Post on 19-Dec-2015
transcript
Using GPG - the GNU Privacy Guard
Why does a security professional need this skill ?3 GPG HOWTO's
Use by checking Correspondents' Keys DirectlyUsing a TTP as a Certification AuthorityUsing GPG for Symmetric encryption
Security features of GPGPGP or GPG ?ConclusionsFurther Reading
Why does a security professional need this skill ?
Many unattributable and bogus security alerts are distributed by chain email.
Supposing a bank needs to reset account passwords and wants account holders to believe them ?
Because privacy is normal. Do you use envelopes around your snail mail or prefer postcards ?
Confirming that the developer whose program you are about to install is the maintainer for the package recognised by the distribution team. (Value of free software ecosystem $40G/annum by 2010 (estimate by IDC).
Using GPG where users are checking each others' keys
directly
The following set of slides present an experiment using GPG where users rich and bob establish and communicate keys directly and send a secret message, without using trusted third party certification.
Use of GPG checking keys directly
Creating a key pair 1
rich@saturn:~/gpg$ gpg --gen-keygpg (GnuPG) 1.4.3; Copyright (C) 2006 Free Software Foundation,
Inc.
gpg: keyring `/home/rich/.gnupg/secring.gpg' createdPlease select what kind of key you want: (1) DSA and Elgamal (default) (2) DSA (sign only) (5) RSA (sign only)Your selection? 1DSA keypair will have 1024 bits.ELG-E keys may be between 1024 and 4096 bits long.What keysize do you want? (2048)Requested keysize is 2048 bitsPlease specify how long the key should be valid. 0 = key does not expire <n> = key expires in n
days <n>w = key expires in n weeks <n>m = key expires in n
monthsKey is valid for? (0) 52wKey expires at Tue 29 Jan 2008 19:10:37 GMTIs this correct? (y/N) y
Use of GPG checking keys directly
Creating a key pair 2
You need a user ID to identify your key; the software constructs the user IDfrom the Real Name, Comment and E-mail Address in this form: "Heinrich Heine (Der Dichter) <heinrichh@duesseldorf.de>"
Real name: Richard KayE-mail address: rich@example.netComment: Experimental Purposes OnlyYou selected this USER-ID: "Richard Kay (Experimental Purposes Only) <rich@example.net>"
Change (N)ame, (C)omment, (E)-mail or (O)kay/(Q)uit? OYou need a Passphrase to protect your secret key.It didn't echo We need to generate a lot of random bytes. It is a good idea to performsome other action (type on the keyboard, move the mouse, use thedisks) during the prime generation; this gives the random numbergenerator a better chance to gain enough entropy.++++++++++.+++++++++++++++++++++++++.+++++++++++++gpg: /home/rich/.gnupg/trustdb.gpg: trustdb createdgpg: key EBEF27FB marked as ultimately trustedpublic and secret key created and signed.
Use of GPG checking keys directly
Creating a key pair 3
gpg: checking the trustdbgpg: 3 marginal(s) needed, 1 complete(s) needed, PGP trust modelgpg: depth: 0 valid: 1 signed: 0 trust: 0-, 0q, 0n, 0m, 0f, 1ugpg: next trustdb check due at 2008-01-29pub 1024D/EBEF27FB 2007-01-30 [expires: 2008-01-29] Key fingerprint = CDA4 E092 B12A 99EA B093 689F 8AE7 E694
EBEF 27FBuid Richard Kay (Experimental Purposes Only)
<rich@example.net>sub 2048g/9F119F7F 2007-01-30 [expires: 2008-01-29]
The above proceedure was repeated for user bob resulting in the following information about bob's key:
pub 1024D/357B2A4F 2007-01-30 [expires: 2008-01-29] Key fingerprint = 1BD0 6E5E 7A7D 1D0B 24E7 9A80 F8DF 8B17
357B 2A4Fuid Bob User (Im a Tester) <bob@example.net>sub 2048g/F2B63464 2007-01-30 [expires: 2008-01-29]
Use of GPG checking keys directly
Exporting keys
As rich:
rich@saturn:~/gpg$ gpg -a --export rich > richpub
As bob:
bob@saturn:~$ gpg -a --export bob > bobpub
Use of the -a flag exported the public key in ascii-armoured format, suitable for sending by email.
What does a public key look like ?
-----BEGIN PGP PUBLIC KEY BLOCK-----Version: GnuPG v1.4.3 (GNU/Linux)
mQGiBEW/m4sRBADT839C4QkJuglzTFy3GZRIYZD2vXdDrOwnDwrODryqXfUO5s1Ix8v2AHKtbn8YttaZtVxdg5cXr1aeFH9VyAWqXukdFuqFBMNIM1qdVKOiXl2CO9bjXPb0LGT+9X9lL7Q7pflHppnPSgcwMKvqb8OzqRLwRwnuWEVPL/ZCyJyujwCghii5
20 lines skipped
AgAPBQJFv5uUAhsMBQkB3+IAAAoJEPjfixc1eypPB9gAn2pI6NjFugtRWZftxX8h4argxIQxAJ0ZH6PD+Li7yimSqCQhuiE+6AJWuA===XY9V-----END PGP PUBLIC KEY BLOCK-----
Use of GPG checking keys directly
Importing a key
Users bob and rich sent their exported public key files to each, one by email, the other through a file copy. rich used the Mutt email client to read mail. Here the ? help key within the attachment menu displayed:
^K extract-keys extract supported public keys
So pressing <ctrl> <shift> and <K> together displayed:
gpg: key 357B2A4F: public key "Bob User (Im a Tester) <bob@example.net>" imported
gpg: Total number processed: 1gpg: imported: 1Press any key to continue...
User bob read the gpg manpage and used the following command to import rich's key as a file:
bob@saturn:~$ gpg --import /tmp/richpubgpg: key EBEF27FB: public key "Richard Kay (Experimental Purposes
Only) <rich@example.net>" importedgpg: Total number processed: 1gpg: imported: 1
Use of GPG checking keys directly
Editing the trust level on received keys 1
As bob:
bob@saturn:~$ gpg --edit-key richgpg (GnuPG) 1.4.3; Copyright (C) 2006 Free Software Foundation, Inc.This program comes with ABSOLUTELY NO WARRANTY.This is free software, and you are welcome to redistribute itunder certain conditions. See the file COPYING for details.
pub 1024D/EBEF27FB created: 2007-01-30 expires: 2008-01-29 usage: SC trust: unknown validity: unknownsub 2048g/9F119F7F created: 2007-01-30 expires: 2008-01-29 usage: E[ unknown] (1). Richard Kay (Experimental Purposes Only) <rich@example.net>
Command> sign
pub 1024D/EBEF27FB created: 2007-01-30 expires: 2008-01-29 usage: SC trust: unknown validity: unknown Primary key fingerprint: CDA4 E092 B12A 99EA B093 689F 8AE7 E694 EBEF
27FB
Richard Kay (Experimental Purposes Only) <rich@example.net>
Use of GPG checking keys directly
Editing the trust level on received keys 2
As bob, continued:
This key is due to expire on 2008-01-29.Are you sure that you want to sign this key with yourkey "Bob User (Im A Tester) <bob@example.net>" (0C86136D)
Really sign? (y/N) y
You need a passphrase to unlock the secret key foruser: "Bob User (Im A Tester) <bob@example.net>"1024-bit DSA key, ID 0C86136D, created 2007-02-02
Command> qSave changes? (y/N) y
Use of GPG checking keys directly
Signing and encrypting a message
A message was created and stored in the file: secret
rich@saturn:~/gpg$ cat secretThis is a secret message.
The following GPG actions and flags were used:
-s to sign -e to encrypt -a ASCII armoured output -r userid -o name of output file
rich@saturn:~/gpg$ gpg -r bob -o secret.asc -sea secret
You need a passphrase to unlock the secret key foruser: "Richard Kay (Experimental Purposes Only) <rich@example.net>"1024-bit DSA key, ID EBEF27FB, created 2007-01-30
Signed and encrypted outputrich@saturn:~/gpg$ cat secret.asc-----BEGIN PGP MESSAGE-----Version: GnuPG v1.4.3 (GNU/Linux)
hQIOAxVuAHHdtcplEAf/ZrUQpN7ClwSAa/ZX+nOd+mG2vRiCx3jp9D/Y8M3DY0jC
mA2H774ZeJNl0++hefGCTbxeGCGnjsh3t1xBM1x9sxKy9Wu0eRSLOAB5PS6ivEO6
10 lines skipped
cYeP880shJSZMBqg/fTElSHUxJgGfTOFcKyM1DDemk0/51WhI2b1zdMcwNKV9dap
spEdrBmY2qXKtvjVvBXNSVT9IHATcjoB6i2kpjqC/jc4TlXC352v1JNKwvzVDAvY
T5SLsO8tbz4k3r6VjKyCyaAyi1k==muEX-----END PGP MESSAGE-----
Use of GPG checking keys directly
Decrypting the secret message
bob@saturn:~$ gpg -o secret -d secret.asc
You need a passphrase to unlock the secret key foruser: "Bob User (Im A Tester) <bob@example.net>"2048-bit ELG-E key, ID DDB5CA65, created 2007-02-02 (main key ID
0C86136D)
gpg: encrypted with 2048-bit ELG-E key, ID DDB5CA65, created 2007-02-02
"Bob User (Im A Tester) <bob@example.net>"gpg: Signature made Fri 02 Feb 2007 15:33:41 GMT using DSA key ID
EBEF27FBgpg: Good signature from "Richard Kay (Experimental Purposes Only)
<rich@example.net>"bob@saturn:~$ cat secretThis is a secret message.
Using a Trusted Third Party as a Certification Authority
In the following set of slides, users rich and bob use the services of dave to act as a certification authority. Dave will need to sign rich and bob's public keys having confirmed their identities. Dave's signatures on the others' keys will enable rich and bob to communicate securely.
Using a TTP as a certification authority
Users dave, rich and bob create new keys
dave's key
pub 1024D/57E0F876 2007-02-16 [expires: 2008-02-15] Key fingerprint = ACF5 7915 4C5E 6F1D 26E0 8662 6637 B994 57E0 F876uid Dave Trusted (TTP keysigning key) <dave@example.net>sub 2048g/A6BFD1FD 2007-02-16 [expires: 2008-02-15]
rich's key
pub 1024D/D224BF4D 2007-02-16 [expires: 2008-02-15] Key fingerprint = 28D5 9340 3329 2ABD F853 3524 1A88 D35B D224
BF4Duid Rich Kay (Demo use of ttp key) <rich@example.net>sub 2048g/401D9F40 2007-02-16 [expires: 2008-02-15]
bob's key
pub 1024D/12D2BFBA 2007-02-16 [expires: 2008-02-15] Key fingerprint = C4D9 2D11 FFE9 6B73 3824 64E7 D02F E07B 12D2
BFBAuid Bob Person (bob TTP process) <bob@example.net>sub 2048g/10C076AE 2007-02-16 [expires: 2008-02-15]
Using a TTP as a certification authority
exporting unsigned keys
dave@saturn:~$ gpg -a --export dave > /tmp/davepub
bob@saturn:~$ gpg -a --export bob > /tmp/bobpub
rich@saturn:~$ gpg -a --export rich > /tmp/richpub
bob@saturn:~$ ls -l /tmp/*pub-rw-r--r-- 1 dave dave 1730 2007-02-16 17:47 /tmp/davepub-rw-r--r-- 1 rich rich 1726 2007-02-16 17:49 /tmp/richpub-rw-r--r-- 1 bob bob 1726 2007-02-16 17:48 /tmp/bobpub
Using a TTP as a certification authority
importing unsigned keys
dave@saturn:~$ gpg --import /tmp/richpubgpg: key D224BF4D: public key "Rich Kay (Demo use of ttp
key) <rich@example.net>" importedgpg: Total number processed: 1gpg: imported: 1dave@saturn:~$ gpg --import /tmp/bobpubgpg: key 12D2BFBA: public key "Bob Person (bob TTP
process) <bob@example.net>" importedgpg: Total number processed: 1gpg: imported: 1
Using a TTP as a certification authority
Dave signs rich's and bob's keys 1
dave@saturn:~$ gpg --edit-key richgpg (GnuPG) 1.4.3; Copyright (C) 2006 Free Software Foundation, Inc.This program comes with ABSOLUTELY NO WARRANTY.This is free software, and you are welcome to redistribute itunder certain conditions. See the file COPYING for details.
pub 1024D/D224BF4D created: 2007-02-16 expires: 2008-02-15 usage: SC trust: unknown validity: unknownsub 2048g/401D9F40 created: 2007-02-16 expires: 2008-02-15 usage: E[ unknown] (1). Rich Kay (Demo use of ttp key) <rich@example.net>
Command> sign
pub 1024D/D224BF4D created: 2007-02-16 expires: 2008-02-15 usage: SC trust: unknown validity: unknown Primary key fingerprint: 28D5 9340 3329 2ABD F853 3524 1A88 D35B D224
BF4D
Using a TTP as a certification authority
Dave signs rich's and bob's keys 2
Rich Kay (Demo use of ttp key) <rich@example.net>
This key is due to expire on 2008-02-15.Are you sure that you want to sign this key with yourkey "Dave Trusted (TTP keysigning key) <dave@example.net>"
(57E0F876)
Really sign? (y/N) y
You need a passphrase to unlock the secret key foruser: "Dave Trusted (TTP keysigning key) <dave@example.net>"1024-bit DSA key, ID 57E0F876, created 2007-02-16
Using a TTP as a certification authority
Dave exports the signed keys
dave@saturn:~$ gpg -a --export rich > /tmp/richspub
dave@saturn:~$ gpg -a --export bob > /tmp/bobspub
Using a TTP as a certification authority
rich and bob import them
rich@saturn:~$ gpg --import /tmp/richspubgpg: key D224BF4D: "Rich Kay (Demo use of ttp key)
<rich@example.net>" 1 new signaturegpg: Total number processed: 1gpg: new signatures: 1gpg: 3 marginal(s) needed, 1 complete(s) needed, PGP trust modelgpg: depth: 0 valid: 1 signed: 0 trust: 0-, 0q, 0n, 0m, 0f, 1ugpg: next trustdb check due at 2008-02-15rich@saturn:~$ gpg --import /tmp/bobspubgpg: key 12D2BFBA: "Bob Person (bob TTP process)
<bob@example.net>" 1 new signaturegpg: Total number processed: 1gpg: new signatures: 1gpg: 3 marginal(s) needed, 1 complete(s) needed, PGP trust modelgpg: depth: 0 valid: 1 signed: 0 trust: 0-, 0q, 0n, 0m, 0f, 1ugpg: next trustdb check due at 2008-02-15
Using a TTP as a certification authority
bob states he trusts dave to sign other keys 1
Note that bob has to sign dave's key as well as trust it. Signing it means that bob believes dave's key belongs to dave. Trusting it means that bob trusts dave to identify the owners of other keys
before signing them.
bob@saturn:~$ gpg --edit-key davegpg (GnuPG) 1.4.3; Copyright (C) 2006 Free Software Foundation, Inc.This program comes with ABSOLUTELY NO WARRANTY.This is free software, and you are welcome to redistribute itunder certain conditions. See the file COPYING for details.
pub 1024D/57E0F876 created: 2007-02-16 expires: 2008-02-15 usage: SC
trust: unknown validity: unknownsub 2048g/A6BFD1FD created: 2007-02-16 expires: 2008-02-15 usage:
E[ unknown] (1). Dave Trusted (TTP keysigning key) <dave@example.net>
Using a TTP as a certification authority
bob states he trusts dave to sign other keys 2
Command> help signquit quit this menusave save and quithelp show this helpfpr show key fingerprintlist list key and user IDsuid select user ID Nkey select subkey Ncheck check signaturessign sign selected user IDs [* see below for related commands]lsign sign selected user IDs locallytsign sign selected user IDs with a trust signaturenrsign sign selected user IDs with a non-revocable signaturedeluid delete selected user IDsdelkey delete selected subkeysdelsig delete signatures from the selected user IDspref list preferences (expert)showpref list preferences (verbose)trust change the ownertrustrevsig revoke signatures on the selected user IDsenable enable keydisable disable keyshowphoto show selected photo IDs
Using a TTP as a certification authority
bob states he trusts dave to sign other keys 3
Command> trustpub 1024D/57E0F876 created: 2007-02-16 expires: 2008-02-15 usage: SC trust: unknown validity: unknownsub 2048g/A6BFD1FD created: 2007-02-16 expires: 2008-02-15 usage: E[ unknown] (1). Dave Trusted (TTP keysigning key) <dave@example.net>
Please decide how far you trust this user to correctly verify other users' keys(by looking at passports, checking fingerprints from different sources, etc.)
1 = I don't know or won't say 2 = I do NOT trust 3 = I trust marginally 4 = I trust fully 5 = I trust ultimately m = back to the main menu
Your decision? 4
Using a TTP as a certification authority
bob signs dave's key to say it belongs to dave
Command> sign
pub 1024D/57E0F876 created: 2007-02-16 expires: 2008-02-15 usage: SC trust: full validity: unknown Primary key fingerprint: ACF5 7915 4C5E 6F1D 26E0 8662 6637 B994 57E0
Dave Trusted (TTP keysigning key) <dave@example.net>
This key is due to expire on 2008-02-15.Are you sure that you want to sign this key with yourkey "Bob Person (bob TTP process) <bob@example.net>" (12D2BFBA)
Really sign? (y/N) y
You need a passphrase to unlock the secret key foruser: "Bob Person (bob TTP process) <bob@example.net>"1024-bit DSA key, ID 12D2BFBA, created 2007-02-16
Command> quitSave changes? (y/N) y
Rich does the same with dave's key
Using a TTP as a certification authority
rich encrypts a message to bob's key and signs it
rich@saturn:~/gpg$ cat secretThis is a secret message sent by rich to bob, after bothrich and bob have trusted dave to sign each others keys.
rich@saturn:~/gpg$ gpg -r bob -o secret.asc -sea secret
You need a passphrase to unlock the secret key foruser: "Rich Kay (Demo use of ttp key) <rich@example.net>"1024-bit DSA key, ID D224BF4D, created 2007-02-16
gpg: checking the trustdbgpg: 3 marginal(s) needed, 1 complete(s) needed, PGP trust modelgpg: depth: 0 valid: 1 signed: 1 trust: 0-, 0q, 0n, 0m, 0f, 1ugpg: depth: 1 valid: 1 signed: 1 trust: 0-, 0q, 0n, 0m, 1f, 0ugpg: depth: 2 valid: 1 signed: 0 trust: 1-, 0q, 0n, 0m, 0f, 0ugpg: next trustdb check due at 2008-02-15
rich@saturn:~/gpg$ cat secret.asc-----BEGIN PGP MESSAGE----- encrypted message not shown
Using a TTP as a certification authority
Rich sends and bob decrypts the message.
bob@saturn:~$ gpg -o secret -d secret.asc
You need a passphrase to unlock the secret key foruser: "bob Person (bob TTP process) <bob@example.net>"2048-bit ELG-E key, ID 10C076AE, created 2007-02-16 (main key ID
12D2BFBA)
gpg: encrypted with 2048-bit ELG-E key, ID 10C076AE, created 2007-02-16
"Bob Person (bob TTP process) <bob@example.net>"gpg: Signature made Sat 17 Feb 2007 16:04:24 GMT using DSA key ID
D224BF4Dgpg: checking the trustdbgpg: 3 marginal(s) needed, 1 complete(s) needed, PGP trust modeltrust data cut for sake of brevitygpg: Good signature from "Rich Kay (Demo use of ttp key)
<rich@example.net>"
bob@saturn:~$ cat secretThis is a secret message sent by rich to bob, after bothrich and bob have trusted dave to sign each others keys.
Using GPG for Symmetric Cryptography
The following slides demonstrate use of GPG with a single shared secret. A passphrase is used to generate a session key which is used to encrypt the data.
The decryption process involves using the passphrase to regenerate the session key which is then used to decrypt the data.
Using GPG for symmetric cryptography
Encrypting a message
rich@saturn:~/gpg$ gpg -o secret.asc -ca secretrich@saturn:~/gpg$ cat secret.asc-----BEGIN PGP MESSAGE-----Version: GnuPG v1.4.3 (GNU/Linux)
jA0EAwMC5xVjg4/8UtRgyTDYJAmJer3Q5bJ/SIHrs5eMNa2TpxQ5cuwyXmMay+L/8CPJ2IOQOoHnCOdHQO7APi8MEvq-----END PGP MESSAGE-----
Here the c option involves use of the default symmetric encryption algorithm CAST5, the a option involves ASCII armouring the output. Any passphrase can be input, but the same will be needed to decrypt the file.
Using GPG for symmetric cryptography
Decrypting the message
rich@saturn:~/gpg$ gpg -d secret.ascgpg: CAST5 encrypted datagpg: encrypted with 1 passphraseThis is a secret message.gpg: WARNING: message was not integrity protected
The message was successfully decrypted. The warning message was investigated. The reasons for this were answered here: http://lists.gnupg.org/pipermail/gnupg-users/2004-October/023500.html and here: http://lwn.net/Articles/7688/
It turned out that in order to obtain backwards compatibility with older versions of PGP and GPG that the CAST5 algorithm is used by default. GPG will always use a MDC (Manipulation Detection Code) with newer algorithms.
Using GPG for symmetric cryptography
Avoiding Message Manipulation
rich@saturn:~/gpg$ gpg --versiongpg (GnuPG) 1.4.3Home: ~/.gnupgSupported algorithms:Pubkey: RSA, RSA-E, RSA-S, ELG-E, DSACypher: 3DES, CAST5, BLOWFISH, AES, AES192, AES256, TWOFISHHash: MD5, SHA1, RIPEMD160, SHA256, SHA384, SHA512Compression: Uncompressed, ZIP, ZLIB, BZIP2
rich@saturn:~/gpg$ gpg --cipher-algo AES256 -o secret.asc -ca secret
File `secret.asc' exists. Overwrite? (y/N) yrich@saturn:~/gpg$ gpg -d secret.ascgpg: AES256 encrypted datagpg: encrypted with 1 passphraseThis is a secret message.
Security features of GPGPassphrases are used whenever a security-sensitive event
occurs. A copy of the secret key would be difficult or impossible to unlock without knowledge of the passphrase. These events include encryption, decryption and confirming the authenticity of an imported key. GPG has many other design features to improve the security of the processing, e.g. forcing memory used to not be written out to extended memory (swap file or partition).
A practical system design involving messages sent between automated systems is likely to have to involve compromising this security to an extent, because all secrets needed to secure communications will need to be stored locally on the relevant systems.
GPG or PGP ?Slide 1
PGP stands for Pretty Good Privacy, which is a program designed by Phil Zimmerman and which became available in 1991.
At this time cryptographic software was controlled under the same US export restrictions as munitions. By posting this program on the Internet its author was suspected of illegally exporting it and was investigated. However, Phil was never charged, probably due to the degree of support his cause attracted. Eventually the investigation against him was dropped.
PGP later became the basis of the RFC 4880 OpenPGP Message Format standard (this updated RFC2440).
GPG or PGP ?Slide 2
GPG stands for "GNU Privacy Guard". It was engineered based on RFC2440 (and later RFC4880) in order to be interoperable with PGP.
PGP was distributed in source-available form without requiring payment. But PGP was not released based on a software license considered by the Free Software Foundation as constituting free software. In practical terms the licensing restrictions on PGP made it difficult freely and internationally to distribute and maintain it as part of larger packages, e.g. operating system distributions.
GPG was developed as a fully open-source product with financial support from the German government.
Conclusions
Use of trusted third parties (TTPs) in connection with cryptography takes some preparation and planning. Many separate actions have to occur in the correct sequence. All parties need to learn use of the tools and procedures and the rationale for these, before these tools can be used effectively and securely.
Some developments involving keys stored in hardware devices and standardisation of automatable PKI protocols are likely to be required before the kind of procedures demonstrated above are likely to be usable automatically and simply without requiring advanced knowledge on the part of the end user.
Further reading
GNU Privacy Guard Wikipedia Entryhttp://en.wikipedia.org/wiki/GNU_Privacy_Guard
The GNU Privacy Guard Handbookhttp://www.gnupg.org/gph/en/manual.html
Essay by Phil Zimmerman: "Why I wrote PGP"http://www.philzimmermann.com/EN/essays/
WhyIWrotePGP.html
PGP User Guide, including a good general introduction to cryptography
http://www.pgpi.org/doc/guide/7.0/en/