10.05.2009 20:13

Notes on the GNU Privacy Guard

Stir in the OpenPGP community, a new attack on SHA-1 appears to break it a bit worse than before. US government agencies were instructed to cease all reliance on SHA-1. Deprecated. So now people are also massively generating new GPG keys to move away from SHA-1. GPG (open source alternative to PGP) default up until this point were DSA 1024-bit keys limited to a 160-bit hash (traditionally SHA-1). Meaning that probably more than 70% of primary keys in certain circles are indeed 1024-bit DSA keys. We can expect a lot of revoked keys in the following months. In the mean time GnuPG developers are considering a switch to RSA 2048-bit keys as the default.

I overreacted a bit in my previous PGP article. Some communities do use GPG heavily and rely on it, and I am just hanging with the wrong crowd. The fact that Arch Linux still doesn't have signed packages is not helping the situation. If you don't use GPG it's a good time to start, I will go trough some basics of key management and I hope you will follow. It will not only allow you to protect your e-mail and IM communication but also to protect your personal and sensitive data, encrypt your backups and more. I also want to do my part in helping the situation described in the previous article.

The SHA-1 problem should be dealt with first. Our signatures should use stronger digests, with SHA-2 and we should indicate that we prefer stronger digests in incoming messages. These preferences will also be published together with our public key, once we export it and place it on a "Public Key server" (PKS) or share it with our friends. I added to my "~/.gnupg/gpg.conf":

# Algorithm preferences
# - key signing algorithm
cert-digest-algo SHA512
# - encryption algorithms
personal-cipher-preferences TWOFISH AES256 AES192 AES BLOWFISH CAST5 3DES
# - signing algorithms
personal-digest-preferences SHA512 SHA384 SHA256 SHA224 SHA1 RIPEMD160 MD5
# - compression algorithms
personal-compress-preferences BZIP2 ZLIB ZIP Uncompressed
# - new keys algorithms
default-preference-list SHA512 SHA384 SHA256 SHA224 TWOFISH AES256 AES192 AES CAST5 ZLIB BZIP2 ZIP Uncompressed
Now I need a new key. This time at least a 2048-bit key, using RSA:
$ gpg --gen-key

  Please select what kind of key you want:
     (1) DSA and Elgamal (default)
     (2) DSA (sign only)
     (5) RSA (sign only)

  Your selection? 5

  RSA keys may be between 1024 and 4096 bits long.
  What keysize do you want? (2048) 4096
  Requested keysize is 4096 bits
After this comes a series of questions. The first is how long the key should be valid. You should set an expiration date, somewhere between 1 and 5 years would be reasonable. Your name, your e-mail and a comment (a common practice is to set your nickname) come next. The e-mail address being most important, it's the reason you are doing this remember. If you have multiple addresses and you want to use this key for all (or some) of them you can add additional identities later (we will come to that). The last question is to enter a passphrase used to protect this key. I don't need to tell you that it should be a decent pass-word.

When it's done you will get a notice similar to this:
pub 1024R/8865ED17 2009-05-09 [expires: 2009-05-10]
uid Test User (tuser) [tuser@host.tld]

Note that this key cannot be used for encryption. You may want to use
the command "--edit-key" to generate a subkey for this purpose.
This "8865ED17" bit is the key ID, it's important you know to recognize your own for any later key management. Now observe the notice at the end, the key you generated can be used for signing, you need another key, a subkey, for encryption. Remember, the first option was "DSA and Elgamal" in which case both keys would be generated at once. Let's generate the RSA subkey (for encryption only). Important are the commands I issue at the "Command>" prompt and I will skip some blocks of text, indicated with "...":
$ gpg --edit-key 8865ED17
  Command> addkey
  Please select what kind of key you want:
     (2) DSA (sign only)
     (4) Elgamal (encrypt only)
     (5) RSA (sign only)
     (6) RSA (encrypt only)

  Your selection? 6

  RSA keys may be between 1024 and 4096 bits long.
  What keysize do you want? (2048) 4096
  Requested keysize is 4096 bits
  Command> save
As I mentioned earlier you can tie multiple identities to your key-pair. You can edit your key and use the adduid command to add an additional identity and e-mail address. However you should be careful, it's not always wise to place all your eggs in one basket. You should not tie your on-line profile with your business address if you don't want people connecting the two. As you can add identities you can also remove them (deluid), but it's not possible to delete identities from keys already published on a PKS, they only keep stacking new identities on to your public key. Generating an additional key-pair would be a wiser choice if you are unsure.

Since you are dealing with gpg directly it's a good time to create a revocation certificate. In case you forget your passphrase in the future, or your key is compromised it will allow you to flag the key as invalid. You should store your revocation certificate in a safe place (i.e. print it on paper), and when time comes to revoke your key you need to import it to your keyring and publish the updated public key to a PKS:
$ gpg --gen-revoke 8865ED17

If you need to import it to your keyring:
$ gpg --import user.revoke.asc
Now you are ready to use your keys for all kinds of purposes. However this article is getting rather long and I will write about the basics of public-key cryptography and general application of the GNU Privacy Guard in the following article.

Written by anrxc | Permalink | Filed under crypto