsearchallconfiguredkeyserversforapublickeyforthisrecipient.Ifitfindsamatchingkey, itwillautomaticallydownloaditandencryptthemessagewith thatkey.Ifitdoesnotfindamatchingkey,youcanhavePGP eithersendthemessageincleartextanywayorblockthemessageentirely.Thisoptionisgenerallythemostuseful. WiththeSendInClearoptionyoucanmakePGPDesktop notsearchforamatchingkeyonakeyserver,butjustsendthe messageunencryptedanyway,eventhoughyouexplicitlystated earlierthatthismessagemustbeencrypted.Forexample,supposethatyourpolicysaysthatallemailwithasubjectofSecret Projectmustbeencrypted.Ifyoudonothaveakeyforthe recipientonyourkeyringandyouselectthisaction,themessagewillbesentunencryptedanyway. YoucanalsohavePGPblockthemessageentirelyifit doesn’thaveakeyalreadyonitskeyring.Thismakessensein high-securitysituationsinwhichyoumustretaincontrolover thespreadofinformationandthecontentsofyourkeyring.
Sample Custom Policy: Exceptions to Default Policy Inmostcases,PGPDesktop’sdefaultpoliciesaresufficient. ThecasesinwhichIfindcustompoliciesmostusefularewhen 132 Chapter 9
IneedtomakeaparticularexceptiontoapolicyorIwantto changeadefaultpolicy. Forexample,Iworkwithasoftwarevendorwhohas asupportmailingaddressof[email protected], whichhappenstomatchanaddressusedintheMailingList Submissionspolicy,whichtellsPGPDesktoptosignthemessage.WhenIsignanemailtothisaddress,however,oneofits supportpeopleinevitablyasksmeaboutthe“stuff”attheend ofthemessage.ItmightbeclearlylabeledBEGINPGPSIGNATURE,butthis$8/hoursupportguy,whosepreviousjob involvedindustriallawnequipment(plus,ifhehadseniority, perhapsabandana),hasneverheardofPGP.Idon’thavethe energytoeducatethestaff,soit’seasiertosimplynotsignmessagestothataddress.Todoso,Imustcreateacustompolicyto overridethedefaultpolicy. Similarly,IhaveafriendwhopublishedanOpenPGPkey severalyearsagobutwhonolongerusesanysortofPGPsoftware.ImusttellPGPtoneverencryptmailtohim,nomatter what,becausehewon’tbeabletoreadit.1Icanhandleboth situationswithacustompolicy,asshowninFigure9-3.
Figure 9-3: Custom PGP Message Policy
Thiscustompolicyensuresthatanymailtothevendorwill besentunencryptedandunsigned,makinglifeeasierforboth thesupportpeopleandmyself.Myfriend’semailaddressis alsoonthislist. N O TE
BecauseIselectedSendInClear,alltheoptionsaboutkeyprocessing havevanished. 1
Ifhehadbeensufficientlywisetoputanexpirationdateonhiskey,this wouldnotbeaproblem.
PGP and Email
133
IcouldexpandthispolicyasIdiscovermorepeoplewho shouldneverreceiveOpenPGPmailfromme.
Sample Custom Policy: Overriding the Defaults MostpeopleIcorrespondwithusethemessageformatPGP/ MIME,andareannoyedwhentheyhavetoreadmailininline format(thePGPDesktopdefault).Tosolvethisproblem,I canoverridetheOpportunisticEncryptionpolicywithmyown andtellPGPtousePGP/MIMEinsteadofinlineformatfor allemailthatIcanencrypt.Todoso,IgointoPGPDesktop’s PGPMessagingsection,chooseEditPolicies,andthencopy theexistingOpportunisticEncryptionpolicytogetagood startingpoint,asshowninFigure9-4.
Figure 9-4: Setting the default message format to PGP/MIME
AsyoucanseeinFigure9-4,Iusedtheasteriskwildcardas therecipientdomain;Ididsotoensurethatanymailsentanywherematchesthisrule. Weencryptbydefault,butnotethatthePreferEncoding fieldsaysPGP/MIME,whichbecomesournewdefault.Icould createsimilarrulestomatchtheRequireEncryptionpolicy, butchancesarethatanyonerelyingonthatpolicyisalready usingPGPDesktopanddoesn’tcarewhatformatthemessage arrivesin.
Custom Policies Order and Disabling Policies Newpoliciesareautomaticallyplacedatthetopofthepolicy listundertheassumptionthatyoucreatedthesepolicies 134 Chapter 9
becauseyouwantthemtotakeeffectbeforeanyofthedefault policies! Thisisn’talwaysthecase,however.Forexample,oursecondcustompolicy(thePGP/MIMEoverride)matchesany emailsentanywhere,butwedon’twantmessagestomailing liststobeeitherencryptedorsigned.Therefore,thispolicy shouldgosecondtolast,rightabovetheOpportunisticEncryptionpolicy.Toputitthere,gotothePGPMessagingportion ofPGPDesktopandselectEditPolicy,asshowninFigure9-5.
Figure 9-5: Editing PGP policies
Policiesareprocessedintheorderinwhichtheyappear intheSecurityPolicieslist,andthefirstpolicythatmatches isused.Inthisexample,thefirstcustompolicy,Cleartext Exceptions,isfirst,whichmeansthatanyemailaddressthat matchesthislistshouldbesentunsignedandunencrypted, nomatterwhat. Toentirelydisableapolicy,includinganydefaultpolicy youdon’twant,deselectthegreencheckboxnexttothat policy. NoticethatImovedthePGP/MIMEoverridepolicytobe locatednexttolast.Asmessagesarehandledaccordingtothe firstmatchingpolicy,apolicythatmatchesallpossiblemessageswouldpreventanypoliciesthatappearbeneathitfrom havinganyeffectatall! Policiesgivealmostunlimitedflexibilityformanaging emailmessagesandensurethatyourmessagesareprocessed consistently.
PGP and Email
135
10
GNUPG AND EMAIL
UsingGnuPGwithemail clientscanbechallenging becauseGnuPGisacommandlineprogram,andtoday’smost popularmailclientsaren’t.Still,ifyou spendalittletimesearchingtheWeb,you canfindGnuPGplug-insforjustabout everypopularmailclientinmainstream use(althoughtheywilloffervaryinglevels offunctionalityandusefulness). ThischapterwillfocusonintegratingGnuPGwiththe threemostpopularWindowsemailclients:MicrosoftOutlook Express,MicrosoftOutlook,andMozillaThunderbird.
Microsoft Mail Clients and GnuPG BecauseneitherOutlookExpressnorOutlookallowthirdpartysoftwaretoaccesstherawMIMEheadersusedbyemail, theseprogramsdon’tworkwellwithPGP/MIMEmail.If, however,youcorrespondonlywithpeoplewhouseinline encoding,MicrosoftmailclientsandGnuPGwillworkfine. Youwillhaveproblemswhenpeoplesendyoumessagesin PGP/MIME,however. N O TE
AlthoughtheGnuPGteamhasavarietyofcleverideastomakePGP/ MIMEworkanyway,asofthiswritingnoneofthemisavailablefor publicconsumption. Ofcourse,youcannotcontrolwhosendsyouemail,and manypeopleusePGP/MIME.Ifyouwanttousefreesoftware andgetsickofsaying“I’msorry,couldyoupleaseresendyour mailencryptedinline,”Istronglyencourageyoutoinvestigate theThunderbirdmailclient.Itisjustaseasytouseaseither versionofOutlook,it’sfree,ithasmorefeatures,anditcan importmailandaccountsfromOutlookExpress.Nevertheless, we’llsoldieronandpushtheMicrosoftmailclientstotheir limitstoseehowwellwecanmakethemwork.
N O TE
BeforesendingorreadingOpenPGPemailwitheitherOutlookExpress orOutlook,besuretoaddyourcorrespondent’spublickeytoyour WinPTkeyring,asdiscussedinChapter7.TheGnuPGplug-inswill generatescary-lookingerrorsotherwise.
Outlook Express and GnuPG OutlookExpresscomesbydefaultwithMicrosoftWindows, whichmakesitoneofthemostcommonlow-endclientsinthe world.Itmeetsmostusers’needsandisfairlysimpletouse. GnuPG’sOutlookExpressplug-incomesbundledwith WinPT.IftheWinPTinstallerdetectsthatyouhaveOutlook Expressonyourcomputer,itshouldoffertoinstalltheplug-in foryou.(Thenagain,ifyoufollowedtheWinPTinstallation instructionsinChapter4,youshouldalreadyhavetheOutlook Expressplug-ininstalled!Ifyoudidn’tfollowthoseinstructionsbutwanttouseGnuPGwithOutlookExpress,reinstall WinPT.)
138 Chapter 10
Configuring Outlook Express for OpenPGP BecauseOutlookExpressdoesnothandlePGP/MIME,itwon’t readencryptedmessagecontentinanythingbutplaintext. ThismeansthatyoucannotencryptfancyHTMLmessages. BeforecomposingyoursecuremessagesinOutlookExpress, configuretheprogramasshowninFigure10-1.
Figure 10-1: The Outlook Express Options Send tab
1. GototheToolsmenuandselectOptions. 2. OntheSendtab,underMailSendingFormat,makesure thatPlainTextisselectedtoensurethatOutlookExpress willcomposemessagesthatwillbecompatiblewithinline encoding. 3. MakesurethatSendMessagesImmediatelyisnotselected. Ifyoutrytosignorencryptamessagebutfail(bymakingatypoonyourpassphrase,forexample),whenusing immediatemessagesending,OutlookExpresswillsendthe messageanyway—unsignedandunencrypted!YourmessagewillcrosstheNetcompletelyunprotected. N O TE
DeselectingSendMessagesImmediatelymeansthatyou’llhavetoclick theSend/Receivebuttontotransmityouremailinsteadofhaving OutlookExpressjusttransmitwhenyou’redonewritingthemessage. Italsomeansthatifyourfirstattemptatencryptionfails,youwill haveanopportunitytotryagain.
GnuPG and Email
139
Sending OpenPGP Mail TheGnuPGplug-inhasnovisibleeffectonOutlookExpress untilyouclicktheCreateMailbutton.Atthispoint,youshould noticetwoadditionaloptionsinyourNewMessagescreen, shownatthetoprightinFigure10-2:SignandEncrypt.(Ifyou usedMicrosoft’sproprietarydigitalsignaturesystem,youwill probablyrecognizethesebuttons;theGnuPGplug-inauthors simplyrecycledthem.)
Figure 10-2: Composing Outlook Express mail with GnuPG
Tosignyourmessage,composeyourmessageandclick Sign.ThismakesaredribbonappeartotherightoftheTo: line.ToencryptandsignthemessagechooseEncrypt,which willmakeasmallbluelocksymbolappeartotherightofthe Cc:line. N O TE
Notethatthisemailmessagehasnosubject—wedon’twantanyone whointerceptsthemessagetobeabletogleananyinformationabout themessagecontentsfromthesubject. WhenyouclickSend,GnuPGdisplaysadialogboxasking youtoenteryourpassphrase.Enterit,andyourmessageison itsway! Warnings and Caveats Youmightseeadditionaldialogboxeswhentryingtosendyour messageusingOutlookExpresswithGnuPG.Forexample, theplug-inmightaskyoutoverifywhichpublickeyyouwant touseforyourrecipient.Ifyouhavemultipleprivatekeysfor youremailaddressonyourkeyring,itwillaskyoutochoose whichkeyyouwishtosignthismessagewith.
140 Chapter 10
VERY IMPORTANT Remember that Outlook Express will send the message even if it is not successfully signed or encrypted! If you get a GnuPG error, check your outbox. Your message will be there, unsigned and unencrypted. Copy the message body into a new message, delete the unencrypted message, and try again. (Outlook Express stores sent messages in encrypted format.)
Receiving and Verifying Signed and Encrypted Mail WhenOutlookExpressreceivesainline-encodedOpenPGP message,theGnuPGplug-ininterceptsthemessageandeither automaticallyverifiesthesignatureorrequestsyourpassphrase todecryptthemessage.Ineithercase,theresultswillbedisplayedinapop-upwindow.Theoriginalmessageremainsinits originalforminOutlookExpress. WhenyoureceiveamessagethatisinPGP/MIMEformat, readingitisquitedifficultbecause,asyourecall,Outlook ExpressdoesnotgiveGnuPGaccesstotherawMIMEheaders necessarytodecryptmessageswithinOE.(Youcantrytocrack itopenyourself,however,fromthecommandline,asIdiscuss under“DecryptingPGP/MIMEMessageswithMicrosoftMail Clients”onpage145.)
Outlook and GnuPG TheGermangovernmentsponsoredthecreationofahighquality,freelyavailableGnuPGplug-infortheOutlook program.Thisplug-in,calledGPGol,isnowmaintainedby g10code,aGermanfirmthatprovidessupportforGnuPG andrelatedsoftware.(Youcanfindlinkstotheplug-inon g10code’swebsiteatwww.g10code.com.)Touseit,grabthe mostrecentversionoftheOutlookplug-in,downloadit,and extractthefiles;thenfollowtheinstallationinstructionsinthe followingsection. N O TE
ThefollowinginstructionsarefortheversionofGPGolavailableat presstime.Thelimitationsmightbeeliminatedinthefuture,sobesure tocheckthedocumentationfortheplug-inyoudownloadforupdates!
GnuPG and Email
141
Installation GPGollacksafancyinstaller,butinstallationisquitesimple. TheZipfilecontainsonlytwo.dllfilesandatextfileofinstructions.Readtheincludedinstructionsjusttobesurethatthe processisunchanged,butforthepastseveralreleasesthe installprocesshasbeenasfollows: 1. Copythe.dllfilestoyourWindowssystemdirectory(either C:\winnt\system32orC:\windows\system32,dependingon whichversionofWindowsyou’rerunning). 2. Openacommandpromptandtypethis: C:> regsvr32 gpgol.dll
ThiswillregistertheGnuPG/Outlooklibrarywiththe operatingsystem.
Configuring the Plug-In UnliketheOutlookExpressplug-in,theGnuPGplug-indoes notrequireyoutoconfigureOutlookinanyspecialway.If youmakeatypowhenenteringyourpassphrase,theOutlook GnuPGplug-inwillletyoutryagainratherthansendingthe messageunencrypted,aswithOutlookExpress. Withtheplug-ininstalled,restartOutlook,thengotothe ToolsmenuandchooseOptions.You’llseeanewtabcalled GnuPG,whichallowsyoutoconfigureyourGnuPGsettings. BeforesettingupGnuPGwithOutlook,however,setOutlook tocomposeplaintextemailsinsteadoffancyHTMLtext.Goto theMailFormattab,asshowninFigure10-3. Thefirstdrop-downboxunderMailFormatallowsyouto setOutlook’sdefaultmessageformat.SetthistoPlainText, asshownhere.NotonlywillthismakeOutlookworkwellwith GnuPGbutitwillalsomakeyouremailmorecompatiblewith emailfromreadersnotusingMicrosoftsoftware. NowgototheGnuPGtab,asshowninFigure10-4.The functionofmostofthesettingsshouldbeobvioustoyounow (signnewmessagesbydefault,encryptbydefault,andsoon), butwe’lldiscussthembriefly.
142 Chapter 10
Figure 10-3: The Microsoft Outlook Mail Format tab configured for GnuPG
Figure 10-4: The Outlook GnuPG tab
GnuPG and Email
143
Checkboxes IfyouchooseEncryptNewMessagesByDefault,anytimeyou sendanemailOutlookwilldisplayadialogboxaskingyouto selecttherecipient’skey.Ifyoudonothavetherecipient’skey inWinPT,youcancanceltheencryptionatsendingtime.Outlookwillnotautomaticallydownloadkeysuponrequest. Ifyousignnewmessagesbydefault,GnuPGwillsignevery emailmessageyousend,whichwillconfusepeoplewhohave noideawhatOpenPGPis. TheSaveDecryptedMessageAutomaticallyoptiontells theplug-intosavethemessageinreadable,plaintextform(as discussedin“SavingEmail—EncryptedorNot?”onpage119) Ifyouneedtoprotectyourdocumentsevenifyourcomputer isstolen,definitelyleavethemessagesencrypted. TheAlsoEncryptMessageWithTheDefaultKeyoption willmakeGnuPGencrypteverymessageyousendwithyour publickeyaswellastherecipient’s(orrecipients’).Thismeans thatyoucanuseyourpassphrasetoopenmailthatyouhave senttosomeoneelse.Thisprocessmightormightnotfitin withyoursecurityrequirements.Forexample,ifyouworkina dangerousarea,beingabletodecryptthemessagesyouhave sentmightputyourfriendsorcoworkersatrisk.However,if you’rejustanemployeeconcernedaboutsecuringyourdocumentsincaseyourlaptopisstolenonthesubway,thismightbe agoodidea.Thethiefwon’tbeabletoreadtheseemailswithoutyourpassphrase,afterall.(We’lldiscussthistopicinmore detailinChapter11.) Passphrase Theplug-incanrememberyourpassphraseafteryoutypeit,so ifyouhavetoworkwithseveralOpenPGPmessages,youdon’t havetotypeyourpassphraserepeatedly.Bydefault,thepluginremembersyourpassphraseuntilyouexitOutlook.(Thisis thesettingfor0seconds.)Isuggestsettingthistosomething like120seconds—longenoughtogiveyousomebenefit,but notsolongthatifyougotothebathroomsomeoneelsecansit atyourdeskandsendmailinyournamewithoutenteringthe passphrase. Advanced TheAdvancedtabletsyouchoosethepathtotheGnuPGand WinPTexecutables,aswellasyourkeyring.Youcanusethis toswitchbetweenmultipleversionsofGnuPG—say,ifyou’re testinganewversionbutdon’twanttouninstallyouroldversionyet. 144 Chapter 10
Sending OpenPGP Mail TosendOpenPGP-encryptedmailfromwithinOutlook: 1. Createanewmailmessage,justasyouwouldwithout GnuPG. 2. Beforeyousendthemessage,lookundertheToolsmenu. You’llseethreeoptions:EncryptMessageWhileSending, SignMessageWhileSending,andAddDefaultKeyTo Message.Thelastoptionmakesiteasytohandyourpublic keytoanewcorrespondent,whereasthefirsttwosignor encryptthemessage. 3. WhenyouclickSend,theplug-inwillaskyouforyourpassphrase.Afteryousuccessfullyenterit,Outlookwillsend yourmailtotherecipient. Ifyouincludeaplaintextattachmentwithyourmessage, theplug-inwillencryptitseparately,andtherecipientwillsee itasaseparateattachment. N O TE
Remember,thoseattachmentscannotbebinarydatasuchasimagesor documents;inlineencodingworksonlywithplaintext!
Receiving OpenPGP Mail TheOutlookGnuPGplug-inmakesreceivinginline-encoded OpenPGPmailfromwithinOutlookverysimple.Whenyou clickamessage,GnuPGwilldisplayamessageboxrequestingyourpassphrase.Enterit,andOutlookwilldisplaythe message. Encrypteddocumentswillappearjustlikeanyother message;youronlywarningthattheyareencryptedisthepassphrasedialogbox.(Signedemailswillhaveaheaderatthetop thatindicateswhetherthesignatureisvalidornot.)
Decrypting PGP/MIME Messages with Microsoft Mail Clients I’vesaidallalongthattheGnuPGplug-insforMicrosoftmail clientsdon’tspeakPGP/MIME.Youcanworkaroundthis probleminalimitednumberofcases,however,bybreakingouttheGnuPGcommandline.(FordetailsonGnuPG command-lineoperations,seeAppendixB.) AllPGP/MIMEmessagesarriveasattachmentswiththe namemsg.asc.Iftheencryptedmessagedoesn’tincludeattachments(thatis,iftheencryptedattachmentdoesn’tinclude GnuPG and Email
145
furthersubattachments),youmightbeabletodecryptitby hand.Todoso: 1. Savemsg.asctoyourharddrive,openacommandprompt, andgotothedirectoryinwhichyouhavesavedthefile. 2. Usethe--decryptflagtogpgtodecryptafile.Forexample, thisiswhatitwouldlooklikeifmyfriendGregdecrypteda messageIsenthim(inresponsetoanearlieremailthathe sentme): c:> gpg --decrypt msg.asc You need a passphrase to unlock the secret key for user: "Greg E Donner " 1792-bit ELG-E key, ID 80154DE0, created 2007-08-14 (main key ID 46CD08E9) gpg: encrypted with 1792-bit ELG-E key, ID 80154DE0, created 2007-08-14 "Greg E Donner (key #3) " Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable Great, I'll get them to the paper right away! gpg: Signature made 08/16/07 21:55:16 using DSA key ID E68C49BC gpg: Good signature from "Michael Warren Lucas Jr (Author, consultant, sysadmin) "
GnuPGimmediatelyrequestsapassphrasetodisplay theunencryptedmessage.Finally,theprogramtellsyou thatthemessage’ssignatureisvalid. Openingthemessageonthecommandlineworkseasily onlyiftherearenoattachmentsintheoriginalmessage.If thesenderattachedadocument,youwon’tbeabletocrackit openthisway. N O TE
ForagoodsummaryoftheGnuPGcommandline,seeAppendixB. ThisisalotoftroubletopossiblyreadaPGP/MIMEmessage,isn’tit?Thissortofthingiswhyusingadifferentmail client(suchasThunderbird)ishighlyrecommended,atleast untiltheGnuPGfolksfigureouthowtodoPGP/MIMEwithoutallthepiecestheycurrentlyneed.1 1
They’llgetthere,I’msureofit.Withmyluck,it’llbeabouttwoweeksafter thisbookhitstheshelves. 146 Chapter 10
Thunderbird and GnuPG ThunderbirdistheemailcomponentoftheMozillaapplicationsuite,adirectdescendantoftheNetscapewebbrowser. TheMozillaFoundationproducesseveralhigh-qualitypiecesof software,includingtheFirefoxwebbrowser,theThunderbird mailclient,thepopularbug-trackingsoftwareBugzilla,and soon.Thesetoolsareallfreetoendusers.Youcandownload Thunderbirdatwww.getthunderbird.org. Thunderbirdhasrapidlybeenrecognizedasahigh-quality mailsuiteandisafirstchoiceamongmanypeoplewhoneed apowerfulmailclient.BecauseThunderbird’ssourcecode isavailableforpublicuse,theGnuPGdevelopershavehad nodifficultiesintegratingallthefeaturestheydesireintothe plug-in.
Installing the Thunderbird GnuPG Plug-In TheThunderbirdGnuPGplug-in,Enigmail,isanextension thatisinstalledintoThunderbird.(Thunderbird,likemost Mozillasoftware,hasan“extensions”frameworktoallowthirdpartydeveloperstoenhancethefunctionalityofthemain product.)LikeThunderbirditself,Enigmailisfree. Toinstalltheplug-in: 1. Downloadtheplug-infromhttp://enigmail.mozdev.org andsaveitonyoursystem.(Ifyou’reusingtheMozillaweb browser,MozillamightthinkthatEnigmailisaMozilla plug-in,trytoinstallitinthebrowser,andthencomplain thattheinstallationfailsbecauseEnigmailisnotcompatiblewithMozilla.Besuretoright-clickandselectSaveAs whendownloadingEnigmail.) 2. StartThunderbird,opentheToolsmenu,andselect Extensions.TheExtensionspanelwillopen. 3. SelectInstall,browsetowhereyousavedEnigmail,and thendouble-clickit.Youwillbeaskedtoconfirmthatyou wanttoinstallEnigmail.SayYes. 4. Aftertheinstall,restartThunderbird,andyoushouldseea newOpenPGPmenuatthetopofthemainThunderbird window.
Configuring Enigmail TobeginconfiguringEnigmail,chooseEnigmailPreferences tobringuptheconfigurationmenuasshowninFigure10-5.
GnuPG and Email
147
Figure 10-5: Enigmail Preferences
1. YourfirststepistotellEnigmailwheretofindGnuPGby browsingtoitsprogramfile,gpg.exe.(Remember,WinPT installsGnuPGunderC:\ProgramFiles\WindowsPrivacy Tools\GnuPG\gpg.exe.) 2. LiketheotherPGPplug-ins,Enigmailwillcacheyourpassphraseforafewminutesforyou.Thefive-minutedefaultis notunreasonableformostpeople,butIwoulderronthe sideofcautionandreduceittotwoorthreeminutesifyou haveapublicorworkcomputer.AnhourmightbereasonableforyourhomePC. 3. Enigmailprovidesablankspacetolistyourpreferred keyserversinacomma-separatedlist,anditoffersto fetchthenecessarypublickeyswhenyoureceiveasigned orencryptedmessage,usingyourpreferredkeyservers. Changethelistofkeyserversasneededtomatchyour preferences. 4. UnderEnigmail’sSendingtab,asshowninFigure10-6,are severaloptionsthatcontrolitsbasicfunctions.Perhapsthe mostimportantistheEncryptToSelfoption,whichsavesa copyofyoursentmailencryptedwithyourownkeysoyou canaccessitlater.(WediscusstheadvantagesanddisadvantagesofdoingthisinChapter8.) NowenableEnigmailfortheaccountsyouwanttouseit with.Todoso: 1. ReturntotheToolsmenuandselectAccountSettings. 2. Inthepop-upwindow,selectOpenPGPSecurity. 148 Chapter 10
Figure 10-6: Enigmail sending options
3. ClickthecheckboxthatsaysEnableOpenPGPSupport (Enigmail)ForThisIdentitytoenableOpenPGP. N O TE
Bydefault,EnigmailwillusethekeywiththeuserID(UID)that matchestheemailaddressofthecurrentaccount.Forexample,Greg’s accountis[email protected],soEnigmaillooksfora keypairwiththatemailaddress.Touseadifferentkey,specifythe keyidhere. 4. FromtheAccountSettingsmenu,selecttheComposition &Addressingsection.UnderComposition,turnoff ComposeMessagesInHTMLFormat.(HTMLmessages cancauseEnigmailproblems.) Enigmailisnowreadytouse.
Sending OpenPGP Mail TosendmailusingOpenPGP,clicktheWritebuttoninThunderbird’smainwindowtoopenanewmessage.Youshouldsee anextrabuttonatthetopofthenewmessagewindowthatsays OpenPGP.Selectit,andThunderbirdwillopenasmalldialog boxthathasthreeoptions,asshowninFigure10-7. SelectSignMessagetosignthismessage.SelectEncrypt Messagetoencryptthemessage.WhileEnigmaildefaultsto usinginlineencoding,Enigmailwillletyouuseeitherinlineor PGP/MIMEencoding,soyoucanworkaroundanyrestrictions thatyourrecipientsmighthave.Thosefriendsofyourswhoare stuckusingOutlookwithGnuPGwon’thavetojumpthrough
GnuPG and Email
149
hoopstoconversewithyou,whileyou’llalsobeabletocommunicatewithpeopleusingPGP/MIME,emailattachments, andsoon.
Figure 10-7: Thunderbird/ Enigmail mail-sending options
Per-Recipient Rules AlthoughThunderbirdprovidesallthisflexibility,yourbrain probablyisn’tuptocopingwithit.(Minesureisn’t!)Howcan youpossiblyrememberhoweachpersonyoucorrespondwith canmosteasilyreadOpenPGPmail?Enigmailletsyoucreate rulesforeachofyourcorrespondents.Whenyoudefinearule foracorrespondent,eachtimeyousendthemamessageEnigmailwillprocessitaccordingtothatrule. Todefinearule: 1. ChoosetheEnigmailmenufromthemainThunderbird screen,thenselectEditPer-RecipientRules.Awindow appears,listingallyourrulesforrecipients.Figure10-8 showsthePer-RecipientRulesEditorwithasinglerule.
Figure 10-8: The Per-Recipient Rules Editor
150 Chapter 10
2. SelectAddtocreateanewrule,suchastheoneIcreated inFigure10-9.
Figure 10-9: Per-recipient rule creation
Here,Icreatedaruleforanyemailsenttomyemail address:[email protected].Ichoseaparticular OpenPGPkeytousewhencorrespondingwiththisaddress andchosetosignandencryptbydefaulteverymessagesentto thisaddress.ThePGP/MIMEoptionsavesmethetroubleof rememberingwhetherthisrecipientcanreadPGP/MIMEor mustreceiveinline-encodedmail;inthiscase,it’ssettoNever. Thenexttimeamessageissenttomwlucas@blackhelicopters .org,Enigmailwillautomaticallyencryptand/orsignitasthe ruledictatesandencodeitproperlyforthisrecipient. ThePer-RecipientRulesallowyoutocreaterulesthat matchentiredomains,particularusernames,orjustabout anythingyoulike.
Reading OpenPGP Mail EnigmaildoesanexcellentjobofhandlingOpenPGPmailin bothinlineorPGP/MIMEformat.Whenyouattempttoopen anOpenPGPmessage,Enigmailwilldisplayadialogboxand requestyourpassphrase.Itcouldn’tbeeasier. Enigmailalsoprovidesanexcellentviewofthemessage’s OpenPGPstatus,asshowninFigure10-10.
GnuPG and Email
151
Figure 10-10: Reading an OpenPGP message
IntheEnigmailarea,weseethestatusoftheOpenPGP signature.Enigmailhasverifiedthesignatureofthisemail,as indicatedbygreencoloration,andthesignatureisdescribed asGood.Ifyouselectthebluepentotherightofthemessage information,EnigmailwillprintoutdetailedOpenPGPinformationaboutthismessage,includingtheUIDofthesender’s key,thedatethemessagewassigned,andthefingerprintofthe signingkey.Ifthesignatureisbad,thepeniconontheright sideoftheheaderwillappearasabrokenpen.
Upgrading Thunderbird and Enigmail TheThunderbirdandEnigmaildevelopersreleasenewversionsoftheirsoftwarefairlyregularly,andupgradingEnigmail withoutupdatingThunderbirdisverysimple.Infact,the ThunderbirdExtensionsManagerwillactuallychecktosee whethernewversionsofEnigmailareavailableandofferto upgradeforyou. IfyouupgradeThunderbird,however,thingsgetalittle trickier.BeforeupgradingThunderbird,youshouldbesureto uninstallEnigmail.However,uninstallingis,unfortunately,not enoughtocompletelyeradicateEnigmail’sleftovers. BothEnigmailandThunderbirdstoreconfigurationsand settingsinaprofiledirectory.WhenyouupgradeThunderbird,thenewversionwillusethesameprofiledirectory,soyou canretainyoursavedpasswordsandothersettingsbetween upgrades.However,anEnigmailconfigurationforanold ThunderbirdinstallwillonlyconfusethenewThunderbird andgenerallycauseanyofawidevarietyofconfusingand obscureerrors.
152 Chapter 10
Toavoidthisproblem,findyourThunderbirdprofile directory,whichisintheuser’sapplicationdatadirectory (usuallyC:\DocumentsandSettings\username\ApplicationData\ Thunderbird).You’llfindaProfilesdirectoryhere.Inthat directory,you’llfindadirectorywithanamemadeofeight randomcharactersanda.defaultextension.Thisiswhere Enigmailstoresitsinformation. AfteruninstallingEnigmail,butbeforeupgradingThunderbird,deletethefollowingfromyourprofiledirectory: •
XUL.mfl
•
Everythinginthechromedirectory
NowupgradeThunderbirdandreinstallEnigmail.You shouldbereadytogoagain! YounowknowhowtouseGnuPGwiththemostpopular mailclients.Toroundthingsoff,let’slookatsomeoftheother thingsyoushouldbeawareofwhenusingOpenPGP.
GnuPG and Email
153
11
OTHER OPENPGP CONSIDERATIONS
Youshouldnowhaveadecent understandingofhowto useOpenPGPwithPGPand GnuPG,andshouldbeableto quicklycomprehendanyotherOpenPGP products.Toroundthingsoff,let’sconsidersomeotherpointstoremember whenworkingwithOpenPGP,PGP,andGnuPG.Because nosecurityprotocolisperfect,we’lldiscusswhatcango wrongwithOpenPGP.We’lldiscusssomeconcernsabout theinteroperabilityofPGPandGnuPG(aswellasother OpenPGPprograms)andhowgroupsofpeoplecanshare asinglekey,withminimalrisk.Finally,we’lldiscussafew waystomakeOpenPGPuseonasharedsystemslightlyless intolerable,andendwithadiscussionofsomeoftheextra featuresfoundinWinPTandPGP.
What Can Go Wrong? AlthoughOpenPGPprovidesareliablemethodofproving messageauthenticity,notethattheacronymPGPstandsfor PrettyGoodPrivacy.Itdoesn’tstandforPerfectlyGrandPrivacy, letalonePenultimateGuaranteedPrivacy.PrettyGoodmeans exactlythat—it’sbetterthanwhatexistedbefore,butitisn’t unbreakable.Mallory(anybadguy;seeChapter1)hasmany methodstobreakOpenPGP’sprotections.MostofthemethodsMallorycanusetoviolatesomeone’sprivacyplayoffa victim’signorance.RememberthefinerpointsofOpenPGP usage(asdiscussedfollowing),andyou’llfrustrateMalloryso muchthathe’llgiveupandgobothersomeoneelse.
Poor Usage Byfar,themostcommonwaythatOpenPGPisweakenedis whenit’snotcorrectlyused.IncorrectOpenPGPusagecreates theappearanceofsecurity,butactuallycreatesaninsecuresituation.Theappearanceofsecurityisworsethannosecurity;if myfrontdoorlookslockedbutisn’t,I’dliketoknow. Poorusagecanbeanythingthatdoesn’tcomplywiththe rulesofOpenPGP.Ifyouleaveyourprivatekeyonyourwebsite,eveninahiddendirectory,itwillbefound.“Beammeup, Scotty!”isnotapassphrase;it’saninvitationtoidentitytheft. Andemailingyourpassphraseandprivatekeytoyourself“so youwon’tloseit”isjustdaft.I’veseenpeoplemakeallthese mistakes(totheireventualdismay). TheusualreasonthatpeoplegivefornotusingOpenPGP properlyisthatit’scomplicated.That’strue;itiscomplicated. Privacyandsecurityasawholearenoteasy,butifyou’rereadingthisbookyou’veobviouslydecidedthatthey’reworthsome efforttopreserve. SomepeopleevengosofarastokeeptheirOpenPGPkeys onacomputerthatisn’tconnectedtothenetwork.Anything thattheysignorencryptisplacedonremovablemedia,moved tothatcomputer,processedwithOpenPGP,andreturnedto thenetworkedcomputer.Thisisprobablytooextremefor mostpeople,butitisveryviableifyoursecurityrequirements demandthatlevelofprotectionanditaddsanicelayerof physicalsecuritythatisveryhardtobreak.
Poor Signing Let’sconsiderpoorsigning.“Thisguysayshe’sMichaelW. Lucas;I’lltrusthim.”BZZZZT!I’msorry,pleaseplayagain.
156 Chapter 11
Whenyousignsomeone’skey,youarenotonlyvalidating thatperson’sidentityforyourownusebutyouarealsopublicly affirmingthatyouhaveverifiedtheperson’sidentity.Aperson whotrickssomeoneelseintosigningakeygeneratedfora fraudulentidentitycansuccessfullyhookintotheWebofTrust andgaintheconfidenceofothers. Remember,youcanusesomeoneelse’spublickeywithout signingit.IfIweretosendyouemail,youcouldimportmy publickeyanduseittoreadmailencryptedwiththematchingprivatekey.YouwouldhavenoguaranteethatIwaswhoI claimedtobe,butyouwouldhaveaguaranteethatanyfurther correspondencesignedwiththesamekeycamefromaperson whohadaccesstothesameprivatekey.
Hardware Compromise Ifsomeonehasphysicalaccesstoyourcomputer,hecanget yourpassphrase.Hardware-basedkeystrokeloggersthatplug intoyourkeyboardcableandrecordeverythingyoutypeare availableonlineforlessthan$100. Somehardware-basedkeystrokeloggersaresmallenough tofitinsidealaptop.Mallorycouldsneakilyattachtheloggertoyoursystemwhileyou’reatlunch,waitafewdays,and thenunplugthedevicefromyourmachineandseeeverything youtyped.Ifyoutypedyourpassphraseduringthattime,he hasit.Wadingthrougheverythingyoutypedcouldbealot ofwork,butifMalloryissufficientlymotivated,he’lldoit. N O TE
Bothpoliceandprivateinvestigatorsroutinelyusekeystrokeloggers.If youareactuallyatriskofsuchaninvestigation,besuretocheckyour hardwareforkeystrokeloggersbeforeusingOpenPGP.Evenusingan alternatekeyboardlayoutisnodefenseagainstahardwarekeystroke logger;1afterMalloryfiguresoutthatnothingyoutypedmakesany sense,he’llhavetheanalysissoftwareunscrambletheletters. Youcanworkaroundthisproblembyusinga“software”or “virtual”keyboard.Theseprogramsdisplayakeyboardonthe monitor,whichyouusebyselectingcharacterswiththemouse. Thisisfortheverycareful,tobesure,butifyou’reatriskof keyboardloggingyouwillbegladyouhaveit.Butremember: Eventhoughavirtualkeyboardisclumsytouse,don’tmake 1
Ontheotherhand,aDvorakkeyboardlayoutisanexcellentdefenseagainst peopleborrowingyourcomputerduringlunch.Ihighlyrecommenditforthis purpose,iffornootherreason.
Other OpenPGP Considerations
157
yourpassphraseshorterjustforconvenience;thewholereason you’reusingitistoprotectthatvitalpassphrase! Althoughweconcentratedonpassphrasetheft,thefile containingyourprivatekeyisjustasimportantasthepassphraseitself.Ifsomeonehasphysicalaccesstoyourmachine, thepersoncanalwaysbreakopenthecaseandstealorcopy yourharddrivetogetyourprivatekeyfile.Forthisreason, manypeoplekeepalltheirpublicandprivatekeysonaUSB flashdrive:It’smoredifficultforsomeonetostealyourcryptographickeysifthey’rekeptwithyourcarkeysorinyourwatch.
Software Compromise Ifyouroperatingsystemisinsecure,Mallorycanviolateyour privacyfromalmostanywhereintheworld.Worms,viruses, andspywarecanallgatheryourkeystrokesjustlikeahardware keystrokelogger,withtheaddedadvantageofnotrequiringphysicalaccesstoyourmachine.Somespywareactively searchesoutpasswordsandpassphrases,whereasotherviruses giveadministrativecontrolofyourmachinetosomeoneelse. Thisproblemisfairlysimpletodefendagainst. •
First,keepyourmachinefullypatched.Ifyou’rea Windowsuser,sprinkleMicrosoftUpdategenerouslyover yoursystemonaregularbasis.
•
Macintosh,Linux,andBSDusersshouldapplysecurity patchesassoonastheyareavailable.
•
Installantivirussoftware,updateitregularly,anduseit continuously.
•
KeepyourOpenPGPsoftwareuptodate.
Novendorhasaperfectsecurityrecord,andsecurity patchesdon’tsolveeverything,butmostelectroniccrimesare crimesofopportunity;criminalschoosetheeasiesttargets. Applyingtheproperpatcheswillmakeyouamoredifficult target,however,andmakeMallorymorelikelytoattacksomeoneelse.(LiketheClubyouputonthesteeringwheelofyour car,it’snotperfectbutitsuremakesithardtoturnthewheel unlessyoucanremoveit.) Also,ifyouhaveabroadbandconnection,eitherturnyour PCoffwhennotinuseorgetahardwarefirewall.Yearsago whenbroadbandfirstcameout,manytech-savvypeoplesaid, “Leaveyourcomputeronallthetime;it’llbefine.”Today, criminalsmakefortuneseverymonthturningthousandsof infected,always-onPCsintopotentweapons.Ifsomeone 158 Chapter 11
canuseyourcomputeraspartofaswarmtobringdownan e-commercesite,theycancertainlypullyourpassphrasesand passwordsoutofitaswell.(And,asoneofthese“tech-savvy” peoplewhousedtorecommendleavingyourcomputeron,I officiallyrequestpermissiontoeatmywords.Withaniceside helpingofcrow.) Ifyouareseriouslyconcernedaboutthesecurityofyour system,Iencourageyoutogetabookonthetopic.Toomuch securityisbetterthannotenough.
People Compromise ThebestwayforMallorytopenetrateOpenPGP’sprotections istogetyourpassphraseandprivatekeyfile.Stealingthe filecontainingyourprivatekeyrequirescompromisingyour machine,whichpropersystemsecuritywillmakedifficult. Malloryneedstogetyoutogivehimthepassphraseinsome manner,though,andthat’swhereyoumakehisworkdifficult. IfyouareusingOpenPGPcorrectly,thatpassphraseresides onlyinyourhead.Mallory’sproblemliesinextractingthe passphrasefromyourhead.Ifheisn’tsubtle,Mallorycanjust arrangeforgoonswithironpipestobeatitoutofyou.This riskissocommonincertainsituationsthattheencryption communitycallsit“rubberhosecryptanalysis.”2 QuiteafewpeopletakethemerepresenceofanOpenPGPsignatureasproofofauthenticity.Thisleadstoawhole varietyofattackssimilartothe“phishing”emailsusedtotryto trickpeopleoutoftheirbankaccountnumbers.Theseattacks don’tgoafterOpenPGPitself,buttheyleverageOpenPGPto createanillusionofsecurity.Togivethisappearance,allMalloryhastodoisfindarealOpenPGPsignatureinamailing listarchiveoronUsenetandattachthatsignaturetoanemail. Manypeoplewon’tbothertoverifythatsignature,assuming thatnobodywouldhavethesheerbravadotofakeasignature. Similarly,onceMalloryhascompromisedsomeoneelse’semail account,hemightuploadanOpenPGPkeyforthatpersonto severalpublickeyservers.Hecouldthenposeasthatperson withimpunity.Mallorymightalsouploadseveralkeysforadifferentpersontoakeyserver,inthehopethathisvictimwould chooseoneofthosekeysaslegitimateormightevenhuntfor akeythatcanreadamessagewithoutunderstandingtheimplicationsofhisactions.Securityexpertsarediscussingwaysto maketheseattacksmoredifficulttoexecute,butnochanges 2
Fortherecord,anyonewithaweaponandtheproperattitudecanhavemy passphraseuponrequest. Other OpenPGP Considerations
159
totheOpenPGPinfrastructurecanprotectagenuinelygullibleperson. There’salsolegalaction,whichismoreinteresting.Cryptographylawsvarygreatlyfromcountry,buthere’sthestatus undercurrentUSlaw. W A RN IN G
Thefollowingisnotlegaladvice,andIamnotalawyer(thankfully). Ifyouareinlegaltrouble,getalawyer!Thisentiretopicmakesme lessthancomfortablebecauseitcouldbeconstruedasgivingadviceto criminalsonhowtoescapejustice.Manypeoplethinkthattheyunderstandhowthelawworksregardingcryptography,though,andthey’re usuallywrong.Thelawoverlapscommonsenselessfrequentlythan onemightwish. UnderUScaselaw,acourtcansubpoenaanythingthat iswrittendown,includingpassphrases.Malloryonlyhasto persuadeajudgethatheshouldissueacourtorderforyour writtenpassphrase.Ifyouhavememorizedyourkey(asyou should),precedenthasnotyetbeenestablished,butit’sfairly certainthatyoucanatleastbefoundincontemptofcourtfor refusingtodiscloseyourpassphrase. Oneideathathasbeenbattedaboutrepeatedlyisthatof applyingFifthAmendmentprotectionstopassphrases.Ifyou haveencrypteddocumentswhereinyouhaverecordedthat youhavecommittedacrime,shouldn’ttherighttonotincriminateyourselfapply?Thelawconsidersapassphrasemorelike akeyforasafedepositbox;thekeyisnotprotected,although documentsinthedepositboxmightbe.Therefore,theFifth Amendmentdoesnotapplytopassphrasesassuch. Aninterestingtwistonthisideaistohaveyourpassphrase includeacriminalconfession,themorehorrendousand detailedthebetter.Althoughthecourtcanrequireyoutoturn overapassphrase,theFifthAmendmentmightapplyifyour passphraseisthis:“OnMarch8,2005,Islaughtered16nuns, burnedanAmericanflag,andpsychologicallyabusedapoodle inMoosebane,Idaho.”Theproblemhereisthatyoumusthave actuallycommittedthecrime—theFifthAmendmentcertainly doesnotapplytothingsyouhaven’tdone!Thishasnotbeen testedincourtbut,sadly,Iexpectitwillbebeforelong. Thelawissimilarinmanyothercountries.Forexample, theBritishAssociationofChiefPoliceOfficersisattemptingto getlegislationthatwouldmakewithholdingdecryptionkeysa crime. Thebottomlineisthis:Askbeforeyougetyourselfinto trouble!IwouldhatetoseeareadergetthrownintoaThird Worldprisonforviolatinglocalcryptographylaws.Incountries
160 Chapter 11
whereowningthisbookisillegalandthelawisenforcedby truncheon-bearinggoons,youwillevenwanttoaskthequestionquietly.OpenPGPisgreatforprotectingyourselffrom privacyviolationsbyotherciviliansandfornotifyingyouwhen thegovernmentisviolatingyourprivacy.Oncethegearsofjusticebegingrinding,however,itsprotectionsdrop.
Fake Keys BecauseanyonecancreateanOpenPGPpublickeywithanyone’snameonit,annoyingtwitsoccasionallyuploadkeysin otherpeople’snames.Forexample,ifIsearchsubkeys.pgp.net for“GeorgeW.Bush”Ifindnofewerthansevenkeyswiththat name.Severalarefortheemailaddresspresident@whitehouse .gov.IfGeorgeW.usedOpenPGP,we’dallhaveahardtime sortingoutwhichkeywashis. ThePGPCorporation’skeyserveravoidsthisproblemby requiringaresponsefromtheemailaddressownerbefore makingthekeypublic.Isuspectthatmoreandmorekeyserver networkswilladoptthisapproach,butthat’sforthefuture. Themoralofthisstoryisthis:Ifyoufindseveralkeysfor oneperson,checktheirsignatures.AkeythatistightlyintegratedintotheWebofTrustismuchmorelikelytobevalid thanonethathasfewornosignatures.Inthisexample,none oftheGeorgeW.Bushkeyshasanysignatures.Presumably,the PresidentoftheUnitedStateswouldbeabletofindatleast onepersonwhocouldconfirmhisidentityandsignhiskey. PeoplewhoareactuallynamedGeorgeW.Bush,butwithdifferentemailaddresses,havekeyssignedbyotherpeople. Also,checkalternativepublickeysourcessuchasthe person’shomepage.ShouldthePresidenteverstartusing OpenPGP,it’saprettysafebetthathispublickeywillbeavailablesomewhereonwww.whitehouse.gov!(I’msurethattheUS Presidenthassomesortofemailencryptionavailable,butit’s eithernotOpenPGPornothookedintotheWebofTrust.) Ultimately,theonlywaytoverifyanyOpenPGPkeyis throughtheWebofTrust,butonlyyoucandecidewhototrust andhowfartotrustthem.
OpenPGP Interoperability TheOpenPGPstandardinsiststhatallOpenPGPprograms beabletousetheSHA-1hashand3DESencryption,but allowsimplementerstoofferadditionalmethodsiftheydesire. OpenPGPvendorshaveawidechoiceofspecificimplementationmethodsanddon’talwayschoosethesamehashand Other OpenPGP Considerations
161
encryptionalgorithms.Too,differentversionsofOpenPGP programsmightprefertousedifferentalgorithms.Generally speaking,thebestwaytoensurethatyoursoftwarecancommunicatewithanyotherOpenPGPsoftwareistoinstallallthe algorithmsandhashmethodsavailable.Someofthesehashes areinsecure,andcouldbeforged—particularlyMD5,andtoa lesserextentSHA-1.Peoplewhousethesearenotassecureas theybelieve,butyoucanchoosetocommunicatewiththemif youwish. Thisstillleavestheproblemofpre-OpenPGPversionsof PGPthatdon’tuse3DES.Theseolderversionsalmostalways havesecurityproblems,andolderversionsoftheOpenPGP specificationhavesecurityproblemsoftheirown.Peopleusing PGPversion2shouldupgrade.FeelfreetoassumethatmessagessentwithPGPversion2areinsecure—becausetheyare. N O TE
Ifyoutrulywantyourcommunicationstobesecure,helpotherpeople upgradetheirsoftwareratherthancommunicatingwiththemviatheir oldvulnerabletools.Peoplewhousethisoldersoftwarearefooling themselvesiftheybelieveitissecure.Remember,theappearanceofsecurityisworsethannosecurity!
Teams and OpenPGP Manycompanieshaveateamofpeoplewhosignfiles.For example,manypiecesofsoftwareyoufindontheInternet haveanOpenPGPsignature.Severalpeopleonthedevelopmentteamknowthepassphrase.Thisisreasonableifnotideal, providedthatthekey’sUIDclearlylabelsitasateamkey;the trickhereisinknowingwhentochangethekey. Acommonmisconceptionisthatwhensomeoneleaves theteam,youcansecurethekeybychangingthepassphrase. There’saproblemhere,though:Whatifthepersonwho departedhasacopyoftheprivatekeywiththeoldpassphrase? OpenPGPkeysdon’tcomewithlabelsthatshout“Nowwith new,improvedpassphrase!”Thedepartedpersoncanusethe oldpassphrasewithhiscopyoftheprivatekeytosignasmany documentsashedesires,andnobodywillknowthedifference. Whenyouuseateamkeyandhaveapersonnelchange, theonlysafeactionistoimmediatelyrevoketheoldkey, maketherevokedkeyavailable,andgenerateanewkeypair. Whenyouputtherevokedkeyoutonthekeyserver,everyone whoupdatesakeywillgettherevocationnotice. N O TE
AlthoughOpenPGPsoftwaredecryptsemailmessagesencryptedwitha revokedkey,itdoesnotencryptmessageswitharevokedkey.
162 Chapter 11
OpenPGP and Shared Systems ThroughoutthisbookI’vepoundedhometheideathatyour OpenPGPcomputershouldbeasingle-usersystem,butyou mightchoosetomakeanexception.Forexample,corporate computersfrequentlyhaveanadministrativeteamthathandles OSupdates,antivirusprotection,andsoon,andthesepeople haveadministrativeaccesstoallthecomputersinthecompany. IfyoumustuseOpenPGPinsuchanenvironment,hereare somewaystomitigatetherisk: •
Ifyou’reusingWindows95,Windows98,orWindowsMe andcannotupgradetoamoremodernoperatingsystem, giveup.Anyonewhocanturnyourmachineoncanget yourprivatekey.Theseoperatingsystemsaresimplynot secure,period,end.
•
ForWindowsNT–basedandUnix-likeoperatingsystems, setthepermissionsonyourkeyringfilessothatnobody butyoucanreadthem.Windowspermissionsarequite usefulinthiscase—thesystemadministratorcanchange thepermissionsonyourkeyringonlybytakingownership ofthedirectory,afairlyobvioushintthatyourkeyringhas beencompromised.ManyUnix-likeoperatingsystems supportMandatoryAccessControls(MAC),whichhave similareffects.
•
Youcanprotectyourkeyringevenmorebykeepingiton aUSBflashdriveorothersmallportablestoragedevice. Mostkeyringswillfit20timesoveronafloppydisk(if yourcomputerevenhasafloppydrive).Variousfirmshave recentlystartedmakingOpenPGP“smartcards,”wherethe entirekeystaysonthecard.Theseaddawholenewlayer ofsecuritytoOpenPGP,evenonasharedsystem.
•
Ifyoumustcopyyourkeystothelocalharddrive,installa programtothoroughlydeletethemwhenyou’refinished. AGooglesearchfor“securedelete”willturnupdozensof freelyavailablesecuredeletionprograms.PGPincludes one,aswediscussonthenextpage.
•
WhenusingGnuPGonaWindowssystemsharedbyseveralpeople,considercreatingafoldernamedC:\GnuPG andcopyingtheGnuPGprogramfilestoit;thenaddthat directorytothesystem’sPATHvariable.Everyuserwill thenhaveaccesstothatsameversionofGnuPG,which willatleasteliminatetheproblemsthatarisefrompeople usingdifferentversionsoftheprogram.
Other OpenPGP Considerations
163
•
N O TE
Ifyoudon’tentirelytrustyourmachineatwork,consider creatingtwoOpenPGPkeys:oneforworkandonefor home.Signyourworkkeywithyourpersonalkey.Never bringyourpersonalkeytowork;instead,havepeople signyourpersonalkeyandsignothers’keyswithyour personalkey.
Yourworkkeyisultimatelydisposable—youwillprobablyhaveseveral jobsduringyourlifetimebutonlyonereputation.Andkeeparevocationcertificateathomeincaseyourcompanyelectstoshowyouthedoor withoutnotice.(Idonotplacemyworkkeysonakeyserver;Idistribute themprivatelyandonlytocorrespondentswhoabsolutelyrequireit.) Althoughtheseactionswon’tprotectyoufromamalicious systemsadministrator,theycanreducethedamageandmake livingwithsuchasetupalittlemoretolerable.Asalong-time systemsadministrator,Icanassureyouthatmostsysadmins wouldnevermesswithauser’sOpenPGPkeys.That’snot becausewe’reinherentlytrustworthy,butratherbecauseany sysadminwhogetshiskicksbyviolatingothers’privacyquickly annoysthewrongpersonandgetsfired.Afterthishappensa coupleoftimes,theirreputationisinashamblesandthey’re unemployableinthecomputerfield.You’reundermuch greaterriskfromotherusersofthecomputer. Despiteanyprecautions,physicalaccesstrumpsall.If someonecanopenyourcomputerandwalkoffwithyourhard drive,it’sallover.Hopefully,youchoseagoodstrongpassphrasetoprotectyourprivatekeyagainstthisrisk!
Other Software Features BothWinPTandPGPofferspecialfeaturesthatwillbeofuse topeopleinterestedinprivacy.Althoughthesefeaturesarenot partofOpenPGP,theyrateamention.
Passphrase Caching Bothsetsofsoftwarewillcacheyourpassphraseforauserconfigurablelengthoftime,whichwillsaveyouabitoftyping. However,whenyouusethisoption,ifyoustepawayfromthe machine,anyonewhositsdowncanuseyourOpenPGPsoftwarebecauseyourpassphraseisstillcached.Isuggestsetting thistimetoonlyafewminutes,ormanuallyflushingyourpassphrasebeforeyouleaveyourdesk.
164 Chapter 11
Shredding “Shredding”isanotheradd-onfeatureinbothWinPTand PGP.Whenyoudeleteadocumentfromacomputerviathe operatingsystem,itisn’tdestroyed.Muchasifyouputaprintoutinthetrash,thedocumentismerelyhiddenfromviewand setonapaththatwillleadtoitseventualdestruction. Anynumberofprogramscanrecoverthesedeletedfiles. Topermanentlyandirrevocablydestroyafile,usetheshredderfunctionthatshipswithPGPandWinPT.Theseprograms overwritethefileondiskseveraltimes,eliminatinganyhope ofrecoveringit.(Ifyou’reusinganoperatingsystemthathas filesystemjournaling,shreddingiscertainlylesseffective,butit willraisethebarforrecovery.) Ifyouwantrealsecurity,shredanyearlierversionsofthe filebecausepreviousdraftsmightbejustasincriminatingas theshreddedversion.Ifit’sthatimportanttodestroyadocument,besuretocheckforanybackups. Winston Churchill told a story about a man who received a telegram informing him that his mother-in-law had passed and asking what sort of funeral arrangements he desired. The man replied “Embalm. Cremate. Bury at sea. Take no chances!” This is a good model for electronic document destruction.
PGPDesktopalsoofferstheabilitytoencryptyourinstant messages,whichgoesalongwaytowardmakingIMusefulin abusinessenvironment.Itcanalsoencryptyourwholedisk drive,givingexcellentprotectionagainstdatalossincaseof laptoptheft(althoughdoingsowilladdasignificantamount ofoverhead). Experimentwithyourchosensoftware;you’llfindithas abilitiesfarbeyondwhatwecoveredinthisbookandusesfar beyondwhatyouthoughtyouneeded. Enjoyandprotectyourprivacy!
Other OpenPGP Considerations
165
A
INTRODUCTION TO PGP COMMAND LINE
InadditiontoPGPDesktop, PGPCorporationproducesa command-linePGPprogram, PGPCommandLine,which allowsyoutoautomatePGPoperations. PGPCommandLineisalicensedproduct thathasmanyfeaturesrequiredbyenterprisecustomers. ItisavailableforWindowsandavarietyofUnix-likeoperatingsystems(includingMacOSX).Itcomeswithavery goodandcompletemanual(over300pages)andcaneasilybeinstalledbyanysystemsadministratorwhohasread thisbook. ThisappendixwillintroduceyoutothebasicPGPCommandLinefunctions.We’llcoverthebasicsveryquicklyso thatyoucanhandlesimplePGPCommandLineoperations inshortorder.(ReadthemanualformoredetailonthePGP CommandLine’svariouscommandsandreferencethisbook fordetailonspecificsuggestions.)Wearespecificallynot
coveringfunctionalitysuchasAdditionalDecryptionKeys, whicharewelldocumentedinthemanualbutrequirein-depth explanation. PGPCommandLinerunsthesamewayonWindowsand Unix-likeoperatingsystems;theonlydifferenceistheappearanceofthecommandprompt.We’lluseahashmark(#)asa promptintheexampleshere,assomeUnixshellsdo.Users withnormalprivilegescanusePGPCommandLinejustfine. N O TE
Unlikemostcommand-lineprograms,PGPCommandLinedoesnot interactwiththeuserafterexecutionbegins.Itisdesignedforautomatedenvironmentsinwhichthereisnousertotalktoanditdoesnot promptyouforfurtherinformation.Thisisquiteusefulbehaviorfor scripts,ofcourse.
PGP Command Line Configuration AllPGPCommandLineconfiguration,keystorage,andother informationiskeptinanapplicationdatadirectory.Ifyou’re usingWindows,you’llsetthelocationofthisdirectoryduring theinstall;ifyou’reonaUnix-likesystem,thatdirectorywill be$HOME/.pgp.TochangePGPCommandLine’sbehavior, youedittheconfigurationfilePGPprefs.xml.Thedefaultsare suitableforalmostallapplications,butyou’llfindafullexplanationofthevariablesinthePGPCommandLinemanual. TheconfigurationfilemustusevalidXMLforPGPCommandLinetowork.Fortunately,thisisn’tdifficult;eachentry lookssomethinglikethis: CLpassphraseCacheTimeout 120
Inthisexample,thevariableCLpassphraseCacheTimeout, whichcontrolsthelengthoftimethatyourpassphraseis cached,hasbeensetto120.Tochangethistimeoutvalue, editthe120withoutalteringthesurroundingtags. Thefilespubring.pkrandsecring.skraretwoadditional importantfilesinthisdirectory.Yourpublickeyringisstored inpubring.pkr,whereasyourprivatekeysarestoredinsecring .skr.Guardsecring.skrverycarefully,forreasonsIhopehave beensufficientlydrivenhomebythetimeyou’vereadthisfar!
168 Appendix A
N O TE
Wheneditingaconfigurationfilelikethisone,it’sveryeasytoaccidentallydeleteananglebracketwithoutnoticingandbreakthesoftware asaresult.Therefore,keepabackupofyourknown-goodconfigurationfile!It’smucheasiertofallbacktoagoodversionandtryagain thantostareatabrokenconfigurationforhourstryingtofindwhat youmissedbefore.Ifyou’reonaUnix-likeoperatingsystem,Istrongly recommendusingtheRCSrevisioncontrolsystemformanagingconfigurationfiles.It’sbeenusedfordecadessomostofthebugsaregone, andit’sfree.
Testing and Licensing AfteryoufinishinstallingPGPCommandLine,makesure thatitworksbytryingthe--versionand--helpoptions.The --versionoptiondisplaystheversionofPGPCommandLine youhave,whereas--helpdisplaysalltheoptionsandflagsthat PGPCommandLineuses.Iftheseoptionswork,yourinstallationiscorrect. Afteryouknowthatthebaseinstalliscorrect,youshould licensethesoftware;ifyourinstallisnotlicensed,PGPCommandLine(PGPCL)functionsonlyinaverylimitedmanner. YoumusthaveInternetaccesstolicensePGPCommandLine becausetheprogramcontactsthePGPlicenseserverandconfirmsthatyourlicensecodematchesyourname,emailaddress, andorganization.Youmustenteryourname,organization, emailaddress,andlicensecodeexactlyastheyappearinthe licenseorthelicenseoperationwillfail.Forexample: # pgp --license-authorize --license-name "Michael Lucas" --licenseorganization "Author (Press)" --license-number "long-string-of-codes" --license-email "[email protected]"
HerewetellPGPCLtoauthorizethelicensethatPGP Corporationhasonfileforthelicenseownerandthe organizationthelicenseownerbelongsto,usingthelicense codeprovidedbyPGPCorporationandtheemailaddress ofthelicenseowner.ThisprocesswillmakePGPCLcontact thePGPCorporation’slicensingserverandverifyyourinformation.Ifyouenteredalltheinformationcorrectlyandthe licenseisvalid,PGPCommandLinewilladdlicensinginformationtoPGPprefs.xml,andyou’llbereadytogo!
Introduction to PGP Command Line
169
Creating a Keypair PGPCommandLinecreatesmanydifferentsortsofkeypairs inadditiontothestandardOpenPGPsigningandencryption keys.TheformatforcreatinganOpenPGPkeypairisasfollows,whereUIDisastandardPGPuserID,consistingofa namefollowedbyanemailaddressinanglebrackets: # pgp --gen-key "UID" --key-type rsa --encryption-bits 2048 --passphrase "passphrase" --other-options
Touseanoptionalcomment,asdiscussedinChapter2, additbetweenthenameandtheemailaddressinparentheses. (PGPwillemitawarningaboutthisbeingnonstandard,but manypeoplehaveUIDsinexactlythatformat,andtheywork justfine.)Forexample,myUIDisthis: Michael Warren Lucas Jr (Author, consultant, sysadmin)
ThisUIDdifferentiatesmefromeveryotherOpenPGPusingMichaelLucasintheworld. PGPCommandLinesupportsseveraldifferenttypes ofkeypairs.(Ifyou’reintocryptographyorhavespecificbusinessneedsforsigning-onlykeysorthelike,seethemanualfor detailsbecausewe’llcoveronlyOpenPGPkeypairs.)
Setting the Key Type ModernOpenPGPkeysareoftypeRSA.Yousetthetypeofkey withthe--key-typeflag. Youcanchoosethenumberofbitsinthekeypair(as discussedinChapter1),whichrangesfrom1024to4096.I suggestusing2048,whichasofthiswritingshouldprotectyour dataforthenextseveralyears.
Assigning a Passphrase Youmustgiveyourpassphraseonthecommandlinewhen youcreateyourkey.Ifyoudon’twanttoassignapassphrase whenyoucreatethiskey,youcanchangeitlaterwiththe --change-passphraseoption.
Setting an Expiration Date Bydefault,newkeyshavenoexpirationdate.Tosetanexpirationdate,usetheoptional--expiration-dateflag,withthedate inYYYY-MM-DDformat,suchas2008-12-31. 170 Appendix A
Forexample,tocreateakeypairformyself,Iwouldrun thefollowing: # pgp --gen-key "Michael Warren Lucas Jr (Consultant, author, sysadmin) " --key-type rsa --encryption-bits 2048 -passphrase "This is a really bad passphrase" --expiration-date 2008-12-31
PGPwillquicklygenerateakeyandendbylistingthe keyid.
Generating Revocation Certificates AswithanyotherOpenPGPkey,it’simportanttocreatea revocationcertificateimmediatelyuponcertificatecreation. Tocreatearevocationcertificate,usethe--gen-revocationcommandlikeso: # pgp --gen-revocation "UID" --passphrase "passphrase" --force
ThefirstargumenttellsPGPCommandLinewhichkeyto revoke.YouneedonlyenoughoftheUIDtouniquelyidentifyakeyonyourkeyring.Forexample,mykeyringhasonly onekeyonitwiththeemailaddressmwlucas@blackhelicopters .org.Thatemailaddressuniquelyidentifiesmykeyonmykeyring.IfIhadseveralkeyswiththatemailaddress,Iwouldneed tousealargerpartoftheUIDtoidentifythekeyIwantedto revoke,orperhapsthecompleteUIDifIhadseveralverysimilarkeys. Next,giveyourpassphraseonthecommandline. Finally,usethe--forceflagtotellPGP,“Yes,Iknowthis isn’tnormal,butyouwon’taskmeifI’msure,soI’mtelling youyes,I’msure;Ireallydowantyoutodoit.” Forexample,tocreatearevocationcertificateformykey,I wouldtypethis: # pgp --gen-revocation [email protected] --passphrase "This is a really bad passphrase" --force
PGPCommandLinewillcreatearevocationcertificate andplaceitinthecurrentdirectoryinafilenamedaftermy completeUID.(Saveandprotectthiscertificate,asdiscussed inChapter2.)
Exporting Your Public Key Nextyou’llneedtodistributeyourpublickeytoyourcorrespondents,eitherbyusingkeyserversortextfiles. Introduction to PGP Command Line
171
Distributing to Keyservers Sendyourpublickeytoakeyserverwiththe--keyserver-send option,andusethe--keyserveroptiontochoosethekeyserver: # pgp --keyserver-send UID --keyserver protocol://keyserver
TheUIDiseitherthewholeUIDofthekeywewant topublicizeoralargeenoughpieceofitsothatPGPcan identifyit. Thekeyservermustincludetheprotocolusedtoaccess thekeyserverandthekeyserver’sname.Commonprotocols includeLDAP(usedbyPGPCorporation’skeyserver)and HTTP(usedbykeyserverssuchassubkeys.pgp.net).Include theprotocolbeforethemachinename,muchlikeaURL.For example,tosendmynewlygeneratedPGPkeytothePGP Corporation’skeyserver,keyserver.pgp.com,Iwouldrunthis: # pgp --keyserver-send [email protected] --keyserver ldap://keyserver.pgp.com
Bydefault,PGPCommandLinewillcontactthePGP Corporation’spublickeyserver.Youonlyneedthe--keyserver flagifyouwanttocontactadifferentkeyserver. Exporting to Text Files Usethe--exportcommandtopullyourpublickeyfromyour keyringintoatextfile: # pgp --export UID
Thiscommandwillcreateatextfilewiththesamenameas yourUID.Ifyou’vealreadycreatedarevocationcertificateand haven’trenamedit,PGPCommandLinewillcomplainthatit can’tcreatethefile.Ifthat’sthecase,renameyourrevocation certificateandexportthekeyagain.
Viewing Keys Toseeallthekeysonyourkeyring,usethe--list-keysoption. Ortoviewaparticularkeyonyourkeyring,listtheUIDora portionthereofafter--list-keys;PGPCommandLinewillonly listkeysthathavethegivenstringintheUID.
172 Appendix A
Forexample,here’showyou’dsearchforallkeysonthe keyringthatincludethestringmwlucas. # pgp --list-keys mwlucas Alg Type Size/Type Flags Key ID User ID ----- ---- --------- ------- ---------- ------*RSA4 pair 2048/2048 [VI---] 0x7E02501C Michael Warren Lucas Jr (Consultant, author, sysadmin) 1 key found #
PGPCommandLinefoundonematchingkey(bigsurprise,Iknow).(Thisbecomesmuchmoreusefulafterweadd keystothekeyring,asshownlaterinthisappendix.) Thedefaultviewisverybrief,butyoucanviewanylevelof detailaboutthiskeywiththeoptionsshowninTableA-1(just givetheoptionandaUIDoruniqueportionthereof). Table A-1: PGP Command Line Key Viewing Options Option
Function
--pgp-fingerprint
Displays the fingerprint of the specified key
--list-key-details
Shows all information included in the key
--list-sigs
Shows all signatures on the key
--list-sig-details
Shows detailed information about all signatures
--list-userids
Shows all UIDs included in this key
Forexample,toviewallthesignaturesonmykey,Iwould runthefollowing: # pgp --list-sigs [email protected]
Managing PGP Command Line Keyrings Keyserversaremostcommonlyusedtosearchforkeys,add keystoyourkeyring,signkeys,andupdatekeys.
Searching for Keys TousePGPCommandLinetofindsomeone’skeyonakeyserver,youneedtheUID(oraportionthereof)andthename ofthekeyserveryouwanttosearch.
Introduction to PGP Command Line
173
Thebestwaytosearchforakeyistousetheuser’semail address.Here,wesearchsubkeys.pgp.netforanykeywiththe stringMichael Lucas.1 # pgp --keyserver-search "Michael Lucas" --keyserver http://subkeys.pgp.net http://subkeys.pgp.net:keyserver search (2504:successful search) Alg Type Size/Type Flags Key ID User ID ----- ---- --------- ------- ---------- ------DSS pub 2048/1024 [-----] 0xE68C49BC Michael Warren Lucas Jr (Author, consultant, sysadmin) DSS pub 2048/1024 [-----] 0xAB6CA178 Michael Lucas DSS pub 2048/1024 [-----] 0x4922B639 Michael P. Lucas DSS pub 2048/1024 [-----] 0x4768326E B. Michael Lucas DSS pub 2048/1024 [-----] 0xAD08B0C7 David Michael Lucas DSS pub 2048/1024 [-----] 0xFB31770D David Michael Lucas 6 keys found
Thekeyserverreportsthatithassixkeysthatmatchthe stringMichael Lucasandpresentstheresults,butI’monlyinterestedinoneofthem.Fortunately,thelistincludestheUID ofallthekeyssoIcanseewhichkeyIwantandthenusea uniqueportionoftheUIDtoimportit.
Importing Keys Usethe--keyserver-recvoptiontodownloadapublickeyfrom akeyserverandaddittoyourpublickeyring: # pgp --keyserver-recv [email protected] --keyserver http://subkeys.pgp.net
PGPwilldownloadthekeyandaddittoyourkeyring,makingitpermanentlyavailablelocally.
Signing a Key Afteryouhaveexaminedakey’sfingerprintandUIDand inspectedthekeyowner’sidentification(asdiscussedin Chapter5),youmightchoosetosignthekey. PGPCommandLineallowsyoutospecifyseveraltypesof signature;we’lldiscusstheold-fashionedexportablesignature
1
I’musingthepgp.netkeyserverinsteadoftheofficialPGPCorporation keyservertoillustrateapoint;mykeysareavailableonbothsubkeys.pgp.net andkeyserver.pgp.com,buttheresultsfromthePGPCorporationkeyserver areboringlycorrectthankstotheiremailverificationprocess.
174 Appendix A
usedtobuildtheWebofTrust.Theformatofasignatureisas follows: # pgp --sign-key UID-of-key-to-be-signed --signer your-UID --sig-type exportable --passphrase passphrase
YoumusttellPGPCommandLinewhichkeyyouwant tosignbyusingauniqueportionoftheUID.(Youcansign onlywithyourownkey.)Finally,youenteryourpassphrase,andPGPCommandLinewillsigntheotherperson’s keyandstoreitinyourkeyring.
Updating Keys on a Keyserver Afteryousignakey,youcaneitherexportthesignedpublic keytoafileandreturnittotheowner,orsendthepublickey withtheupdatedsignaturebacktothekeyserverfromwhence itcame.(SeeChapter5forafulldiscussion.) Tosendtheupdatedkeytoakeyserver,usethe--keyserver-updateoption. # pgp --keyserver-update UID
Nowthatyouknowhowtomanagekeys,let’sgettothe realmeatofPGPCommandLine:encryptionanddecryption.
Encryption and Decryption ToencryptafilewithPGPCommandLine,usethe--encrypt and--recipientflags. # pgp --encrypt filename --recipient UID
Forexample,toencryptthefileBankAccounts.xlswhen sendingittome(pleasedo!),enterthefollowing: # pgp --encrypt BankAccounts.xls --recipient [email protected]
ThiswouldcreateanOpenPGP-encryptedfilecalled BankAccounts.xls.pgp. N O TE
Encryptedfilesarebinaryfilesbydefault.ToencryptfilesinASCII instead,usethe--armorflag.
Introduction to PGP Command Line
175
Todecryptafile,usethe--decryptand--passphrase options: # pgp --decrypt filename --passphrase passphrase
Forexample,todecryptthatsamefileIwouldtypethe following: # pgp --decrypt BankAccounts.xls.pgp --passphrase "This is a really bad passphrase"
DecryptingBankAccounts.xls.pgpcreatesanunencrypted filecalledBankAccounts.xls,whichIcanthenopenwithmy officesuite.
Signing and Verifying Tosignandverifyfiles,use--signand--verify.Signedfilesend in.pgp(.asciftheyareinASCII).
176 Appendix A
B
GNUPG COMMAND LINE SUMMARY
Throughoutthisbookwe’ve coveredvariousGnuPGcommandsandoptions.This appendixcollectsalltheGnuPG functionswe’vediscussedinonequickreference.(It’simportanttounderstandthe implicationsofeachofthesefunctions,so don’tjustskiptherestofthebookandrely onthisappendix.) N O TE
GnuPGisapowerfulsoftwarepackagewithmanyoptionswehaven’t discussed.Manyoftheseoptionswillbeofinterestonlyinparticular situations,orshouldbeusedonlybypeoplewithadeeperunderstandingofOpenPGP.
GnuPG Configuration GnuPGstoresitsconfigurationinformation,includingkeyrings,inadirectory.Ifyou’rerunningWindows,yousetthe locationofthisdirectoryduringtheinstall.OnUnix-likesystems,thatdirectorydefaultsto$HOME/.gnupg. Thisdirectorycontainsthreefilesofconcerntomost users:gpg.conf,pubring.gpg,andsecring.gpg.Yourpublic keyringisinpubring.gpg,andyourprivatekeyringissecring .gpg.Thegpg.conffilecontainsalloftheGnuPGconfigurationoptions.
Output Control WhenworkingwithGnuPGkeysit’simportanttodecidehow theoutputshouldbehandled.The-a(or--armor)flagtells GnuPGtogiveoutputinhuman-readableformat,instead ofthedefaultbinaryformat.Similarly,the--outputflagtells GnuPGtosenditsoutputtoafile,ratherthandumpingit directlytothescreen.
Keypair Creation, Revocation, and Exports TocreateanewGnuPGkeypair,usetheinteractive--gen-key option.GnuPGwillwalkyouthroughthekey-creationprocess.(Wediscussedkeycreationandmanagementindetailin Chapter4.)
Revoking a Key Togeneratearevocationcertificateforyourkeypair,usethe --gen-revokeoption,specifyingtheuserID(UID)ofthekey youwanttorevoke.(UsingASCIIarmorandspecifyinganoutputfileisoptionalbutprobablydesirable.) # gpg -a --output [email protected] --gen-revoke [email protected]
Hereweoutputafilenamedmwlucas@blackhelicopters .org.asc.revokeinASCIIformat.ThisfileisarevocationcertificateforthekeywithaUIDthatcontainsthestring [email protected].GnuPGwillaskyouwhythiskey isbeingrevokedandallowyoutogiveadescription.
178 Appendix B
Exporting a Key Toexportthekeytoatextfile,usethe--exportoption. (Becausethisfileisplaintext,youshoulduse--armor.) # gpg --output [email protected] --armor --export [email protected]
Herewecreateafilecalled[email protected]inhuman-readableformat,which containsanexportofthekeywithaUIDcontainingthe string[email protected].
Sending a Key to a Keyserver Tosendapublickeytoakeyserver,usethe--send-keysoption. The--keyserveroptionletsyouchoosetowhichkeyserveryou wanttosubmitthekey.Ifyoudon’tchooseakeyserver,GnuPG willusethedefaultkeyserverspecifiedingpg.conf. # gpg --send-keys [email protected] --keyserver subkeys.pgp.net
Here,wesubmitakeywiththeUIDcontaining [email protected]tothekeyserversubkeys .pgp.net.
Managing Keyrings Creatingyourkeywillgiveyouyourkeyring.You’llalsoneedto addkeystoandremovekeysfromthiskeyring.
Viewing Keys GnuPGwillletyouviewyourkeysandvariouskey characteristics: •
Toviewallthepublickeysonyourkeyring,usetheoption --list-keys.Thiswillprintallthekeysonyourkeyring,so youcanincludeaUIDorportionthereoftolistonlyparticularkeys.
•
Toseethesecretkeysonyourkeyring,usetheoption --list-secret-keys.
GnuPG Command Line Summary
179
•
Toviewthefingerprintofakey,use--fingerprintandthe UIDofthekeyorasubsetthereof.
Adding and Removing Keys GnuPGletsyouperformallkeyserveroperationsatthecommandline. •
Toreceiveakeyfromakeyserver,usethe--recv-keys optionandthekeyidofthekeyyouwanttodownload: # gpg --recv-keys E68C49BC
•
Toimportapublickeyfromafile,usethe--importoption andthenameofthefile.Nootheroptionsarerequired. Toremoveakeyfromyourkeyring,usethe--delete-keys optionandgivetheUIDorkeyidofthekeyyouwantto delete.
Key Signatures Validating,adding,andupdatingsignaturesareimportant partsofGnuPG. •
Toviewthesignaturesonakey,use--list-sigsandthe keyidorUID.
•
Tosignakey,use--sign-keyandgivethekeyidorUID: # gpg --sign-key [email protected]
•
Toexportyournewlysignedpublickeytoatextfile,use the--exportflag.Youprobablyalsowanttouse--outputto placeitinafile,and--armortomakeithuman-readable. # gpg --output gedonner.asc --armor --export [email protected]
•
Touploadyoursignatureofthispublickeytoakeyserver, usethe--send-keyscommandandgivethekeyidorUIDof thekeyyou’vesigned.
•
Toupdatethesignaturesonallthekeysinyourkeyring fromakeyserver,usetheoption--refresh-keys.
•
Afteryousignseveralkeys,usethe--update-trustdboption tobuildyourpersonalWebofTrust.
180 Appendix B
Encryption and Decryption Usethe--encryptoptiontoencryptfiles,givingthenameof thefileyouwanttoencryptasanargument.GnuPGwillinteractivelyaskyoufortheUIDofeachpublickeyyouwanttouse intheencryptionprocessandthenencryptthefilessothat theycanonlybereadwiththecorrespondingprivatekey(s). Todecryptafile,usethe--decryptoption.GnuPGwill promptyouforyourpassphraseandprintthedecryptedmessagetotheterminal.
Signing Files Tosignafile,usethe--signoptionandgivethenameof thefileyouwishtosign.Toverifyadigitalsignature,usethe --verifyoption.GnuPGwilltellyouwhetherthesignatureis validornot.
Output Formats Bydefault,GnuPGproducesencryptedfilesandkeysinbinary formatandusesfilenamesbasedontheoriginalfilenames.You canmodifythiswiththe--armorand--outputoptions. •
The--armoroptiontellsGnuPGto“armor”itsoutputin human-readableASCII.
•
The--outputoptionletsyouchoosethenameofthefile whereGnuPGwillstoreitsoutput.
•
Bydefault,GnuPGcreatesanewfilewiththesamename astheoriginal,butwith.gpgappended.Ifyouspecify --armor,GnuPGcreatesanewfilewiththesamenamebut with.ascappended.
Hereweencryptafileinhuman-readableASCIIandputit inafilenameofourownchoosing: # gpg --armor --output encryptedfile.asc --encrypt SecretPasswordList.txt
The--armorand--outputoptionsmustbeusedbefore either--signor--encrypt.
GnuPG Command Line Summary
181
INDEX Pagenumbersinitalicsreferto figures.
Symbols and Numbers #(hashmark),forgbg.conffile comments,57 $GPGHOME/trustdb.gpg file,113 3DESencryption,43,161 30-daytrialofPGP,40
A actions,inPGPcustom policy,132 AddPhotodialogbox(PGP), 98,98 AddPhotoIDdialogbox (WinPT),112,112 addingkeystokeyring,85, 93–96,101–104 addingkeyservers,91–92 addphotocommand,111 administrativeaccess,toprivate key,31 Administratoraccount (WindowsNT–based operatingsystems),32 AdvancedEncryptionStandard (AES),43 AdvancedKeySettingsdialog box,42–43,42 AES(AdvancedEncryption Standard),43 AIX,andrandomnumber generation,68
algorithms,17,19–22 asymmetric,21–22 combiningwithdigital signature,23–24 interoperabilityand,162 PGPvs.GnuPGsupport,9–10 symmetric,20 AllKeyskeyring,93 anonymity,repeatable,122–123 antivirussoftware,158 AOLInstantMessenger accounts,PGP searchfor,44 AppliedCryptography (Schneier),21 armoringbinarydata,78n .ascfileextension,46,94,104, 176,181 ASCIIcharacters,converting publickeyto,78–79 asymmetricencryption algorithms,21–22 combiningwithdigital signature,23–24 attachments encryptioninOutlook,145 inlineencryptionand,117 inPGP/MIME,118 auditing,9 authenticity,18–19 signaturesand,159 autoconf,69 automaticencryptionofemail andAOLInstantMessengeraccounts,44 automatickeyretrievalin GnuPG,100
automaticsynchronizationof keys,97 AutomaticallySynchronizeKeys WithKeyserverssetting, 47,47
B backdoorsinencryption tools,governmentaccessible,2 backup ofkeypair,35 forPGP,45–46 restoring,48 inWinPT,65 PGPCorporationfolder,46 ofrevocationcertificate, 35–36 biglumber.com,31,86 binarydata inlineencoding limitations,117 forpublickey,78 biometricformat,forimported key,95,95 bit,defined,19 bookform,forPGP distribution,3 BritishAssociationofChief PoliceOfficers,160 broadbandconnection,hardwarefirewallfor,158 bruteforcing,25 BSD.SeeUnix Bugzilla,147 bunzipcommand,70 bzippedtarball,forGnuPG source,70
C CA(CertificateAuthority),28 cachingpassphrases,164 inEnigmail,148 Cast,43 CertificateAuthority(CA),28 checksums,17.Seealsohashes forGnuPG,54–56 interoperabilityand,161–162 protectingfrom tampering,22–23 Cipherpropertyofprivate key,52 184 Index
ciphers,16 forPGP,42–43 ciphertext,15 “clean”keyserver,51 clearsigning,116 codes,15–16 commandline.Seegpgcommand; GnuPG,commandline; PGP,commandline; pgpcommand comments ingpg.conffile,57 forkey,34 Compressionpropertyofprivate key,52 computercode,vs.free speech,4 computers,randomnessand, 67–68 confidentiality,17 configurescript --enable-static-rnd=egd option,70 --prefixoption,68 forGnuPG,70 copyingpublickey,78,80 creationdate,ofkeyon keyring,93,103 cryptanalysis,17 cryptography PGPgoals,17–19 USlaws,160–161 custompoliciesinPGP,130–132 orderinlist,134–135 samples exceptionstodefault policy,132–133 overridingdefault policy,134 settingconditions,130–131
D decryption,14 withPGPCommandLine, 175–176 PGP/MIMEmessageswith MSclients,145–146 defaultkeyserver,101,101 setting,66,80,99 defaultmessageformat, inOutlook,142 defaultPGPDesktoppolicy, exceptions,132–133
deleting privatekeyafterrevocation certificatecreation,49 publickeysfromkeyring, 109–110 shreddingafter,164–165 “designatedrevokers,”47 DigestIT2004(checksum program),55 digitalsignature,14,22–23 combiningwithasymmetric cryptography,23–24 forGnuPGprogram,55 legalissues,26 directory.Seefolder disablingupdatesto keyservers,47 distributingpublickey,36–38 domainname,PGPcustom policybasedon,131 downloading GnuPG,54 PGP,40 drivepartition,encryption,120 DSA,forencryption,73 Dvorakkeyboard,157n
E easeofuse,PGPvs.GnuPG,7–8 EGD(EntropyGathering Daemon),68–69,70 email archive,119n encryption,119–120,127 andGnuPG,137–153 decryptingPGP/MIME messageswithMicrosoftmailclients, 145–146 identifyingsender,28 OpenPGPand,115–124 forpassphraseandprivate key,156 PGPsearchfor,44 forserverconfirmationof key,82 verifyingsender,101–102 emailaddresses fordownloadingPGP,40 forGnuPGkey,74 forkey,34 inpublickey,GlobalDirectoryuseof,51
searchforkeyby,94 securingmultiplewith PGP,41 emailclients andattachments,118 Microsoftmailclients,138 MicrosoftOutlook,141–145 OutlookExpress,138–141 PGPand,126–127 storageofsentmessages,124 Thunderbird,147–153 emailservers,and attachments,118 encryptedemailinOutlook Express,receivingand verifying,141 encryption,14 automatic,ofemailandAOL InstantMessenger accounts,44 history,2–3 asMicrosoftOutlook default,144 asnationalsecuritythreat,3 withPGPCommandLine, 175–176 preventingforemailtomailinglists,129 public-key,22 encryptionalgorithms,19–22 asymmetric,21–22 combiningwithdigital signature,23–24 symmetric,20 Enigmail configuring,147–149 installing,147 passphrasecaching,148 per-recipientrules,150–151 upgrading,152–153 EnigmailRecipientSettings dialogbox,151,151 EntropyGatheringDaemon (EGD),68–69,70 errormessages,helpfor,71 expertformforkeygeneration inWinPT,63–64,64 expirationdate,key,33 GnuPG,74 PGP,42 PGPCommandLine, 170–171 WinPT,64 Index
185
Expirespropertyofprivate key,52 ExportKeytoFiledialogbox, 45,46 exportedrevokedkey,asRevocationCertificate,49 exportingpublickey,107–108 inGnuPG,179 inPGP,171–172 inWinPT,108 exportingtext,topublicize GnuPGkey,78–79 extensions,Thunderbird,147 extractingpublickeyfrom keyring,78
F fakekeys,161 fakesignatures,159 familymembers,signingkeyof, 84–85 fileextensionsandGnuPG,57 Filemenu(PGP),Import,49 filename,forpublickeyring,103 files,signingandverifying,174 fingerprintforkey,84 checking,105 comparison,95–96 inGnuPG,76 Firefox,147 firewall,hardware,158 FirstAmendment,4 floppydisks,163 folder default,forGnuPG,59 forGnuPGconfiguration information,178 forPGPapplicationdatastoragelocation,46 forWinPT,60–61 “forged”emails,18 freespeech,vs.computer code,4 friends,signingkeyof,84–85
G g10code,141 GCC(GnuCcompiler),69 GeneralPublicLicense(GPL),7 gmake,69 GnuCcompiler(GCC),69 186 Index
GnuPrivacyGuard(GnuPG).See GnuPG(GnuPrivacy Guard) GnuPrivacyGuardSetup dialogbox ChooseInstallLocation, 59,60 InstallOptions,language, 58,59 .gnupg/entropyfile,68–69 GnuPG(GnuPrivacyGuard) buildingWebofTrust, 113–114 commandline,177–181 addingandremoving keys,180 configuring,178 encryptionand decryption,181 installonWindows,58–59 keysignatures,180 keypaircreation,revocationandexport, 178–179 keypairs,72–76 outputformats,181 signingfiles,181 viewingkeys,179–180 andemail,137–153 decryptingPGP/MIME messageswithMicrosoftmailclients, 145–146 Microsoftmailclients,138 MicrosoftOutlook, 141–145 OutlookExpress,138–141 Thunderbird,147–153 introduction,7 keymanagement,99–111 addingkeystokeyring, 101–104 deletingpublickeysfrom keyring,109–110 keyservers,99–101 signingkeys,105–108 updatingkeys,109 keyserversearch,83 outputcontrol,178 path,144 andphotoID,110–113 addingtokey,110–111
viewingphotoonkey, 111–112 WinPTforadding, 112–113 androotaccount,72 trustlevelassignment,113 GnuPG(GnuPrivacyGuard) install,2,6,53–80 buildingfromsourcecode, 69–72 configuration,70–71 installing,69–70 setuidrootGnuPG,71–72 checkingchecksums,54–56 command-linekeypairs, 72–76 downloading,54 filesize,58 homedirectory,56–57 vs.PGP,7–10 publicizingkey,78–80 keyservers,79–80 textexports,78–79 webforms,80 revocationcertificates,76–77 andThunderbird configuringEnigmail, 147–149 installingplug-in,147 readingOpenPGPmail, 151–152,152 sendingOpenPGPmail, 149–151 upgrading,152–153 onUnix-likesystems,67–69 onWindows,57–59 command-lineinstall, 58–59 graphicalinstall,60–66 GnuPG/Outlooklibrary,registeringwithoperating system,142 gnupg-usersmailinglist,56 Google forOpenPGPkeyservers,79 searchforkeyservers,52 fortracingWebofTrust, 121–122 government-issuedID,forkey signing,31,34 GPG,6.SeealsoGnuPG(Gnu PrivacyGuard)
gpgcommand --armoroption,78–79,
180,181
--decryptoption,146 --delete-keyoption,109 --edit-keyoption,110 --encryptoption,181 --exportoption,179 --fingerprintoption,105,180 --gen-keyoption,178 --gen-revokeoption,178 --importoption,104 --keyserveroption,79 --list-keysoption,102,
103,179
--list-options show-photos,111 --list-secret-keysoption,
103,179
--list-sigsoption,107,180 --outputoption,107,181 --recv-keysoption,102 --refresh-keysoption,
109,180
--send-keysoption,108,
179,180
--sign-keyoption,105,180 --signoption,181 --update-trustdboption,
113–114,180
--verifyoption,181
gpg.conffile,57,178
load-extension rndegd,69 no-secmem-warning,72
settingdefaultkeyserver,80, 99–100 $GPGHOME/trustdb.gpg file,113 GPGol,141 configuringplug-in,142–144 installing,142 GPGRelay,62 GPL(GeneralPublicLicense),7 graphicalinstallofGnuPG, 60–66 Groupproperty,ofprivate key,52
H hardwarecompromiseto security,157–158
Index
187
hashmark(#),forgbg.conffile comments,57 Hashproperty,ofprivatekey,52 hashes,16,43–45 interoperabilityand,162 protectingfromtampering, 22–23 headersinemail,PGPcustom policybasedon,131 hexadecimalformat,for importedkey,95,95 HKEY_LOCAL_MACHINE/ SOFTWARE/PGP Corporation,46 HKP(HorowitzKeyserver Protocol),100 homedirectory,forGnuPG, 56–57 HomedesktopversionofPGP,39 HorowitzKeyserverProtocol (HKP),100 HP/UX,andrandomnumber generation,68
I IDproperty,ofprivatekey,52 IDEAencryption,5,9–10,43 licensing,10 identityverification badmethods,87 byOpenPGP,28 photoIDfor,85 andsigningkey,83 IETF(InternetEngineering TaskForce),5 imageview,forphotoID,111 implicittrustlevel,89 Import,Filemenu(PGP),49 importing keyfromfile,94 keywithWinPT,104 keysfromkeyserver,174 publickeytokeyring,87 signatures,108 informalkeysigning,86 inlineencoding,116–118 inEnigmail,149 INSTALLfile,inGnuPGtarball, 70 InstallerLanguagedialog box,58,59
188 Index
installing EntropyGatheringDaemon, 68–69 GnuPG(GnuPrivacyGuard). SeeGnuPG(GnuPrivacyGuard)install GPGol,142 OpenPGP,31–32 PGP,39–52 download,40 keybackups,45–46 keygenerationprocess,41 keysettings,42–43,42 LicensingAssistant,40,41 PassphraseAssignment screen,43–44,43 PGPGlobalDirectory Assistant,44,44 PGPSetupAssistant, 41,41 reimportingprivatekey, 49–50,50 revocationcertificates, 46–51 ThunderbirdGnuPG plug-in,147 WinPT,60–63 integrity,17–18,22 InternationalTrafficinArms Regulations(ITAR),3 Internet,3.Seealsowebresources forPGPCommandLine licensing,169 InternetEngineeringTaskForce (IETF),5 invalidkeys,82 ITAR(InternationalTrafficin ArmsRegulations),3
J JPEGformat,forphotoID,36
K keybackups,forPGP,45–46 “keyescrow”agency,10 keyexpirationdate.Seeexpirationdate keyfingerprint,84 checking,105 comparison,95–96 inGnuPG,76
keygenerationprocess, forPGP,41 KeyGenerationWizard (WinPT),63,63 KeyManagerinWinPT,65,65, 101,104 keyowner,returningsignedkey, 97,108 KeyPropertiesdialogbox,112 KeyPropertiesscreen,95,95,98 KeySigningdialogbox,106 keysize,forPGP,42 keytype,forPGP,42 keyboard,Dvorak,157n keyid,121 inGnuPG,76 keypairs,22,24,32–35 backupof,35 creatinginWinPT,63–64 expirationdate.Seeexpirationdate,key keylength,32–33 name,emailandcomment, 34–35 revocationcertificates,35 storing,35–36 keyrings addingkeysto,85,93–96, 101–104 deletingpublickeysfrom, 109–110 extractingpublickeys from,78 importingpublickeysto,87 protectingonshared system,163 WinPTfailuretofind,62 WinPTfoldersetup,61 keys.Seealsoprivatekey; publickey automaticsynchronization,97 commandtoview,172–173 fake,161 inGnuPG,99–111 addingkeystokeyring, 101–104 automaticretrieval,100 deletingpublickeysfrom keyring,109–110 keyservers,99–101 signingkeys,105–108 updatingkeys,109
searchingfor,173–174 settingsforPGP,42,42–43 untrusted,unknown,122 USBflashdrivefor,158 workkeyvs.personalkey,163 KeyserverAccessscreen,101,101 Keyserverproperty,ofprivate key,52 keyserver.conffile,101 keyserver.pgp.com,82–83 keyservers,37–38,79–80 adding,91–92 disablingupdates,47 gettingpublickeysfrom, 82–83 forGnuPG,79–80,99–101 keyserver.pgp.com,82–83 listinWinPT,66 andPGP,51–52 pushingsignaturesto,108 andrevocationcertificate,47 searching,93–94 sendingkey,52 commandfor,172 fromGnuPG,179 fromWinPT,66 settingdefault,80 updatingkeyson,175 andWinPT,101 keysigning.Seesigningkeys keysigningparty,31,88–89 keysize,forencryption,73–74 keystrokeloggers,157 Koch,Werner,7
L language,forGnuPG,58,59,59 lawsuitagainstPhil Zimmermann,4 legalissues,andOpenPGP,10 legalname,forkeysigning,85 lengthofkeypair,32–33 license codeforPGP,40 forIDEA,10 forPGPCommandLine,169 LicensingAssistantforPGP, 40,41 Linux.SeeUnix load-extension rndegd command,69 lockingscreensaver,31
Index
189
M mailclients.Seeemailclients mailinglist gnupg-users,56 supportfrom,8 MailingListAdminRequests policy,129 MailingListSubmissions policy,129 Mallory,19,159 GnuPGastarget,54 andpseudo-randomnumber generators,68 Marginaltrustlevel,89 MD5,162 memory,warningabout insecure,71 message,asplaintextor ciphertext,15 messageboards,supportfrom,8 MessagePolicytemplate,130,130 customizing,130–133,133 settingdefaultformatto PGP/MIME,134,134 MessagePriority,PGPcustom policybasedon,131 MessageSensitivity,PGPcustom policybasedon,131 MessageSubject,PGPcustom policybasedon,131 Microsoftmailclients.Seealso Outlook(Microsoft); OutlookExpress (Microsoft) andGnuPG,138 MicrosoftUpdate,158 military-gradeencryption,3 MIME(MultipurposeInternet MailExtension),118 mirrorsite,54 mixedcase,inpassphrase,25 mouseactions,andrandom numbergeneration,75 MozillaFirefox,147 MozillaThunderbird.See Thunderbird msg.ascfile,145 decrypting,146 MultipurposeInternetMail Extension(MIME),118
190 Index
multiusersecurity,163–164 Unix-likeoperating systems,163 Windowsoperatingsystems, 32,57–58,163 MyComputer,Properties,58
N name forGnuPGkey,74 forOpenPGP,34 NationalSecurityAgency,5 nationalsecurity,encryptionas threat,3 NetworkAssociates,6 “networkprofiling”investigatory technique,90 NewMessagescreen(Outlook Express),140,140 NewServerdialogbox,92,92 non-Englishcharactersets,inlineencodingand,117 Nonetrustlevel,89 nonrepudiation,18,22 numbers,inpassphrase,25
O OpenPGPPer-RecipientRules Editor,150–151,150 OpenPGPPreferencesdialog box(Enigmail) Basictab,148,148 Sendingtab,149 OpenPGPstandard,2,4–5,6, 115–124 conformancewith OpenPGP,7 emailclientintegration, 118–119 emailfrombeyondWebof Trust,120–122 identifyingmail,126–127 installingprogram,31–32 interoperability,161–162 keyusages,116 keyserversearch,83 andthelaw,10 messageencoding,116–118 photoID,36 potentialproblems,156–161
repeatableanonymity, 122–123 savingemail,119–120 assecurestandard,5 andsecurity,28–29 andsharedsystems,163 andteams,162 trustin,30 unprotectedemail components,124 whatitcando,13–14 opensslcommand,55 operatingsystem registeringGnuPG/Outlook librarywith,142 security,158–159 OpportunisticEncryption policy,128 overriding,134 options,commandline.See gpgcommand;pgp command Outlook(Microsoft) defaultmessage formatin,142 andGnuPG,141–145 Optionsdialogbox Advancedtab,144 GnuPGtab,142,143 MailFormattab,142,143 receivingOpenPGPmail,145 sendingOpenPGP-encrypted mail,145 OutlookExpress(Microsoft) andGnuPG,138–141 configuringfor OpenPGP,139 receivingandverifying signedandencrypted mail,141 warningsandcaveats,140 immediatelysending messages,139 NewMessagescreen,140,140 Optionsdialogbox,Send tab,139
P padlockicon,126 passingkey,secure transmission,20
PassphraseAssignmentscreen, forPGP,43–44,43 PassphraseQualitybar,44 passphrases foraddingphotostokeys,98 caching,164 inEnigmail,148 FifthAmendment protectionand,160 forGnuPGkeys,75 inMicrosoftOutlook,144 inpgpcommand,170 andprivatekeys,24–26 forsigningkeys,96 theftof,159 whensigningkeysin WinPT,106 passport,86 passwords,cracking,25 PATHenvironmentvariable,gpg programaddedto,58 path,forGnuPGandWinPT executables,144 Perl,forEntropyGathering Daemon,68–69 PGP(PrettyGoodPrivacy),2,6 applicationdatastorage location,46 bookform,3 commandline,167–176 configuring,168–169 creatingkeypair,170–172 encryptionand decryption,175–176 exportingpublickey, 171–172 generatingrevocation certificate,171 importingkeys,174 searchingforkeys, 173–174 signingandverifying,176 signingkeys,174–175 testingandlicensing,169 updatingkeyson keyserver,175 viewingkeys,172–173 cryptographygoals,17–19 andemail,125–135 clients,126–127 vs.GnuPG,7–10 history,2–5
Index
191
PGP,continued installing keybackups,45–46 keygenerationprocess,41 keysettings,42–43,42 LicensingAssistant,40,41 PassphraseAssignment screen,43,43–44 PGPGlobalDirectory Assistant,44,44 PGPSetupAssistant,41 reimportingprivatekey, 49–50,50 revocationcertificates, 46–51 keymanagement,91–97 addingkeystokeyring, 93–96 addingkeyservers,91–92 returningsignedkey,97 viewingsignatures,97 andkeyservers,51–52 policies,127–135 custom,130–132 MailingListAdmin Requests,129 MailingList Submissions,129 Opportunistic Encryption,128 orderofcustom,134–135 RequireEncryption, 128–129 samplecustom,exceptions todefault,132–133 samplecustom,overriding default,134 potentialproblems,156–161 hardwarecompromise, 157–158 improperuse,156 poorsigning,156–157 securityissuesofolder versions,162 shreddingfeature,165 andWebofTrust,113–114 pgpcommand --change-passphrase option,170 --decryptoption,176 --encryptoption,175 --expiration-dateoption,170
192 Index
--exportoption,172 --gen-keyoption,170 --gen-revocationoption,171 --helpoption,169 --key-typeoption,170 --keyserver-recvoption,174 --keyserver-sendoption,172 --keyserver-updateoption,175 --list-key-detailsoption,173 --list-keysoption,172–173 --list-sig-detailsoption,173 --list-sigsoption,173 --list-useridsoption,173 --pgp-fingerprintoption,173 --signoption,176 --sign-keyoption,175 --verifyoption,176 --versionoption,169
PGPCorporation,6–7 keyserver,51–52 softwareversions,39 “verifiedPGPkey”service,37 PGPDesktop,45,45,126 CopyPublicKey,52 Messagingtab,127–130,128 PGPMessagingsection, 134,135 Synchronize,97 toviewotherkeysigners,97 VirtualDesksoftware,127 PGPGlobalDirectory publickeysubmissionto, 51,78 revokingkeywithoutrevocationcertificate,47 PGPGlobalDirectoryAssistant, 44,44 PGPKeyserversListdialogbox, 92,92 PGPOptionswindow, Keystab,47 PGPPassphrasedialogbox,48 PGPSetupAssistant,41 PGPSignKeydialogbox,96,96 PGP Signednote,126–127 PGPTray,forimportingkey file,94 PGPRevocationwarning,48,48 PGP/MIMEmessages,116,118 inEnigmail,149 withMicrosoftmailclients complications,138 decrypting,145–146
PGPprefs.xmlconfiguration file,168 addinglicensinginformationto,169 photoID addingtokey,98 GnuPGand,110–113 addingtokey,110–111 viewingphotoonkey, 111–112 WinPTforadding, 112–113 andOpenPGPkeys,36 toverifyidentity,85 plaintext,15 plug-insforGnuPG,119 policy-basedencryptionand signingrules,125 ports/packagessystem,forinstallingGnuPG,67 postingpublickeytowebsite,79 PrettyGoodPrivacy(PGP).See PGP(PrettyGood Privacy) privateinformation, OpenPGPfor,84 privatekey,22.Seealsokeys backup,45 deletingafterrevocationcertificatecreation,49 filestorage,168 losing,26 toopensavedencrypted email,120 andpassphrases,24–26 Properties,50,51,52 re-importing,49–50,50 theftof,159 USBflashdrivefor,158 privatekeyring,viewing keyson,103 Professionaldesktopversionof PGP,39 ProgressDialog,forWinPTkey generation,64,64 properties ofimportedkey,95 ofprivatekey,50,51,52 proxies,foremailclient integration,119 pseudo-randomnumber generators,68
publickey.Seealsokeys addingphototo,98 inGnuPG,110–111 withWinPT,112–113 distribution,36–38 encryption,22 exporting,107–108 inGnuPG,179 inPGP,171–172 filestorage,168 gettingfromkeyserver,82–83 importingtokeyring,87 postingtowebsite,79 publishing,44 USBflashdrivefor,158 publicizingkey foranotherperson,87 forGnuPG,78–80 keyservers,79–80 textexports,78–79 webforms,80 publishing.Seesubmittingkeyto keyservers pubring.gpgfile,56,78,178 pubring.pkrfile,168
R randomness andGnuPG,67–69 inkeycreation,75 RCSrevisioncontrolsystem,169 readingOpenPGPmail inThunderbird, 151–152,152 READMEfile,inGnuPG tarball,70 receivingsignedandencrypted mailinOutlook Express,141 recipient,PGPcustompolicy basedon,131 registeringGnuPG/Outlook librarywithoperating system,142 RegistrykeysforPGP,46 regsvr32command,142 reimportingprivatekeyforPGP, 49–50,50 repeatableanonymity,122–123 replicationofkeydatabases,37 repudiatingmessage,18 RequireEncryptionpolicy, 128–129 Index
193
returningsignedkey,97,108 revocationcertificates,35 backupof,35–36 forGnuPG,76–77 forPGP,46–51 generationprocess, 47,171 using,51 reasonfor,77 storing,36 inWinPT,65–66,66 Rivest,Shamir,&Adleman encryption.SeeRSA rootaccount,limitinguseof,72 RPMs,forinstallingGnuPG,67 RSA(Rivest,Shamir,&Adleman)encryption,5, 42,73,170 rubberhosecryptanalysis,159
S safe,forstoringkeypair,35 savingemail,unencrypted,120 Schneier,Bruce,Applied Cryptography,21 screensaver,locking,31 search forkeys,83 onkeyserver,93–94, 173–174 forkeyservers,52 byPGP,foremail,44 SearchforKeysscreen,93,94 secring.gpgfile,56,178 secring.skrfile,168 SecureSocketsLayer(SSL),28 connections,126 security checksumcomparisonsfrom differentdownload sites,56 illusionof,159 forkeypair,72 multiuser.Seemultiuser security andOpenPGP,28–29 SelectComponentsscreen (WinPT),61–62,62 SendInClearoption,inPGP custompolicy,132 sendingkey.Seesubmittingkey tokeyservers 194 Index
sendingmessagesinOutlook Express,139 sendingOpenPGPmail inOutlook,145 inThunderbird,149–151 setuidrootGnuPG,71–72 SetupwarninginWinPT,61 SHA1checksummethod, 54–55,161,162 sha1command,55 sha1sumcommand,55 sharedsystems,andOpenPGP standard,163 shredding,164–165 signature.Seedigitalsignature signaturesonkey importing,108 numberonkey,30 andproofofauthenticity,159 pushingtokeyserver,108 updating,97 viewing,97,107 signedkey,returning,97 signingandverifyingfiles,176 signingkeys,83–87,174–175 actionaftergainingnew signatures,87 offriendsandfamily,84–85 inGnuPG,105–108 informalprocess,86 ofstrangers,85–86 inWinPT,106 Sizeproperty,ofprivatekey,52 smartcards,163 S/MIME,118 socialnetworkingsites,86 Solaris,andrandomnumber generation,68 sourcecode,GnuPGbuildfrom, 69–72 configuration,70–71 installing,69–70 setuidrootGnuPG,71–72 specialcharacters,in passphrase,25 spyware,158 SSL(SecureSocketsLayer),28 connections,126 strangers,signingkeysof,85–86 subjectlinesofemail nonencryption,124 PGPcustompolicy basedon,131
subkeys,103 subkeys.pgp.net,82 webinterface,83 submittingkeytokeyservers,52 commandfor,172 fromGnuPG,179 fromWinPT,66 support,PGPvs.GnuPG,8 symmetricencryption algorithms,20 Synchronize,inPGPDesktop,97 systemtray,magnifyingglass icon,66
T teams,andOpenPGP,162 telephone,forkeysigning,86 testkeys,82 texteditor,forgpg.conffile creation,57 textfiles,exportingpublickey to,78–79,172 Thunderbird,138 andGnuPG,147–153 configuringEnigmail, 147–149 installingplug-in,147 readingOpenPGPmail, 151–152,152 sendingOpenPGPmail, 149–151 upgrading,152–153 Toolsmenu Outlook,142 OutlookExpress,139 PGP,47,92,97 Thunderbird,147–149 tracingWebofTrust,121–122 transmissionofkey,secure,20 transparency,PGPvs.GnuPG,9 TripleDESencryption,43,161 trust,83 configuringinWinPT,114 forkey levels,89,96 manuallysetting,50 levelfornewkeyserver,92–93 inOpenPGPstandard,30 trustdb.gpgfile,57 Trustedtrustlevel,89 Twofish,43 Typeproperty,ofprivatekey,52
U UID.SeeuserID unencryptedemail,saving,120 uninstallingEnigmail,before Thunderbird upgrade,153 UnitedStates,cryptographylaws, 160–161 Unix,GnuPG(GnuPrivacy Guard)install,67–69 checksumcalculation,55–56 unusedkeys,purgingfrom keyserver,82 UnverifiedKey,132 updatestokeyservers,175 disabling,47 upgradingThunderbirdand Enigmail,152–153 USCongress,SenateBill266 (1991),2–3 USStateDepartment,3 USBflashdrive,forkeys,158 userID(UID),84 forOpenPGP,34–35 whencreatingkeypair,170 userrights,forWinPTsetup,61 /usr/pkgsrc/security/gnupg directory,67 /usr/ports/security/gnupg directory,67
V variables,ingbg.conffile,57 verboseoptionforGnuPG,100 VerifiedKey,132 “verifiedPGPkey”service,37 verifying emailsender,101–102 signedandencryptedmail,in OutlookExpress,141 viewingkeys inGnuPG,102–103 inPGP,172–173 inWinPT,104 viewingphotoonkey,98, 111–112 viewingsignatures,97,107 virtualkeyboard,157 virtualmemory,71 virtualpartitions,127 viruses,158
Index
195
W WARNING: using insecure memory
message,71 webforms,topublicizeGnuPG key,80 WebofTrust,29,81–89,106 avoiding,90 buildingwithGnuPG, 113–114 emailfrombeyond,120–122 expanding,121 andfakekeys,161 gettingpublickeysfrom keyservers,82–83 keytrustlevel,89 keysdisconnectedfrom,123 keysigningparty,88–89 signingkeys,83–87 actionaftergainingnew signatures,87 offriendsandfamily, 84–85 ofstrangers,85–86 tracing,121–122 trustdefined,30 webresources encryptionlawsurvey,10 forGnuPG,54 keyservers,52 forPGP,40 Wikipedia,3 website,postingpublickeyto, 36,79 Wikipedia,“Exportof Cryptography”entry,3 Windows GnuPGinstall,57–58 checksumcalculation,55 command-lineinstall, 58–60 graphicalinstall(WinPT), 60–66
196 Index
multiusersecurity, Windows95–based vs.WindowsNT–based operatingsystems,32, 57–58,163 WindowsPrivacyTray(WinPT), 60–63,62 foraddingphotoID, 112–113,112 choosingpathto,144 creatingkeypairs,63–64 deletingkeys,110 exportingkeys,108 failuretofindkeyrings,62 importingkeys,104 KeyManager,65,65,101,104 andkeyservers,101 OutlookExpressplug-insfor GnuPG,138 ProgressDialogforkey generation,64,64 revocationcertificates, 65–66,66 SelectComponents screen,61,62 sendingkeytokeyserver,66 Setupwarning,61,61 shreddingfeature,165 signingkeys,106 trustconfiguration,114 viewingkeys,104 WinPT.SeeWindowsPrivacy Tray(WinPT) worms,158 wotsap,122
X X.509certificate,29
Z Zimmermann,Phil,2–3,4
MoreNo-NonsenseBooksfromNO STARCH PRESS
CISCO ROUTERS FOR THE DESPERATE™ Router Management, The Easy Way byMICHAELW.LUCAS Abrief,meatyintroductiontoCiscoroutersthatwillmake competentsystemadministratorscomfortablewiththeCisco environment,teachthemhowtotroubleshootproblems, andtakethemthroughthebasictasksofroutermaintenanceandintegrationintoanexistingnetwork.Designed tobereadonceandthenleftontopoftherouteruntil somethingbreaks,thisisabookforthosewhodon’tneed toknowahugeamountaboutroutersbutmuststillprovide reliablenetworkservices. NOVEMBER2004,144PP.,$19.95($27.95CDN) ISBN1-59327-049-6
THE TCP/IP GUIDE A Comprehensive, Illustrated Internet Protocols Reference byCHARLESM.KOZIEROK Finally,anencyclopedic,comprehensible,well-illustrated, andcompletelycurrentguidetotheTCP/IPprotocol suiteforbothnewcomersandseasonedprofessionals.This completereferencedetailsthecoreprotocolsthatmake TCP/IPinternetworksfunction,aswellasthemostimportantTCP/IPapplications.ItincludesfullcoverageofPPP, ARP,IP,IPv6,IPNAT,IPSec,MobileIP,ICMP,andmuch more.ItoffersadetailedviewoftheTCP/IPprotocolsuite, anddescribesnetworkingfundamentalsandtheimportant OSIReferenceModel. OCTOBER2005,1616PP.,$79.95($107.95CDN) ISBN1-59327-047-X
THE BOOK OF™ POSTFIX State-of-the-Art Message Transport byRALFHILDEBRANDT&PATRICKKOETTER Developedwithsecurityandspeedinmind,Postfixhas becomeapopularalternativetoSendmail.TheBookofPostfix isacompleteguidetoPostfixwhetherusedbythehome user,asamailrelayorvirusscanninggateway,orasacompanymailserver.Practicalexamplesshowhowtodealwith dailychallengeslikeprotectingmailusersfromspamand viruses,managingmultipledomains,andofferingroaming access. MARCH2005,496PP.,$44.95($62.95CDN) ISBN1-59327-001-1
SILENCE ON THE WIRE A Field Guide to Passive Reconnaissance and Indirect Attacks byMICHALZALEWSKI “Awhirlwindofdeeptechnicalinformationthatgetstothevery underpinningofcomputersecurity….Readitandgetreadytobe humbled.”—UNIXREVIEW
AuthorMichalZalewskihaslongbeenknownandrespected inthehackingandsecuritycommunitiesforhisintelligence, curiosity,andcreativity,andthisbookistrulyunlikeanythingelseoutthere.InSilenceontheWire,Zalewskishareshis expertiseandexperience,explaininghowcomputersand networkswork,howinformationisprocessedanddelivered, andwhatsecuritythreatslurkintheshadows.Nohumdrum technicalwhitepaperorhow-tomanualforprotectingone’s network,thisbookisafascinatingnarrativethatexplores avarietyofunique,uncommonandoftenquiteelegant securitychallengesthatdefyclassificationandeschewthe traditionalattacker-victimmodel. APRIL2005,312PP.,$39.95($53.95CDN) ISBN1-59327-046-1
ENDING SPAM Bayesian Content Filtering and the Art of Statistical Language Classification byJONATHANA.ZDZIARSKI EndingSpamdescribes,indepth,howstatisticalfilteringis beingusedbynext-generationspamfilterstoidentifyand filterunwantedemail.Readersgainacompleteunderstandingofthemathematicalapproachesusedintoday’sspam filters,decoding,tokenization,theuseofvariousalgorithms (includingBayesiananalysisandMarkoviandiscrimination), andthebenefitsofusingopensourcesolutionstoendspam. JULY2005,312PP.,$39.95($53.95CDN) ISBN1-59327-052-6 PHONE:
EMAIL:
800.420.7240OR 415.863.9900 MONDAYTHROUGHFRIDAY, 9A.M.TO5P.M.(PST)
[email protected]
FAX:
415.863.9950 24HOURSADAY, 7DAYSAWEEK
WEB:
WWW.NOSTARCH.COM MAIL:
NOSTARCHPRESS 555DEHAROST,SUITE250 SANFRANCISCO,CA94107 USA
COLOPHON
PGP&GPGwaslaidoutusingAdobeInDesign.Thefont familiesusedareNewBaskervilleforbodytext,Futurafor headingsandtables,andDogmafortitles.Theaccentcolor isPantone349C. ThebookwasprintedandboundatMalloyIncorporated inAnnArbor,Michigan.ThepaperisGlatfelterThor60# Antique,whichismadefrom50percentrecycledmaterials, including30percentpostconsumercontent.Thebookusesa RepKoverbinding,whichallowsittolayflatwhenopen.
UPDATES
Visitwww.nostarch.com/pgp.htmforupdates,errata,and otherinformation.