From edcb8a55354f5ce781ebb0e139b38dae0ca76749 Mon Sep 17 00:00:00 2001 From: Lars Wirzenius Date: Fri, 31 Jan 2020 16:27:42 -0800 Subject: Change: use beamer for PGP talk --- pgptalk.md | 449 +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ pgptalk.mdwn | 422 ------------------------------------------------------- 2 files changed, 449 insertions(+), 422 deletions(-) create mode 100644 pgptalk.md delete mode 100644 pgptalk.mdwn diff --git a/pgptalk.md b/pgptalk.md new file mode 100644 index 0000000..1a9dd78 --- /dev/null +++ b/pgptalk.md @@ -0,0 +1,449 @@ +--- +title: PGP basics +date: Version 1.0.1 for 2019-05-08 +... + +PGP and GnuPG—some basics +============================================================================= + +Use of unnecessary swearing while using crypto software... +has been approved + + +--- + +Everyday uses of PGP +============================================================================= + +* email: sign, encrypt (all personal emails I send are signed by default) + +* git: signed tags, signed commits (for releases) + +* software releases: sign your tarballs, downloadables + +* SSH: you can use your PGP key as an SSH key + + * I use a PGP subkey on my Yubikey for SSH + +* amaze people at parties, be an international celebrity + +--- + +Threat models +============================================================================= + +* Why would anyone attack **you**? + + * you, your data, or your computing resources might be valuable + * you might be a stepping stone to another target, such as + your employer + * you might be an easy target + +* An attacker may want to... + + * **impersonate** you + * **falsify** a file you need or provide, such as a software + download + * **eavesdrop** your communications to steal sensitive information + +--- + +* An attacker may be... + + * a government: US, UK, Russia, China, etc, possibly illegally + * law enforcement, possibly illegally + * a large private organisation, possibly your employer + * a criminal organisation + * a minor criminal + * someone with too much time and a twisted sense of humour + * someone you know who doesn't like you + +--- + +Defences +============================================================================= + +* cryptography + +* widespread use of cryptography ("herd immunity") + +* general infosec and opsec: keep your devices secure, and don't + do stuff that leaves you open for an attack + +* this can be really difficult, depending who you are and who's + attacking you; if you're a desirable target, you need to learn to + be secure, but if you're not, a few basic precautions is enough + +* compare with driving + + * if you're just running errands, you'll be OK after normal + driving lessons + * if you're in a Formula 1 race, you need to learn a lot more and + work hard to even be allowed in the car + +* if the attacker is sufficiently motivated or sufficiently + well-funded, and has sufficient time, you will probably eventually + lose, sorry + +--- + +The kernel of wisdom is moderation in all things +----------------------------------------------------------------------------- + +* It's easy to become despondent, but don't. While security is never + perfect, even a little effort will improve things a lot. You might + run faster than others, so the bear won't attack you. + +* It's easy to try too hard, but don't become a cryptography or + security absolutist. While it's good if everyone tries their best, + and improves their cryptographic defences over time, don't despair + if what they or you have isn't perfect. + +* **Cryptography absolutism** is when you say it's not worth using + cryptography at all, unless you're protected against every + conceivable scenario. + +--- + +Basics of public key cryptography +============================================================================= + +* Everyone has a key pair: a **public** and a **secret** key, which + are linked together using advanced maths, such that data encrypted + with one can only be decrypted with the other + + * you keep the **secret key secure** so that only you have a copy, + and only you can use it + * you **publish the public key** so that everyone can have a copy + +* Prove data or message is from you by **signing**: encrypt with your + secret key, anyone can check by decrypting with your public key + + * actually, a cryptographic **hash** is signed, not the whole + message + +* Keep communications **secret**: everyone can encrypt with your + public key, only you can decrypt using your secret key + +--- + +* Public key cryptography solves the key distribution problem. + Traditional (symmetric) cryptography requires a shared secret or + code between sender and receiver, and this can be complicated to + arrange. + +* RSA, ElGamal, Diffie-Hellman, elliptic curve, etc: interesting maths + if that's your thing, not required to be understood for using crypto + (this might be a little controversial) + +--- + +Storing keys securely +============================================================================= + +* Consider your threat models: what do you need to protect against? + +* You should probably at least keep your main key pair off-line, + on a USB stick, and only use it in a device whose security you + trust + +* Subkeys: the main key is kept safe and forms the identity, and + subkeys are additional keys, linked to the main key. New subkeys can be + generated at will for specific purposes, such as for keeping on a + laptop for email + +--- + +* Subkeys can be stored on your normal devices, since they're easy + to replace with new ones if they're compromised + +* A secret key is data "at rest" (as opposed to "in transit"), and is + basically only protected by the passphrase you set. + + * Choose a long passphrase that you won't forget. GnuPG can handle + any length you can remember and type. + + * You can change the passphrase later if you want to make it + stronger. + +* Subkeys can also be stored on special devices for more secure key + storage, such as Yubikeys + + * Highly recommended for many use cases + + * Hardware restrictions prevent access of key + + +--- + +Creating a key, with subkeys, with GnuPG +============================================================================= + +* Main key is used for keysigning, changing key uids, subkeys for + everything else + +* Install GnuPG aka GPG aka gpg, version 2.1 or later (Linux, Mac, Windows) + +* **`gpg --gen-key`**, use defaults unless you know better + +* Also create subkeys, at least one for encryption and one for signing + +* Follow one of these: + + * + + * + +* Remember to create a **key revocation certificate** and store that + somewhere safe that you can access without your PGP key + +--- + +Publishing a public key +============================================================================= + +* A network of key servers exist for this, to make it easy to find + keys + +* Always use full fingerprints or 64-bit ("long") key ids to refer + to keys + + * 32-bit (8 hex digit) short ids are no longer secure, and there + are hoax keys with real names (see ) + +--- + +* **In principle** it doesn't matter which keyserver you use, the + built-in default should be good enough, except sometimes it isn't + + * New keys and updates to keys propagate across the network + automatically, but sometimes it takes time, even weeks + + * This pool of keyservers seems to be better than most:
+ + + * Add this line to **~/.gnupg/gpg.conf** and **dirmngr.conf**: +
`keyserver hkps://hkps.pool.sks-keyservers.net` + + * Technically, only dirmngr.conf should be needed, but in my + experience things work better if it's in both. + +--- + +Signing a key +============================================================================= + +* You can add any names and email addresses you like to a key + generate; **anyone can create a new key and put your name on it;** + how can anyone trust any given key? + +* "Web of trust" vs "Trust on first use" + +* Keys can have signatures, which mean **"the person who signed this + key is confident that this key belongs to the person named in + the key"** + + * Does *not* mean "is a trustworthy person, you should loan them + money and your car" + * "Is confident" is up to the signer, there are no rules + +--- + +* Key signatures are also published on the keyservers + + * However, this is currently not possible due to attack + +* You can tell GnuPG which keys' signatures you trust, and how + much, and GnuPG will tell you if you can trust a key, even if + you haven't signed it yourself + + * compare with introducing people in real life + + * "I trust Alice to introduce me to new people and not lie who + they are" + +--- + +Signing a key: HOWTO, part 1 +============================================================================= + +* You need the fingerprint of the key you want to sign (KEYID below) + and to get the actual key from the keyservers; or you can get in a + file via email or similar + + * **`gpg --recv-key KEYID`** + * **`gpg --import FILENAME`** + +* Sign key key, which is done by "editing" the key + + * **`gpg --edit-key KEYID`** + * this will result in a **`gpg>`** prompt + * enter the **`sign`** command, *check the fingerprint*, answer yes + if you want to sign; this will ask for your key passphrase + * you may also have a GPG agent running, in which case you may + not need to provide a passphrase; the agent keeps the private + key and remembers it without you having to enter a passphrase + every time + * enter the **`save`** command at the prompt + + +--- + +Signing a key: HOWTO, part 2 +============================================================================= + +* Export and encrypt the signed key: + + * **`gpg --export --armor KEYID > key.pub`** + * **`gpg --encrypt -r KEYID key.pub`** + * GnupPG may tell you that the key isn't ultimately trusted; tell + it to use the key anyway + +* Email the encrypted file **`key.pub.gpg`** (note suffix!) to the email + address listed on the key + +* This ensures the person who controls the secret key actually + receives email to the address given on the key + + +--- + +Receiving a signature for your key +============================================================================= + +* Decrypt the email + +* Save the signed copy of your key to a file + +* Import the key: **`gpg --import FILENAME`** + +* Send the update key to the keyserver: **`gpg --send-key YOURKEYID`** + + + +--- + +Signing a key: the easy way +============================================================================= + +* Works on Debian and derived Linux distributions, maybe others + +* **`apt install signing-party`** + +* **`caff FINGERPRINT`** + +* may require for a mail transport agent to be configured on the + laptop + +--- + +Extending key expiration date +============================================================================= + +* Every key can have an expiration date + +* The secret key holder can extend the expiration date + +* It's optional, and not terribly useful + + * makes sure you don't forget how to use GnuPG + + * if you lose your secret key (careless!) it warns people to not + use your key after it's expired + +* Make sure you have a revocation certificate and can get that even if + you lose your secret key + +--- + +Using a USB stick: why? +============================================================================= + +* Store main key only on USB stick + +* Keep USB stick physically safe + + * full-disk encryption with stong passphrase + * maybe stored in a safe + * possibly guarded by armed guards with dogs + * castles, moats, and sharks are probably overkill, but do + consider crocodiles + * some of this advice may be in jest + +* Also, only use USB stick in a computer you trust + +* You may want to mark all copies of the stick clearly + +* Have subkeys on laptop for everyday use + +--- + +Using a USB stick: overall approach +============================================================================= + +* GnuPG keeps everything in **`~/.gnupg`** by default, override by + setting the **`GNUPGHOME`** environment variable + +* Use this to have two GnuPG instances: **main key on a USB stick**, + and **subkeys on your laptop** + + * format a dedicated USB stick with a suitable filesystem (e.g., + **ext4**), give it a filesystem **label**, and mount it (e.g., + **`/media/liw/usb-stick`**) + * make backup copies of the stick; probably best give each backup + copy a dedicated filesystem label so you know which one is which + +--- + +* To use the main key, set **`export GNUPGHOME=/media/liw/usb-stick`** + for key signing, importing signatures, creating new subkeys + +* For everything else, don't set the environment variable + +* GnuPG sometimes starts **background services**; you should **kill + them** when switching between keys, or you'll be confused + + * **`gpgconf --kill gpg-agent`** + * **`gpgconf --kill dirmngr`** + +--- + +Using a USB stick: moving main key +============================================================================= + +* Create your PGP and subkeys normally on your laptop, mount your USB stick + + * Mount point it something like **`/media/liw/usb-stick`** + +* Export secret subkeys to a file (on laptop) + + * **`gpg --export-secret-subkeys YOURKEYID > secret.key`** + +* Move the laptop's GnuPG stuff to USB stick. + + * **`mv ~/.gnupg /media/liw/usbstick/gnupg`** + +--- + +* Import the exported keys to laptop + + * **`gpg --import secret.key`** + * this creates a new **`~/.gnupg`** directory; you may want to + configure it + +* Check results: **`gpg -K`** + + * should show **`sec#`** to indicate missing main secret key + * should show **`ssb`** to indicate secret subkey being present + +--- + +Legalese +============================================================================= + +Copyright 2019 Lars Wirzenius + +This content is licensed under the Creative Commons +Attribution-ShareAlike 4.0 International ([CC BY-SA 4.0][]) licence. + +[CC BY-SA 4.0]: https://creativecommons.org/licenses/by-sa/4.0/ diff --git a/pgptalk.mdwn b/pgptalk.mdwn deleted file mode 100644 index 593b6a5..0000000 --- a/pgptalk.mdwn +++ /dev/null @@ -1,422 +0,0 @@ -class: center, middle - -PGP and GnuPG—some basics -============================================================================= - -Use of unnecessary swearing while using crypto software... -has been approved - -Verion 1.0.1 for 2019-05-08 - ---- - -Everyday uses of PGP -============================================================================= - -* email: sign, encrypt (all personal emails I send are signed by default) - -* git: signed tags, signed commits (for releases) - -* software releases: sign your tarballs, downloadables - -* SSH: you can use your PGP key as an SSH key - - * I use a PGP subkey on my Yubikey for SSH - -* amaze people at parties, be an international celebrity - ---- - -Threat models -============================================================================= - -* Why would anyone attack **you**? - - * you, your data, or your computing resources might be valuable - * you might be a stepping stone to another target, such as - your employer - * you might be an easy target - -* An attacker may want to... - - * **impersonate** you - * **falsify** a file you need or provide, such as a software - download - * **eavesdrop** your communications to steal sensitive information - -* An attacker may be... - - * a government: US, UK, Russia, China, etc, possibly illegally - * law enforcement, possibly illegally - * a large private organisation, possibly your employer - * a criminal organisation - * a minor criminal - * someone with too much time and a twisted sense of humour - * someone you know who doesn't like you ---- - -Defences -============================================================================= - -* cryptography - -* widespread use of cryptography ("herd immunity") - -* general infosec and opsec: keep your devices secure, and don't - do stuff that leaves you open for an attack - -* this can be really difficult, depending who you are and who's - attacking you; if you're a desirable target, you need to learn to - be secure, but if you're not, a few basic precautions is enough - -* compare with driving - - * if you're just running errands, you'll be OK after normal - driving lessons - * if you're in a Formula 1 race, you need to learn a lot more and - work hard to even be allowed in the car - -* if the attacker is sufficiently motivated or sufficiently - well-funded, and has sufficient time, you will probably eventually - lose, sorry - ---- - -The kernel of wisdom is moderation in all things ------------------------------------------------------------------------------ - -* It's easy to become despondent, but don't. While security is never - perfect, even a little effort will improve things a lot. You might - run faster than others, so the bear won't attack you. - -* It's easy to try too hard, but don't become a cryptography or - security absolutist. While it's good if everyone tries their best, - and improves their cryptographic defences over time, don't despair - if what they or you have isn't perfect. - -* **Cryptography absolutism** is when you say it's not worth using - cryptography at all, unless you're protected against every - conceivable scenario. - ---- - -Basics of public key cryptography -============================================================================= - -* Everyone has a key pair: a **public** and a **secret** key, which - are linked together using advanced maths, such that data encrypted - with one can only be decrypted with the other - - * you keep the **secret key secure** so that only you have a copy, - and only you can use it - * you **publish the public key** so that everyone can have a copy - -* Prove data or message is from you by **signing**: encrypt with your - secret key, anyone can check by decrypting with your public key - -* Keep communications **secret**: everyone can encrypt with your - public key, only you can decrypt using your secret key - -* Public key cryptography solves the key distribution problem. - Traditional (symmetric) cryptography requires a shared secret or - code between sender and receiver, and this can be complicated to - arrange. - -* RSA, ElGamal, Diffie-Hellman, elliptic curve, etc: interesting maths - if that's your thing, not required to be understood for using crypto - (this might be a little controversial) - ---- - -Storing keys securely -============================================================================= - -* Consider your threat models: what do you need to protect against? - -* You should probably at least keep your main key pair off-line, - on a USB stick, and only use it in a device whose security you - trust - -* Subkeys: the main key is kept safe and forms the identity, but - additional keys, linked to the main key. New subkeys can be - generated at will for specific purposes, such as for keeping on a - laptop for email - -* Subkeys can be stored on your normal devices, since they're easy - to replace with new ones if they're compromised - -* Subkeys can also be stored on special devices for more secure key - storage, such as Yubikeys - -* A secret key is data "at rest" (as opposed to "in transit"), and is - basically only protected by the passphrase you set. - - * Choose a long passphrase that you won't forget. GnuPG can handle - any length you can remember and type. - - * You can change the passphrase later if you want to make it - stronger. - ---- - -Creating a key, with subkeys, with GnuPG -============================================================================= - -* Main key is used for keysigning, changing key uids, subkeys for - everything else - -* Install GnuPG aka GPG aka gpg, version 2.1 or later (Linux, Mac, Windows) - -* **`gpg --gen-key`**, use defaults unless you know better - -* Also create subkeys, at least one for encryption and one for signing - -* Follow one of these: - - * - - * - -* Remember to create a **key revocation certificate** and store that - somewhere safe that you can access without your PGP key - ---- - -Publishing a public key -============================================================================= - -* A network of key servers exist for this, to make it easy to find - keys - -* Always use full fingerprints or 64-bit ("long") key ids to refer - to keys - - * 32-bit (8 hex digit) short ids are no longer secure, and there - are hoax keys with real names (see ) - -* **In principle** it doesn't matter which keyserver you use, the - built-in default should be good enough, except sometimes it isn't - - * New keys and updates to keys propagate across the network - automatically, but sometimes it takes time, even weeks - - * This pool of keyservers seems to be better than most:
- - - * Add this line to **~/.gnupg/gpg.conf** and **dirmngr.conf**: -
`keyserver hkps://hkps.pool.sks-keyservers.net` - - * Technically, only dirmngr.conf should be needed, but in my - experience things work better if it's in both. - ---- - -Signing a key -============================================================================= - -* You can add any names and email addresses you like to a key - generate; **anyone can create a new key and put your name on it;** - how can anyone trust any given key? - -* "Web of trust" vs "Trust on first use" - -* Keys can have signatures, which mean **"the person who signed this - key is confident that this key belongs to the person named in - the key"** - - * Does *not* mean "is a trustworthy person, you should loan them - money and your car" - * "Is confident" is up to the signer, there are no rules - -* Key signatures are also published on the keyservers - -* You can tell GnuPG which keys' signatures you trust, and how - much, and GnuPG will tell you if you can trust a key, even if - you haven't signed it yourself - - * compare with introducing people in real life - * "I trust Alice to introduce me to new people and not lie who - they are" - ---- - -Signing a key: HOWTO, part 1 -============================================================================= - -* You need the fingerprint of the key you want to sign (KEYID below) - and to get the actual key from the keyservers; or you can get in a - file via email or similar - - * **`gpg --recv-key KEYID`** - * **`gpg --import FILENAME`** - -* Sign key key, which is done by "editing" the key - - * **`gpg --edit-key KEYID`** - * this will result in a **`gpg>`** prompt - * enter the **`sign`** command, *check the fingerprint*, answer yes - if you want to sign; this will ask for your key passphrase - * you may also have a GPG agent running, in which case you may - not need to provide a passphrase; the agent keeps the private - key and remembers it without you having to enter a passphrase - every time - * enter the **`save`** command at the prompt - - ---- - -Signing a key: HOWTO, part 2 -============================================================================= - -* Export and encrypt the signed key: - - * **`gpg --export --armor KEYID > key.pub`** - * **`gpg --encrypt -r KEYID key.pub`** - * GnupPG may tell you that the key isn't ultimately trusted; tell - it to use the key anyway - -* Email the encrypted file **`key.pub.gpg`** (note suffix!) to the email - address listed on the key - -* This ensures the person who controls the secret key actually - receives email to the address given on the key - - ---- - -Receiving a signature for your key -============================================================================= - -* Decrypt the email - -* Save the signed copy of your key to a file - -* Import the key: **`gpg --import FILENAME`** - -* Send the update key to the keyserver: **`gpg --send-key YOURKEYID`** - - - ---- - -Signing a key: the easy way -============================================================================= - -* On Debian and derived Linux distributions - -* **`apt install signing-party`** - -* **`caff FINGERPRINT`** - -* may require for a mail transport agent to be configured on the - laptop - ---- - -Extending key expiration date -============================================================================= - -* Every key can have an expiration date - -* The secret key holder can extend the expiration date - -* It's optional, and not terribly useful - - * makes sure you don't forget how to use GnuPG - - * if you lose your secret key (careless!) it warns people to not - use your key after it's expired - -* Make sure you have a revocation certificate and can get that even if - you lose your secret key - ---- - -Using a USB stick: why? -============================================================================= - -* Store main key only on USB stick - -* Keep USB stick physically safe - - * full-disk encryption with stong passphrase - * maybe stored in a safe - * possibly guarded by armed guards with dogs - * castles, moats, and sharks are probably overkill, but do - consider crocodiles - * some of this advice may be in jest - -* Also, only use USB stick in a computer you trust - -* You may want to mark all copies of the stick clearly - -* Have subkeys on laptop for everyday use - ---- - -Using a USB stick: overall approach -============================================================================= - -* GnuPG keeps everything in **`~/.gnupg`** by default, override by - setting the **`GNUPGHOME`** environment variable - -* Use this to have two GnuPG instances: **main key on a USB stick**, - and **subkeys on your laptop** - - * format a dedicated USB stick with a suitable filesystem (e.g., - **ext4**), give it a filesystem **label**, and mount it (e.g., - **`/media/liw/usb-stick`**) - * make backup copies of the stick; probably best give each backup - copy a dedicated filesystem label so you know which one is which - -* To use the main key, set **`export GNUPGHOME=/media/liw/usb-stick`** - for key signing, importing signatures, creating new subkeys - -* For everything else, don't set the environment variable - -* GnuPG sometimes starts **background services**; you should **kill - them** when switching between keys, or you'll be confused - - * **`gpgconf --kill gpg-agent`** - * **`gpgconf --kill dirmngr`** - ---- - -Using a USB stick: moving main key -============================================================================= - -* Create your PGP and subkeys normally on your laptop, mount your USB stick - - * Mount point it something like **`/media/liw/usb-stick`** - -* Export secret subkeys to a file (on laptop) - - * **`gpg --export-secret-subkeys YOURKEYID > secret.key`** - -* Move the laptop's GnuPG stuff to USB stick. - - * **`mv ~/.gnupg /media/liw/usbstick/gnupg`** - -* Import the exported keys to laptop - - * **`gpg --import secret.key`** - * this creates a new **`~/.gnupg`** directory; you may want to - configure it - -* Check results: **`gpg -K`** - - * should show **`sec#`** to indicate missing main secret key - * should show **`ssb`** to indicate secret subkey being present - ---- - -Legalese -============================================================================= - -Copyright 2019 Lars Wirzenius - -This content is licensed under the Creative Commons -Attribution-ShareAlike 4.0 International ([CC BY-SA 4.0][]) licence. - -[CC BY-SA 4.0]: https://creativecommons.org/licenses/by-sa/4.0/ - -- cgit v1.2.1