using gpg - the gnu privacy guard why does a security professional need this skill ? 3 gpg...

Using GPG - the GNU Privacy Guard

Why does a security professional need this skill ?3 GPG HOWTO's

Use by checking Correspondents' Keys DirectlyUsing a TTP as a Certification AuthorityUsing GPG for Symmetric encryption

Security features of GPGPGP or GPG ?ConclusionsFurther Reading

Why does a security professional need this skill ?

Many unattributable and bogus security alerts are distributed by chain email.

Supposing a bank needs to reset account passwords and wants account holders to believe them ?

Because privacy is normal. Do you use envelopes around your snail mail or prefer postcards ?

Confirming that the developer whose program you are about to install is the maintainer for the package recognised by the distribution team. (Value of free software ecosystem $40G/annum by 2010 (estimate by IDC).

Using GPG where users are checking each others' keys

directly

The following set of slides present an experiment using GPG where users rich and bob establish and communicate keys directly and send a secret message, without using trusted third party certification.

Use of GPG checking keys directly

Creating a key pair 1

rich@saturn:~/gpg$ gpg --gen-keygpg (GnuPG) 1.4.3; Copyright (C) 2006 Free Software Foundation,

Inc.

gpg: keyring `/home/rich/.gnupg/secring.gpg' createdPlease select what kind of key you want: (1) DSA and Elgamal (default) (2) DSA (sign only) (5) RSA (sign only)Your selection? 1DSA keypair will have 1024 bits.ELG-E keys may be between 1024 and 4096 bits long.What keysize do you want? (2048)Requested keysize is 2048 bitsPlease specify how long the key should be valid. 0 = key does not expire <n> = key expires in n

days <n>w = key expires in n weeks <n>m = key expires in n

monthsKey is valid for? (0) 52wKey expires at Tue 29 Jan 2008 19:10:37 GMTIs this correct? (y/N) y



You need a user ID to identify your key; the software constructs the user IDfrom the Real Name, Comment and E-mail Address in this form: "Heinrich Heine (Der Dichter) <[email protected]>"

Real name: Richard KayE-mail address: [email protected]: Experimental Purposes OnlyYou selected this USER-ID: "Richard Kay (Experimental Purposes Only) <[email protected]>"

Change (N)ame, (C)omment, (E)-mail or (O)kay/(Q)uit? OYou need a Passphrase to protect your secret key.It didn't echo We need to generate a lot of random bytes. It is a good idea to performsome other action (type on the keyboard, move the mouse, use thedisks) during the prime generation; this gives the random numbergenerator a better chance to gain enough entropy.++++++++++.+++++++++++++++++++++++++.+++++++++++++gpg: /home/rich/.gnupg/trustdb.gpg: trustdb createdgpg: key EBEF27FB marked as ultimately trustedpublic and secret key created and signed.



gpg: checking the trustdbgpg: 3 marginal(s) needed, 1 complete(s) needed, PGP trust modelgpg: depth: 0 valid: 1 signed: 0 trust: 0-, 0q, 0n, 0m, 0f, 1ugpg: next trustdb check due at 2008-01-29pub 1024D/EBEF27FB 2007-01-30 [expires: 2008-01-29] Key fingerprint = CDA4 E092 B12A 99EA B093 689F 8AE7 E694

EBEF 27FBuid Richard Kay (Experimental Purposes Only)

<[email protected]>sub 2048g/9F119F7F 2007-01-30 [expires: 2008-01-29]

The above proceedure was repeated for user bob resulting in the following information about bob's key:

pub 1024D/357B2A4F 2007-01-30 [expires: 2008-01-29] Key fingerprint = 1BD0 6E5E 7A7D 1D0B 24E7 9A80 F8DF 8B17

357B 2A4Fuid Bob User (Im a Tester) <[email protected]>sub 2048g/F2B63464 2007-01-30 [expires: 2008-01-29]


Exporting keys

As rich:

rich@saturn:~/gpg$ gpg -a --export rich > richpub

As bob:

bob@saturn:~$ gpg -a --export bob > bobpub

Use of the -a flag exported the public key in ascii-armoured format, suitable for sending by email.

What does a public key look like ?

-----BEGIN PGP PUBLIC KEY BLOCK-----Version: GnuPG v1.4.3 (GNU/Linux)

mQGiBEW/m4sRBADT839C4QkJuglzTFy3GZRIYZD2vXdDrOwnDwrODryqXfUO5s1Ix8v2AHKtbn8YttaZtVxdg5cXr1aeFH9VyAWqXukdFuqFBMNIM1qdVKOiXl2CO9bjXPb0LGT+9X9lL7Q7pflHppnPSgcwMKvqb8OzqRLwRwnuWEVPL/ZCyJyujwCghii5

20 lines skipped

AgAPBQJFv5uUAhsMBQkB3+IAAAoJEPjfixc1eypPB9gAn2pI6NjFugtRWZftxX8h4argxIQxAJ0ZH6PD+Li7yimSqCQhuiE+6AJWuA===XY9V-----END PGP PUBLIC KEY BLOCK-----


Importing a key

Users bob and rich sent their exported public key files to each, one by email, the other through a file copy. rich used the Mutt email client to read mail. Here the ? help key within the attachment menu displayed:

^K extract-keys extract supported public keys

So pressing <ctrl> <shift> and <K> together displayed:

gpg: key 357B2A4F: public key "Bob User (Im a Tester) <[email protected]>" imported

gpg: Total number processed: 1gpg: imported: 1Press any key to continue...

User bob read the gpg manpage and used the following command to import rich's key as a file:

bob@saturn:~$ gpg --import /tmp/richpubgpg: key EBEF27FB: public key "Richard Kay (Experimental Purposes

Only) <[email protected]>" importedgpg: Total number processed: 1gpg: imported: 1


Editing the trust level on received keys 1

As bob:

bob@saturn:~$ gpg --edit-key richgpg (GnuPG) 1.4.3; Copyright (C) 2006 Free Software Foundation, Inc.This program comes with ABSOLUTELY NO WARRANTY.This is free software, and you are welcome to redistribute itunder certain conditions. See the file COPYING for details.

pub 1024D/EBEF27FB created: 2007-01-30 expires: 2008-01-29 usage: SC trust: unknown validity: unknownsub 2048g/9F119F7F created: 2007-01-30 expires: 2008-01-29 usage: E[ unknown] (1). Richard Kay (Experimental Purposes Only) <[email protected]>

Command> sign

pub 1024D/EBEF27FB created: 2007-01-30 expires: 2008-01-29 usage: SC trust: unknown validity: unknown Primary key fingerprint: CDA4 E092 B12A 99EA B093 689F 8AE7 E694 EBEF

27FB

Richard Kay (Experimental Purposes Only) <[email protected]>


Editing the trust level on received keys 2

As bob, continued:

This key is due to expire on 2008-01-29.Are you sure that you want to sign this key with yourkey "Bob User (Im A Tester) <[email protected]>" (0C86136D)

Really sign? (y/N) y

You need a passphrase to unlock the secret key foruser: "Bob User (Im A Tester) <[email protected]>"1024-bit DSA key, ID 0C86136D, created 2007-02-02

Command> qSave changes? (y/N) y


Signing and encrypting a message

A message was created and stored in the file: secret

rich@saturn:~/gpg$ cat secretThis is a secret message.

The following GPG actions and flags were used:

-s to sign -e to encrypt -a ASCII armoured output -r userid -o name of output file

rich@saturn:~/gpg$ gpg -r bob -o secret.asc -sea secret

You need a passphrase to unlock the secret key foruser: "Richard Kay (Experimental Purposes Only) <[email protected]>"1024-bit DSA key, ID EBEF27FB, created 2007-01-30

Signed and encrypted outputrich@saturn:~/gpg$ cat secret.asc-----BEGIN PGP MESSAGE-----Version: GnuPG v1.4.3 (GNU/Linux)

hQIOAxVuAHHdtcplEAf/ZrUQpN7ClwSAa/ZX+nOd+mG2vRiCx3jp9D/Y8M3DY0jC

mA2H774ZeJNl0++hefGCTbxeGCGnjsh3t1xBM1x9sxKy9Wu0eRSLOAB5PS6ivEO6

10 lines skipped

cYeP880shJSZMBqg/fTElSHUxJgGfTOFcKyM1DDemk0/51WhI2b1zdMcwNKV9dap

spEdrBmY2qXKtvjVvBXNSVT9IHATcjoB6i2kpjqC/jc4TlXC352v1JNKwvzVDAvY

T5SLsO8tbz4k3r6VjKyCyaAyi1k==muEX-----END PGP MESSAGE-----


Decrypting the secret message

bob@saturn:~$ gpg -o secret -d secret.asc

You need a passphrase to unlock the secret key foruser: "Bob User (Im A Tester) <[email protected]>"2048-bit ELG-E key, ID DDB5CA65, created 2007-02-02 (main key ID

0C86136D)

gpg: encrypted with 2048-bit ELG-E key, ID DDB5CA65, created 2007-02-02

"Bob User (Im A Tester) <[email protected]>"gpg: Signature made Fri 02 Feb 2007 15:33:41 GMT using DSA key ID

EBEF27FBgpg: Good signature from "Richard Kay (Experimental Purposes Only)

<[email protected]>"bob@saturn:~$ cat secretThis is a secret message.

Using a Trusted Third Party as a Certification Authority

In the following set of slides, users rich and bob use the services of dave to act as a certification authority. Dave will need to sign rich and bob's public keys having confirmed their identities. Dave's signatures on the others' keys will enable rich and bob to communicate securely.

Using a TTP as a certification authority

Users dave, rich and bob create new keys

dave's key

pub 1024D/57E0F876 2007-02-16 [expires: 2008-02-15] Key fingerprint = ACF5 7915 4C5E 6F1D 26E0 8662 6637 B994 57E0 F876uid Dave Trusted (TTP keysigning key) <[email protected]>sub 2048g/A6BFD1FD 2007-02-16 [expires: 2008-02-15]

rich's key

pub 1024D/D224BF4D 2007-02-16 [expires: 2008-02-15] Key fingerprint = 28D5 9340 3329 2ABD F853 3524 1A88 D35B D224

BF4Duid Rich Kay (Demo use of ttp key) <[email protected]>sub 2048g/401D9F40 2007-02-16 [expires: 2008-02-15]

bob's key

pub 1024D/12D2BFBA 2007-02-16 [expires: 2008-02-15] Key fingerprint = C4D9 2D11 FFE9 6B73 3824 64E7 D02F E07B 12D2

BFBAuid Bob Person (bob TTP process) <[email protected]>sub 2048g/10C076AE 2007-02-16 [expires: 2008-02-15]


exporting unsigned keys

dave@saturn:~$ gpg -a --export dave > /tmp/davepub

bob@saturn:~$ gpg -a --export bob > /tmp/bobpub

rich@saturn:~$ gpg -a --export rich > /tmp/richpub

bob@saturn:~$ ls -l /tmp/*pub-rw-r--r-- 1 dave dave 1730 2007-02-16 17:47 /tmp/davepub-rw-r--r-- 1 rich rich 1726 2007-02-16 17:49 /tmp/richpub-rw-r--r-- 1 bob bob 1726 2007-02-16 17:48 /tmp/bobpub


importing unsigned keys

dave@saturn:~$ gpg --import /tmp/richpubgpg: key D224BF4D: public key "Rich Kay (Demo use of ttp

key) <[email protected]>" importedgpg: Total number processed: 1gpg: imported: 1dave@saturn:~$ gpg --import /tmp/bobpubgpg: key 12D2BFBA: public key "Bob Person (bob TTP

process) <[email protected]>" importedgpg: Total number processed: 1gpg: imported: 1


Dave signs rich's and bob's keys 1

dave@saturn:~$ gpg --edit-key richgpg (GnuPG) 1.4.3; Copyright (C) 2006 Free Software Foundation, Inc.This program comes with ABSOLUTELY NO WARRANTY.This is free software, and you are welcome to redistribute itunder certain conditions. See the file COPYING for details.

pub 1024D/D224BF4D created: 2007-02-16 expires: 2008-02-15 usage: SC trust: unknown validity: unknownsub 2048g/401D9F40 created: 2007-02-16 expires: 2008-02-15 usage: E[ unknown] (1). Rich Kay (Demo use of ttp key) <[email protected]>

Command> sign

pub 1024D/D224BF4D created: 2007-02-16 expires: 2008-02-15 usage: SC trust: unknown validity: unknown Primary key fingerprint: 28D5 9340 3329 2ABD F853 3524 1A88 D35B D224

BF4D


Dave signs rich's and bob's keys 2

Rich Kay (Demo use of ttp key) <[email protected]>

This key is due to expire on 2008-02-15.Are you sure that you want to sign this key with yourkey "Dave Trusted (TTP keysigning key) <[email protected]>"

(57E0F876)


You need a passphrase to unlock the secret key foruser: "Dave Trusted (TTP keysigning key) <[email protected]>"1024-bit DSA key, ID 57E0F876, created 2007-02-16


Dave exports the signed keys

dave@saturn:~$ gpg -a --export rich > /tmp/richspub

dave@saturn:~$ gpg -a --export bob > /tmp/bobspub


rich and bob import them

rich@saturn:~$ gpg --import /tmp/richspubgpg: key D224BF4D: "Rich Kay (Demo use of ttp key)

<[email protected]>" 1 new signaturegpg: Total number processed: 1gpg: new signatures: 1gpg: 3 marginal(s) needed, 1 complete(s) needed, PGP trust modelgpg: depth: 0 valid: 1 signed: 0 trust: 0-, 0q, 0n, 0m, 0f, 1ugpg: next trustdb check due at 2008-02-15rich@saturn:~$ gpg --import /tmp/bobspubgpg: key 12D2BFBA: "Bob Person (bob TTP process)

<[email protected]>" 1 new signaturegpg: Total number processed: 1gpg: new signatures: 1gpg: 3 marginal(s) needed, 1 complete(s) needed, PGP trust modelgpg: depth: 0 valid: 1 signed: 0 trust: 0-, 0q, 0n, 0m, 0f, 1ugpg: next trustdb check due at 2008-02-15


bob states he trusts dave to sign other keys 1

Note that bob has to sign dave's key as well as trust it. Signing it means that bob believes dave's key belongs to dave. Trusting it means that bob trusts dave to identify the owners of other keys

before signing them.

bob@saturn:~$ gpg --edit-key davegpg (GnuPG) 1.4.3; Copyright (C) 2006 Free Software Foundation, Inc.This program comes with ABSOLUTELY NO WARRANTY.This is free software, and you are welcome to redistribute itunder certain conditions. See the file COPYING for details.

pub 1024D/57E0F876 created: 2007-02-16 expires: 2008-02-15 usage: SC

trust: unknown validity: unknownsub 2048g/A6BFD1FD created: 2007-02-16 expires: 2008-02-15 usage:

E[ unknown] (1). Dave Trusted (TTP keysigning key) <[email protected]>



Command> help signquit quit this menusave save and quithelp show this helpfpr show key fingerprintlist list key and user IDsuid select user ID Nkey select subkey Ncheck check signaturessign sign selected user IDs [* see below for related commands]lsign sign selected user IDs locallytsign sign selected user IDs with a trust signaturenrsign sign selected user IDs with a non-revocable signaturedeluid delete selected user IDsdelkey delete selected subkeysdelsig delete signatures from the selected user IDspref list preferences (expert)showpref list preferences (verbose)trust change the ownertrustrevsig revoke signatures on the selected user IDsenable enable keydisable disable keyshowphoto show selected photo IDs



Command> trustpub 1024D/57E0F876 created: 2007-02-16 expires: 2008-02-15 usage: SC trust: unknown validity: unknownsub 2048g/A6BFD1FD created: 2007-02-16 expires: 2008-02-15 usage: E[ unknown] (1). Dave Trusted (TTP keysigning key) <[email protected]>

Please decide how far you trust this user to correctly verify other users' keys(by looking at passports, checking fingerprints from different sources, etc.)

1 = I don't know or won't say 2 = I do NOT trust 3 = I trust marginally 4 = I trust fully 5 = I trust ultimately m = back to the main menu

Your decision? 4


bob signs dave's key to say it belongs to dave

Command> sign

pub 1024D/57E0F876 created: 2007-02-16 expires: 2008-02-15 usage: SC trust: full validity: unknown Primary key fingerprint: ACF5 7915 4C5E 6F1D 26E0 8662 6637 B994 57E0

Dave Trusted (TTP keysigning key) <[email protected]>

This key is due to expire on 2008-02-15.Are you sure that you want to sign this key with yourkey "Bob Person (bob TTP process) <[email protected]>" (12D2BFBA)


You need a passphrase to unlock the secret key foruser: "Bob Person (bob TTP process) <[email protected]>"1024-bit DSA key, ID 12D2BFBA, created 2007-02-16

Command> quitSave changes? (y/N) y

Rich does the same with dave's key


rich encrypts a message to bob's key and signs it

rich@saturn:~/gpg$ cat secretThis is a secret message sent by rich to bob, after bothrich and bob have trusted dave to sign each others keys.

rich@saturn:~/gpg$ gpg -r bob -o secret.asc -sea secret

You need a passphrase to unlock the secret key foruser: "Rich Kay (Demo use of ttp key) <[email protected]>"1024-bit DSA key, ID D224BF4D, created 2007-02-16

gpg: checking the trustdbgpg: 3 marginal(s) needed, 1 complete(s) needed, PGP trust modelgpg: depth: 0 valid: 1 signed: 1 trust: 0-, 0q, 0n, 0m, 0f, 1ugpg: depth: 1 valid: 1 signed: 1 trust: 0-, 0q, 0n, 0m, 1f, 0ugpg: depth: 2 valid: 1 signed: 0 trust: 1-, 0q, 0n, 0m, 0f, 0ugpg: next trustdb check due at 2008-02-15

rich@saturn:~/gpg$ cat secret.asc-----BEGIN PGP MESSAGE----- encrypted message not shown


Rich sends and bob decrypts the message.

bob@saturn:~$ gpg -o secret -d secret.asc

You need a passphrase to unlock the secret key foruser: "bob Person (bob TTP process) <[email protected]>"2048-bit ELG-E key, ID 10C076AE, created 2007-02-16 (main key ID

12D2BFBA)

gpg: encrypted with 2048-bit ELG-E key, ID 10C076AE, created 2007-02-16

"Bob Person (bob TTP process) <[email protected]>"gpg: Signature made Sat 17 Feb 2007 16:04:24 GMT using DSA key ID

D224BF4Dgpg: checking the trustdbgpg: 3 marginal(s) needed, 1 complete(s) needed, PGP trust modeltrust data cut for sake of brevitygpg: Good signature from "Rich Kay (Demo use of ttp key)

<[email protected]>"

bob@saturn:~$ cat secretThis is a secret message sent by rich to bob, after bothrich and bob have trusted dave to sign each others keys.

Using GPG for Symmetric Cryptography

The following slides demonstrate use of GPG with a single shared secret. A passphrase is used to generate a session key which is used to encrypt the data.

The decryption process involves using the passphrase to regenerate the session key which is then used to decrypt the data.

Using GPG for symmetric cryptography

Encrypting a message

rich@saturn:~/gpg$ gpg -o secret.asc -ca secretrich@saturn:~/gpg$ cat secret.asc-----BEGIN PGP MESSAGE-----Version: GnuPG v1.4.3 (GNU/Linux)

jA0EAwMC5xVjg4/8UtRgyTDYJAmJer3Q5bJ/SIHrs5eMNa2TpxQ5cuwyXmMay+L/8CPJ2IOQOoHnCOdHQO7APi8MEvq-----END PGP MESSAGE-----

Here the c option involves use of the default symmetric encryption algorithm CAST5, the a option involves ASCII armouring the output. Any passphrase can be input, but the same will be needed to decrypt the file.


Decrypting the message

rich@saturn:~/gpg$ gpg -d secret.ascgpg: CAST5 encrypted datagpg: encrypted with 1 passphraseThis is a secret message.gpg: WARNING: message was not integrity protected

The message was successfully decrypted. The warning message was investigated. The reasons for this were answered here: http://lists.gnupg.org/pipermail/gnupg-users/2004-October/023500.html and here: http://lwn.net/Articles/7688/

It turned out that in order to obtain backwards compatibility with older versions of PGP and GPG that the CAST5 algorithm is used by default. GPG will always use a MDC (Manipulation Detection Code) with newer algorithms.


Avoiding Message Manipulation

rich@saturn:~/gpg$ gpg --versiongpg (GnuPG) 1.4.3Home: ~/.gnupgSupported algorithms:Pubkey: RSA, RSA-E, RSA-S, ELG-E, DSACypher: 3DES, CAST5, BLOWFISH, AES, AES192, AES256, TWOFISHHash: MD5, SHA1, RIPEMD160, SHA256, SHA384, SHA512Compression: Uncompressed, ZIP, ZLIB, BZIP2

rich@saturn:~/gpg$ gpg --cipher-algo AES256 -o secret.asc -ca secret

File `secret.asc' exists. Overwrite? (y/N) yrich@saturn:~/gpg$ gpg -d secret.ascgpg: AES256 encrypted datagpg: encrypted with 1 passphraseThis is a secret message.

Security features of GPGPassphrases are used whenever a security-sensitive event

occurs. A copy of the secret key would be difficult or impossible to unlock without knowledge of the passphrase. These events include encryption, decryption and confirming the authenticity of an imported key. GPG has many other design features to improve the security of the processing, e.g. forcing memory used to not be written out to extended memory (swap file or partition).

A practical system design involving messages sent between automated systems is likely to have to involve compromising this security to an extent, because all secrets needed to secure communications will need to be stored locally on the relevant systems.

GPG or PGP ?Slide 1

PGP stands for Pretty Good Privacy, which is a program designed by Phil Zimmerman and which became available in 1991.

At this time cryptographic software was controlled under the same US export restrictions as munitions. By posting this program on the Internet its author was suspected of illegally exporting it and was investigated. However, Phil was never charged, probably due to the degree of support his cause attracted. Eventually the investigation against him was dropped.

PGP later became the basis of the RFC 4880 OpenPGP Message Format standard (this updated RFC2440).

GPG or PGP ?Slide 2

GPG stands for "GNU Privacy Guard". It was engineered based on RFC2440 (and later RFC4880) in order to be interoperable with PGP.

PGP was distributed in source-available form without requiring payment. But PGP was not released based on a software license considered by the Free Software Foundation as constituting free software. In practical terms the licensing restrictions on PGP made it difficult freely and internationally to distribute and maintain it as part of larger packages, e.g. operating system distributions.

GPG was developed as a fully open-source product with financial support from the German government.

Conclusions

Use of trusted third parties (TTPs) in connection with cryptography takes some preparation and planning. Many separate actions have to occur in the correct sequence. All parties need to learn use of the tools and procedures and the rationale for these, before these tools can be used effectively and securely.

Some developments involving keys stored in hardware devices and standardisation of automatable PKI protocols are likely to be required before the kind of procedures demonstrated above are likely to be usable automatically and simply without requiring advanced knowledge on the part of the end user.

Further reading

GNU Privacy Guard Wikipedia Entryhttp://en.wikipedia.org/wiki/GNU_Privacy_Guard

The GNU Privacy Guard Handbookhttp://www.gnupg.org/gph/en/manual.html

Essay by Phil Zimmerman: "Why I wrote PGP"http://www.philzimmermann.com/EN/essays/

WhyIWrotePGP.html

PGP User Guide, including a good general introduction to cryptography

http://www.pgpi.org/doc/guide/7.0/en/

using gpg - the gnu privacy guard why does a security professional need this skill ? 3 gpg...

Documents

use of gpg

trustdb gpg

key pair

secret key

genkey gpg gnupg

gpg howtos use

key fingerprint

key ebef27fb