summaryrefslogtreecommitdiff
path: root/pgptalk.mdwn
blob: 5285e3634c98b4e14e7021207c13395cf392d06f (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
class: center, middle

PGP and GnuPG—some basics
=============================================================================

Use of unnecessary swearing while using crypto software...
has been approved

Verion 1.0 for 2019-05-08

---

Everyday uses of PGP
=============================================================================

* email: sign, encrypt (all personal emails I send are signed by default)

* git: signed tags, signed commits (for releases)

* software releases: sign your tarballs, downloadables

* SSH: you can use your PGP key as an SSH key

    * I use a PGP subkey on my Yubikey for SSH

* amaze people at parties, be an international celebrity

---

Threat models
=============================================================================

* Why would anyone attack **you**?

    * you, your data, or your computing resources might be valuable
    * you might be a stepping stone to another target, such as
      your employer
    * you might be an easy target

* An attacker may want to...

    * **impersonate** you
    * **falsify** a file you need or provide, such as a software
      download
    * **eavesdrop** your communications to steal sensitive information

* An attacker may be...

    * a government: US, UK, Russia, China, etc, possibly illegally
    * law enforcement, possibly illegally
    * a large private organisation, possibly your employer
    * a criminal organisation
    * a minor criminal
    * someone with too much time and a twisted sense of humour
    * someone you know who doesn't like you
---

Defences
=============================================================================

* cryptography

* widespread use of cryptography ("herd immunity")

* general infosec and opsec: keep your devices secure, and don't
  do stuff that leaves you open for an attack

* this can be really difficult, depending who you are and who's
  attacking you; if you're a desirable target, you need to learn to
  be secure, but if you're not, a few basic precautions is enough

* compare with driving

    * if you're just running errands, you'll be OK after normal
      driving lessons
    * if you're in a Formula 1 race, you need to learn a lot more and
      work hard to even be allowed in the car

* if the attacker is sufficiently motivated or sufficiently
  well-funded, and has sufficient time, you will probably eventually
  lose, sorry

---

The kernel of wisdom is moderation in all things
-----------------------------------------------------------------------------

* It's easy to become despondent, but don't. While security is never
  perfect, even a little effort will improve things a lot. You might
  run faster than others, so the bear won't attack you.

* It's easy to try too hard, but don't become a cryptography or
  security absolutist. While it's good if everyone tries their best,
  and improves their cryptographic defences over time, don't despair
  if what they or you have isn't perfect.

* **Cryptography absolutism** is when you say it's not worth using
  cryptography at all, unless you're protected against every
  conceivable scenario.

---

Basics of public key cryptography
=============================================================================

* Everyone has a key pair: a **public** and a **secret** key, which
  are linked together using advanced maths, such that data encrypted
  with one can only be decrypted with the other

    * you keep the **secret key secure** so that only you have a copy,
      and only you can use it
    * you **publish the public key** so that everyone can have a copy

* Prove data or message is from you by **signing**: encrypt with your
  secret key, anyone can check by decrypting with your public key

* Keep communications **secret**: everyone can encrypt with your
  public key, only you can decrypt using your secret key

* Public key cryptography solves the key distribution problem.
  Traditional (symmetric) cryptography requires a shared secret or
  code between sender and receiver, and this can be complicated to
  arrange.

* RSA, ElGamal, Diffie-Hellman, elliptic curve, etc: interesting maths
  if that's your thing, not required to be understood for using crypto
  (this might be a little controversial)

---

Storing keys securely
=============================================================================

* Consider your threat models: what do you need to protect against?

* You should probably at least keep your main key pair off-line,
  on a USB stick, and only use it in a device whose security you
  trust

* Subkeys: the main key is kept safe and forms the identity, but
  additional keys, linked to the main key. New subkeys can be
  generated at will for specific purposes, such as for keeping on a
  laptop for email

* Subkeys can be stored on your normal devices, since they're easy
  to replace with new ones if they're compromised

* Subkeys can also be stored on special devices for more secure key
  storage, such as Yubikeys

* A secret key is data "at rest" (as opposed to "in transit"), and is
  basically only protected by the passphrase you set.

    * Choose a long passphrase that you won't forget. GnuPG can handle
      any length you can remember and type.

    * You can change the passphrase later if you want to make it
      stronger.

---

Creating a key, with subkeys, with GnuPG
=============================================================================

* Main key is used for keysigning, changing key uids, subkeys for
  everything else

* Install GnuPG aka GPG aka gpg, version 2.1 or later (Linux, Mac, Windows)

* **`gpg --gen-key`**, use defaults unless you know better

* Also create subkeys, at least one for encryption and one for signing

* Follow one of these:

    * <https://alexcabal.com/creating-the-perfect-gpg-keypair>

    * <https://blog.liw.fi/posts/2017/05/29/using_a_yubikey_4_for_ensafening_one_s_encryption/>

* Remember to create a **key revocation certificate** and store that
  somewhere safe that you can access without your PGP key

---

Publishing a public key
=============================================================================

* A network of key servers exist for this, to make it easy to find
  keys

* Always use full fingerprints or 64-bit ("long") key ids to refer
  to keys

    * 32-bit (8 hex digit) short ids are no longer secure, and there
      are hoax keys with real names (see <https://evil32.com/>)

* **In principle** it doesn't matter which keyserver you use, the
  built-in default should be good enough, except sometimes it isn't

    * New keys and updates to keys propagate across the network
      automatically, but sometimes it takes time, even weeks

    * This pool of keyservers seems to be better than most:<br/>
      <http://sks-keyservers.net>

    * Add this line to **~/.gnupg/gpg.conf** and **dirmngr.conf**:
      <br/> `keyserver hkps://hkps.pool.sks-keyservers.net`

    * Technically, only dirmngr.conf should be needed, but in my
      experience things work better if it's in both.

---

Signing a key
=============================================================================

* You can add any names and email addresses you like to a key
  generate; **anyone can create a new key and put your name on it;**
  how can anyone trust any given key?

* "Web of trust" vs "Trust on first use"

* Keys can have signatures, which mean **"the person who signed this
  key is confident that this key belongs to the person named in
  the key"**

    * Does *not* mean "is a trustworthy person, you should loan them
      money and your car"
    * "Is confident" is up to the signer, there are no rules

* Key signatures are also published on the keyservers

* You can tell GnuPG which keys' signatures you trust, and how
  much, and GnuPG will tell you if you can trust a key, even if
  you haven't signed it yourself

    * compare with introducing people in real life
    * "I trust Alice to introduce me to new people and not lie who
      they are"

---

Signing a key: HOWTO, part 1
=============================================================================

* You need the fingerprint of the key you want to sign (KEYID below)
  and to get the actual key from the keyservers; or you can get in a
  file via email or similar

    * **`gpg --recv-key KEYID`**
    * **`gpg --import FILENAME`**

* Sign key key, which is done by "editing" the key

    * **`gpg --edit-key KEYID`**
    * this will result in a **`gpg>`** prompt
    * enter the **`sign`** command, *check the fingerprint*, answer yes
      if you want to sign; this will ask for your key passphrase
    * you may also have a GPG agent running, in which case you may
      not need to provide a passphrase; the agent keeps the private
      key and remembers it without you having to enter a passphrase
      every time
    * enter the **`save`** command at the prompt


---

Signing a key: HOWTO, part 2
=============================================================================

* Export and encrypt the signed key:

    * **`gpg --export --armor KEYID > key.pub`**
    * **`gpg --encrypt -r KEYID key.pub`**
    * GnupPG may tell you that the key isn't ultimately trusted; tell
      it to use the key anyway

* Email the encrypted file **`key.pub.gpg`** (note suffix!) to the email
  address listed on the key

* This ensures the person who controls the secret key actually
  receives email to the address given on the key


---

Receiving a signature for your key
=============================================================================

* Decrypt the email

* Save the signed copy of your key to a file

* Import the key: **`gpg --import FILENAME`**

* Send the update key to the keyserver: **`gpg --send-key YOURKEYID`**



---

Signing a key: the easy way
=============================================================================

* On Debian and derived Linux distributions

* **`apt install signing-party`**

* **`caff FINGERPRINT`**

* may require for a mail transport agent to be configured on the
  laptop

---

Extending key expiration date
=============================================================================

* Every key can have an expiration date

* The secret key holder can extend the expiration date

* It's optional, and not terribly useful

    * makes sure you don't forget how to use GnuPG

    * if you lose your secret key (careless!) it warns people to not
      use your key after it's expired

* Make sure you have a revocation certificate and can get that even if
  you lose your secret key

---

Using a USB stick: why?
=============================================================================

* Store main key only on USB stick

* Keep USB stick physically safe

    * full-disk encryption with stong passphrase
    * maybe stored in a safe
    * possibly guarded by armed guards with dogs
    * castles, moats, and sharks are probably overkill, but do
      consider crocodiles
    * some of this advice may be in jest

* Also, only use USB stick in a computer you trust

* You may want to mark all copies of the stick clearly

* Have subkeys on laptop for everyday use

---

Using a USB stick: overall approach
=============================================================================

* GnuPG keeps everything in **`~/.gnupg`** by default, override by
  setting the **`GNUPGHOME`** environment variable

* Use this to have two GnuPG instances: **main key on a USB stick**,
  and **subkeys on your laptop**

    * format a dedicated USB stick with a suitable filesystem (e.g.,
      **ext4**), give it a filesystem **label**, and mount it (e.g.,
      **`/media/liw/usb-stick`**)
    * make backup copies of the stick; probably best give each backup
      copy a dedicated filesystem label so you know which one is which

* To use the main key, set **`export GNUPGHOME=/media/liw/usb-stick`**
  for key signing, importing signatures, creating new subkeys

* For everything else, don't set the environment variable

* GnuPG sometimes starts **background services**; you should **kill
  them** when switching between keys, or you'll be confused

    * **`gpgconf --kill gpg-agent`**
    * **`gpgconf --kill dirmngr`**

---

Using a USB stick: moving main key
=============================================================================

* Create your PGP and subkeys normally on your laptop, mount your USB stick

    * Mount point it something like **`/media/liw/usb-stick`**

* Export secret subkeys to a file (on laptop)

    * **`gpg --export-secret-subkeys YOURKEYID > secret.key`**

* Move the laptop's GnuPG stuff to USB stick.

    * **`mv ~/.gnupg /media/liw/usbstick/gnupg`**

* Import the exported keys to laptop

    * **`gpg --import secret.key`**
    * this creates a new **`~/.gnupg`** directory; you may want to
      configure it

* Check results: **`gpg -K`**

    * should show **`sec#`** to indicate missing main secret key
    * should show **`ssb`** to indicate secret subkey being present