Stir in the OpenPGP community, a
new attack
on SHA-1 appears to break it a bit worse than before. US
government agencies were instructed
to cease
all reliance on SHA-1. Deprecated. So now people are also
massively generating new GPG keys to move away from
SHA-1. GPG (open source alternative to PGP) default
up until this point were DSA 1024-bit keys limited to
a 160-bit hash (traditionally SHA-1). Meaning that probably
more than 70% of primary keys in certain circles are indeed 1024-bit
DSA keys. We can expect a lot of revoked keys in the following
months. In the mean time GnuPG developers are
considering a
switch to RSA 2048-bit keys as the default.
I overreacted a bit in
my previous
PGP article. Some communities do use GPG heavily and rely on it,
and I am just hanging with the wrong crowd. The fact that Arch
Linux
still doesn't
have signed packages is not helping the situation. If you don't
use GPG it's a good time to start, I will go trough some basics of key
management and I hope you will follow. It will not only allow you to
protect your e-mail and IM communication but also to protect your
personal and sensitive data, encrypt your backups and more. I also
want to do my part in helping the situation described in the previous
article.
The SHA-1 problem should be dealt with first. Our signatures should
use stronger digests, with SHA-2 and we should indicate that we
prefer stronger digests in incoming messages. These preferences will
also be published together with our public key, once we export
it and place it on a "Public Key server" (PKS) or share it
with our friends. I added to my "~/.gnupg/gpg.conf":
# Algorithm preferencesNow I need a new key. This time at least a 2048-bit key, using RSA:
# - key signing algorithm
cert-digest-algo SHA512
# - encryption algorithms
personal-cipher-preferences TWOFISH AES256 AES192 AES BLOWFISH CAST5 3DES
# - signing algorithms
personal-digest-preferences SHA512 SHA384 SHA256 SHA224 SHA1 RIPEMD160 MD5
# - compression algorithms
personal-compress-preferences BZIP2 ZLIB ZIP Uncompressed
# - new keys algorithms
default-preference-list SHA512 SHA384 SHA256 SHA224 TWOFISH AES256 AES192 AES CAST5 ZLIB BZIP2 ZIP Uncompressed
$ gpg --gen-key
Please select what kind of key you want:
(1) DSA and Elgamal (default)
(2) DSA (sign only)
(5) RSA (sign only)
Your selection? 5
RSA keys may be between 1024 and 4096 bits long.
What keysize do you want? (2048) 4096
Requested keysize is 4096 bits
After this comes a series of questions. The first is how long the key
should be valid. You should set an expiration date, somewhere between
1 and 5 years would be reasonable. Your name, your e-mail and a
comment (a common practice is to set your nickname) come next. The
e-mail address being most important, it's the reason you are doing
this remember. If you have multiple addresses and you want to use this
key for all (or some) of them you can add additional identities later
(we will come to that). The last question is to enter a passphrase
used to protect this key. I don't need to tell you that it should be a
decent pass-word. pub 1024R/8865ED17 2009-05-09 [expires: 2009-05-10]This "8865ED17" bit is the key ID, it's important you know to recognize your own for any later key management. Now observe the notice at the end, the key you generated can be used for signing, you need another key, a subkey, for encryption. Remember, the first option was "DSA and Elgamal" in which case both keys would be generated at once. Let's generate the RSA subkey (for encryption only). Important are the commands I issue at the "Command>" prompt and I will skip some blocks of text, indicated with "...":
uid Test User (tuser) [tuser@host.tld]
Note that this key cannot be used for encryption. You may want to use
the command "--edit-key" to generate a subkey for this purpose.
$ gpg --edit-key 8865ED17
...
Command> addkey
...
Please select what kind of key you want:
(2) DSA (sign only)
(4) Elgamal (encrypt only)
(5) RSA (sign only)
(6) RSA (encrypt only)
Your selection? 6
RSA keys may be between 1024 and 4096 bits long.
What keysize do you want? (2048) 4096
Requested keysize is 4096 bits
...
Command> save
As I mentioned earlier you can tie multiple identities to your
key-pair. You can edit your key and use the adduid command to
add an additional identity and e-mail address. However you should be
careful, it's not always wise to place all your eggs in one
basket. You should not tie your on-line profile with your business
address if you don't want people connecting the two. As you can add
identities you can also remove them (deluid), but it's not
possible to delete identities from keys already published on a PKS,
they only keep stacking new identities on to your public
key. Generating an additional key-pair would be a wiser choice if you
are unsure.$ gpg --gen-revoke 8865ED17Now you are ready to use your keys for all kinds of purposes. However this article is getting rather long and I will write about the basics of public-key cryptography and general application of the GNU Privacy Guard in the following article.
If you need to import it to your keyring:
$ gpg --import user.revoke.asc