class: center, middle PGP and GnuPG—some basics ============================================================================= Use of unnecessary swearing while using crypto software... has been approved Verion 1.0 for 2019-05-08 --- Everyday uses of PGP ============================================================================= * email: sign, encrypt (all personal emails I send are signed by default) * git: signed tags, signed commits (for releases) * software releases: sign your tarballs, downloadables * SSH: you can use your PGP key as an SSH key * I use a PGP subkey on my Yubikey for SSH * amaze people at parties, be an international celebrity --- Threat models ============================================================================= * Why would anyone attack **you**? * you, your data, or your computing resources might be valuable * you might be a stepping stone to another target, such as your employer * you might be an easy target * An attacker may want to... * **impersonate** you * **falsify** a file you need or provide, such as a software download * **eavesdrop** your communications to steal sensitive information * An attacker may be... * a government: US, UK, Russia, China, etc, possibly illegally * law enforcement, possibly illegally * a large private organisation, possibly your employer * a criminal organisation * a minor criminal * someone with too much time and a twisted sense of humour * someone you know who doesn't like you --- Defences ============================================================================= * cryptography * widespread use of cryptography ("herd immunity") * general infosec and opsec: keep your devices secure, and don't do stuff that leaves you open for an attack * this can be really difficult, depending who you are and who's attacking you; if you're a desirable target, you need to learn to be secure, but if you're not, a few basic precautions is enough * compare with driving * if you're just running errands, you'll be OK after normal driving lessons * if you're in a Formula 1 race, you need to learn a lot more and work hard to even be allowed in the car * if the attacker is sufficiently motivated or sufficiently well-funded, and has sufficient time, you will probably eventually lose, sorry --- The kernel of wisdom is moderation in all things ----------------------------------------------------------------------------- * It's easy to become despondent, but don't. While security is never perfect, even a little effort will improve things a lot. You might run faster than others, so the bear won't attack you. * It's easy to try too hard, but don't become a cryptography or security absolutist. While it's good if everyone tries their best, and improves their cryptographic defences over time, don't despair if what they or you have isn't perfect. * **Cryptography absolutism** is when you say it's not worth using cryptography at all, unless you're protected against every conceivable scenario. --- Basics of public key cryptography ============================================================================= * Everyone has a key pair: a **public** and a **secret** key, which are linked together using advanced maths, such that data encrypted with one can only be decrypted with the other * you keep the **secret key secure** so that only you have a copy, and only you can use it * you **publish the public key** so that everyone can have a copy * Prove data or message is from you by **signing**: encrypt with your secret key, anyone can check by decrypting with your public key * Keep communications **secret**: everyone can encrypt with your public key, only you can decrypt using your secret key * Public key cryptography solves the key distribution problem. Traditional (symmetric) cryptography requires a shared secret or code between sender and receiver, and this can be complicated to arrange. * RSA, ElGamal, Diffie-Hellman, elliptic curve, etc: interesting maths if that's your thing, not required to be understood for using crypto (this might be a little controversial) --- Storing keys securely ============================================================================= * Consider your threat models: what do you need to protect against? * You should probably at least keep your main key pair off-line, on a USB stick, and only use it in a device whose security you trust * Subkeys: the main key is kept safe and forms the identity, but additional keys, linked to the main key. New subkeys can be generated at will for specific purposes, such as for keeping on a laptop for email * Subkeys can be stored on your normal devices, since they're easy to replace with new ones if they're compromised * Subkeys can also be stored on special devices for more secure key storage, such as Yubikeys * A secret key is data "at rest" (as opposed to "in transit"), and is basically only protected by the passphrase you set. * Choose a long passphrase that you won't forget. GnuPG can handle any length you can remember and type. * You can change the passphrase later if you want to make it stronger. --- Creating a key, with subkeys, with GnuPG ============================================================================= * Main key is used for keysigning, changing key uids, subkeys for everything else * Install GnuPG aka GPG aka gpg, version 2.1 or later (Linux, Mac, Windows) * **`gpg --gen-key`**, use defaults unless you know better * Also create subkeys, at least one for encryption and one for signing * Follow one of these: * * * Remember to create a **key revocation certificate** and store that somewhere safe that you can access without your PGP key --- Publishing a public key ============================================================================= * A network of key servers exist for this, to make it easy to find keys * Always use full fingerprints or 64-bit ("long") key ids to refer to keys * 32-bit (8 hex digit) short ids are no longer secure, and there are hoax keys with real names (see ) * **In principle** it doesn't matter which keyserver you use, the built-in default should be good enough, except sometimes it isn't * New keys and updates to keys propagate across the network automatically, but sometimes it takes time, even weeks * This pool of keyservers seems to be better than most:
* Add this line to **~/.gnupg/gpg.conf** and **dirmngr.conf**:
`keyserver hkps://hkps.pool.sks-keyservers.net` * Technically, only dirmngr.conf should be needed, but in my experience things work better if it's in both. --- Signing a key ============================================================================= * You can add any names and email addresses you like to a key generate; **anyone can create a new key and put your name on it;** how can anyone trust any given key? * "Web of trust" vs "Trust on first use" * Keys can have signatures, which mean **"the person who signed this key is confident that this key belongs to the person named in the key"** * Does *not* mean "is a trustworthy person, you should loan them money and your car" * "Is confident" is up to the signer, there are no rules * Key signatures are also published on the keyservers * You can tell GnuPG which keys' signatures you trust, and how much, and GnuPG will tell you if you can trust a key, even if you haven't signed it yourself * compare with introducing people in real life * "I trust Alice to introduce me to new people and not lie who they are" --- Signing a key: HOWTO, part 1 ============================================================================= * You need the fingerprint of the key you want to sign (KEYID below) and to get the actual key from the keyservers; or you can get in a file via email or similar * **`gpg --recv-key KEYID`** * **`gpg --import FILENAME`** * Sign key key, which is done by "editing" the key * **`gpg --edit-key KEYID`** * this will result in a **`gpg>`** prompt * enter the **`sign`** command, *check the fingerprint*, answer yes if you want to sign; this will ask for your key passphrase * you may also have a GPG agent running, in which case you may not need to provide a passphrase; the agent keeps the private key and remembers it without you having to enter a passphrase every time * enter the **`save`** command at the prompt --- Signing a key: HOWTO, part 2 ============================================================================= * Export and encrypt the signed key: * **`gpg --export --armor KEYID > key.pub`** * **`gpg --encrypt -r KEYID key.pub`** * GnupPG may tell you that the key isn't ultimately trusted; tell it to use the key anyway * Email the encrypted file **`key.pub.gpg`** (note suffix!) to the email address listed on the key * This ensures the person who controls the secret key actually receives email to the address given on the key --- Receiving a signature for your key ============================================================================= * Decrypt the email * Save the signed copy of your key to a file * Import the key: **`gpg --import FILENAME`** * Send the update key to the keyserver: **`gpg --send-key YOURKEYID`** --- Signing a key: the easy way ============================================================================= * On Debian and derived Linux distributions * **`apt install signing-party`** * **`caff FINGERPRINT`** * may require for a mail transport agent to be configured on the laptop --- Extending key expiration date ============================================================================= * Every key can have an expiration date * The secret key holder can extend the expiration date * It's optional, and not terribly useful * makes sure you don't forget how to use GnuPG * if you lose your secret key (careless!) it warns people to not use your key after it's expired * Make sure you have a revocation certificate and can get that even if you lose your secret key --- Using a USB stick: why? ============================================================================= * Store main key only on USB stick * Keep USB stick physically safe * full-disk encryption with stong passphrase * maybe stored in a safe * possibly guarded by armed guards with dogs * castles, moats, and sharks are probably overkill, but do consider crocodiles * some of this advice may be in jest * Also, only use USB stick in a computer you trust * You may want to mark all copies of the stick clearly * Have subkeys on laptop for everyday use --- Using a USB stick: overall approach ============================================================================= * GnuPG keeps everything in **`~/.gnupg`** by default, override by setting the **`GNUPGHOME`** environment variable * Use this to have two GnuPG instances: **main key on a USB stick**, and **subkeys on your laptop** * format a dedicated USB stick with a suitable filesystem (e.g., **ext4**), give it a filesystem **label**, and mount it (e.g., **`/media/liw/usb-stick`**) * make backup copies of the stick; probably best give each backup copy a dedicated filesystem label so you know which one is which * To use the main key, set **`export GNUPGHOME=/media/liw/usb-stick`** for key signing, importing signatures, creating new subkeys * For everything else, don't set the environment variable * GnuPG sometimes starts **background services**; you should **kill them** when switching between keys, or you'll be confused * **`gpgconf --kill gpg-agent`** * **`gpgconf --kill dirmngr`** --- Using a USB stick: moving main key ============================================================================= * Create your PGP and subkeys normally on your laptop, mount your USB stick * Mount point it something like **`/media/liw/usb-stick`** * Export secret subkeys to a file (on laptop) * **`gpg --export-secret-subkeys YOURKEYID > secret.key`** * Move the laptop's GnuPG stuff to USB stick. * **`mv ~/.gnupg /media/liw/usbstick/gnupg`** * Import the exported keys to laptop * **`gpg --import secret.key`** * this creates a new **`~/.gnupg`** directory; you may want to configure it * Check results: **`gpg -K`** * should show **`sec#`** to indicate missing main secret key * should show **`ssb`** to indicate secret subkey being present