Search My Blog

ruby (4) web (4) ruby on rails (3) security (3) GPG (2) OpenPGP (2) RFC (2) linux (2) rails (2) shell (2) sysadmin (2) Exchange (1) GIT. (1) IMAP (1) RCS (1) SSH (1) SVN (1) bundle (1) cURL (1) command line (1) crack (1) css (1) developer (1) email (1) fail (1) hack (1) http (1) mac (1) network (1) password (1) regular expression (1) script (1) subversion (1) terminal (1) textmate (1) tip (1) vim (1)

Wednesday, February 15, 2012

What is GnuPG and how to create your GPG primary key and subkeys

Daniel-san, must talk. Walk on road, hm? Walk left side, safe. Walk right side, safe. Walk middle, sooner or later, get squish just like grape. Here, karate, same thing. Either you karate do "yes", or karate do "no". You karate do "guess so", get squish just like grape. Understand?
- Mr Kesuke Miyagi

For GPG the same holds true. It's never a good idea to entrust your safety to a stranger.
If you are starting with GPG you may be frightened by the lack of a short, practical documentation about how to create your keys and how to best use them. Unfortunately GPG seems to be a niche topic for insider people, I've been very frustrated learning how do certain thing work.
So I'm writing a few number of posts that should help people with little or no knowledge about public key cryptography to gain confidence with the GNU Privacy Guard (GnuPG or GPG) implementation of the PKC paradigma. Current versions of PGP are interoperable with GnuPG and other OpenPGP-compliant systems. GnuPG is a part of the Free Software Foundation's GNU software project, and has received major funding from the German government.

What is Public Key Cryptography (PKC)?

As written in the The GNU Privacy Handbook by the The Free Software Foundation (FSF), Public-key ciphers are based on one-way trapdoor functions. A one-way function is a function that is easy to compute, but the inverse is hard to compute. For example, it is easy to multiply two prime numbers together to get a composite, but it is difficult to factor a composite into its prime components. A one-way trapdoor function is similar, but it has a trapdoor. That is, if some piece of information is known, it becomes easy to compute the inverse. For example, if you have a number made of two prime factors, then knowing one of the factors makes it easy to compute the second. Given a public-key cipher based on prime factorization, the public key contains a composite number made from two large prime factors, and the encryption algorithm uses that composite to encrypt the message. The algorithm to decrypt the message requires knowing the prime factors, so decryption is easy if you have the private key containing one of the factors but extremely difficult if you do not have it.

What is a "key" and what you can do with it?

In public key cryptography, as opposed to symmetic key cryptography, a “key” actually of two parts, you can think about them as the two very large prime numbers used in the one-way trapdoor function described above: a public key, and a secret (or private) key; for this reason it would be more appropriate to refer to a “key pair”.
More about the analogy between a key pair and the prime numbers can be found on the RSA working example on Wikipedia

With a key pair you can mainly do two sort of things on some data: sign & verify, or encrypt & decrypt:
- You use your secret key to digitally sign files, and others use your public key to verify the signature.
- Or, others use your public key to encrypt something, and you use the secret key to decrypt it.

One very special use of a key pair is to sign other people’s public key: doing so, you mean that you trust that key pair as belonging to someone you know in person. The more people sign your public key, the more trustable it is. A group of people that trust each other signing their keys is called a web of trust. A “web of trust” is the cryptography equivalent of “reputation”. This model is opposed to the centralized trust model of a public key infrastructure (PKI), which relies exclusively on a certificate authority (or a hierarchy of such).

As the word suggests, a secret key (and its backup) should be kept out of reach from any other person, whereas the public key should spread all over the world so that others have a mean to verify your authenticity and encrypt files for your eyes only.

Once your primary (master) key has been trusted by many people, properly used and mantained, it becomes one of the best proof of your online identity, so you should store it in a safe and possibly disconnected place.
And here’s where the subkeys come into play.

How to create my GPG key and subkeys

OpenPGP encourages use of multiple subkeys, which are like the normal key pairs, except that they are always listed along with their master key pair.
When you create your own key pair,

$ gpg -v --gen-key
gpg (GnuPG/MacGPG2) 2.0.17; Copyright (C) 2011 Free Software Foundation, Inc.

gpg: keyring `~/.gnupg/secring.gpg' created
gpg: keyring `~/.gnupg/pubring.gpg' created

Please select what kind of key you want:
(1) RSA and RSA (default because it’s now the best choice)
(2) DSA and Elgamal
(3) DSA (sign only)
(4) RSA (sign only)
Your selection? 1

What keysize do you want? (2048) 4096

Please specify how long the key should be valid.
0 = key does not expire
= key expires in n days
w = key expires in n weeks
m = key expires in n months
y = key expires in n years
Key is valid for? (0) 0

GnuPG needs to construct a user ID to identify your key.
Real name: Claudio Floreani
Email address:
Comment: Write here something that will help other people to recognize you

You need a Passphrase to protect your secret key.
gpg: writing public key to `~/.gnupg/pubring.gpg'
gpg: writing secret key to `~/.gnupg/secring.gpg'
gpg: ~/.gnupg/trustdb.gpg: trustdb created
gpg: using PGP trust model
gpg: key 889C36B7 marked as ultimately trusted
public and secret key created and signed.

pub 4096R/889C36B7 2010-10-01 (MASTER KEY, usage: SC, sign and certify)
Key fingerprint = 0ABE C1F7 D52A F468 A483 466A 0F6D 370E 889C 36B7
uid Claudio Floreani (some clues about me)
sub 4096R/E6F9976E 2010-10-01 (DEFAULT SUBKEY, usage: E, encryption)
GnuPG actually builds a signing-only key as the master key (the one marked with “pub” and flagged "Sign" and "Certify"), and creates an encryption subkey automatically (the one marked with “sub” and flagged “Encrypt”).

Revocation certificate: when you should build it and why you should use it?

After your keypair is created you should immediately generate a revocation certificate for the whole key using the command --gen-revoke (note: to revoke a subkey or a signature, use the  subcommands revkey or revsig from --edit-key):

$ gpg --gen-revoke 889C36B7 > revoc_cert/889C36B7_revoc_cert.asc
(this won’t alter your keyring)
You can then import that revocation certificate onto your keyring to revoke the key. Think about the revocation certificate as an insurance that lets you keep ultimate control over your key. Once you decided to get rid of your key you would like to share this revocation certificate, keeping in mind that a revoked public key:
  • can still be used to verify signatures made by you in the past
  • cannot be used to encrypt future messages to you
  • can be used to decrypt messages sent to you in the past (if you still do have access to the secret key)

GPG file types

You may have noticed that the certificate has an .asc extension. That’s because by default this command output a text file.

GnuPG uses two main file types:
- .ASC: ASCII Armored files (MIME: application/pgp-keys): a special text format that GPG (and PGP) use to convert binary data into ASCII text so that is especially suitable for use in email messages.
- .GPG: Binary files (MIME: application/x-pgp-keyring): By default most GPG operations produce this binary files that designed to be used directly by GPG (or PGP).

By default GPG creates its keyring under a hidden folder named .gnupg in the user's home (~/.gnupg), but you can override this specifying a GNUPGHOME environment variable:
$ export GNUPGHOME="/another/path/"
Under this folder, GPG creates these files at the first usage:
secring.gpg - Holds the secret keyring (can be viewed with gpg -k or gpg --list-keys)
pubring.gpg - Holds the public keyring (can be viewed with gpg -K or gpg --list-secret-keys)
trustdb.gpg - It's the trust database. (There is no need to backup this file, it is better to backup the ownertrust values: gpg –export-ownertrust)
random_seed - Is used to preserve the internal random pool
gpg.conf - Default configuration file
In the following post I will describe some basic GPG usage, and take a depth look at subkeys and their capabilities.