Table of Contents
1 Email
In the world of data transmission on the Internet, email is about as secure as your house would be if you removed the front door, the back door, and all the windows. It's not secure at all, and anybody with a network sniffer can see the data packets as they travel on the network. Most people have a vague idea about this, but they don't know the half of it.
Never send any sensitive information using email.
Sensitive information is defined as anything that you don't want prying eyes to see. It certainly includes things like bank account numbers, credit card numbers, and social security numbers, and the password to your online stock brokerage account. We'd never think of sending this information in email.
But what about other stuff? Stuff that is personal and potentially embarrassing? Innocent things that we might say in email, about sick kids, mother-in-laws, and the doctor putting you on blood pressure pills are all things we might not want others to know. Or may be you hold strong political views about any number of current issues: abortion, gay marriage, the war. All of these is potentially personally embarrassing, maybe even professionally harmful. Whatever, it's nobody else's business, is it?
And yet despite the insecure nature of email, we use email almost daily to communicate about all sorts of personal things that we'd rather others didn't know. Some do it because they don't know any better. Others because it's the easiest and most readily available means of dashing off the quick note. Whatever the reason, the temptation is too great. After all, who hasn't sent sensitive information in email?
Is there an easy way to make email secure.
Happily there is.
PGP (Pretty Good Privacy) was created by Philip Zimmermann in 1991. It is used for both privacy and authentication. An implementation of Zimmermann's algorithm has been developed by Gnu, called gpg.
The basic idea of PGP is to encrypt data with one key and then to decrypt it with another. Let's call one key public, because everybody has access to it, and the other private, because it's secret and only the owner has it.
How might we use a public and private key encryption-decryption system?
2 Private Communication
Suppose that you want to send a private email to Mary Jo. Only Mary Jo should be able to see the contents. Fortunately, just like you, Mary Jo uses gpg. She has created a public/private key pair. You have access to Mary Jo's public key (just like everybody else).
You encrypt your message to Mary Jo using her public key.
Now the message looks like a string of random characters, gibberish, and nobody else can read the message.
You send the encrypted message to Mary Jo via email.
Mary Jo gets the encrypted message. She decrypts it using her private key. Nobody else has Mary Jo's private key. She reads the message.
Suppose Mary Jo wants to respond back to you privately. She writes a message to you and she uses your public key (openly available to everybody) and the process repeats. You'll get the encrypted message from her and decrypt it with your private key.
This scenario has shown us that we can use PGP for secure, private, communication.
3 Authenticated Communication
There's another way to use PGP, and that's for authenticated communication.
Suppose you want to send an email to Mary Jo, but Mary Jo needs to be assured that the email is actually from you, or to put it another way, that it's authentic.
Here's how it works. You write your message and then sign it, not with Mary Jo's public key, but with your private key.
Mary Jo receives the message, but how can she know that it really came from you? She tests the signature with your public key. Only your public key authenticates the message, because that message was signed by you with your private key.
This scenario has shown us that we can use PGP for authenticated communication.
4 Using GPG: an implementation of PGP
Your Linux distribution probably already has a PGP implementation called gpg.
On my system, running Ubuntu 9.10 (karmac), I can grep for gpg from the list of packages and get the following:
dpkg -l | grep gpg ii gpgv 1.4.9-4ubuntu7 GNU privacy guard - signature verification t
If you don't have it, you can either install the package, or download from the GnuPGP website.
5 Creating a Private/Public Key Pair
We're going to assume that Mary Jo wants to receive secure communication from Sam. Here's how she sets it up.
First step is for Mary Joe to generate her key:
mjj@example.com:~$ gpg --gen-key
In order to generate the key, gpg will ask Mary Jo a series of questions:
gpg (GnuPG) 1.4.9; Copyright (C) 2008 Free Software Foundation, Inc. This is free software: you are free to change and redistribute it. There is NO WARRANTY, to the extent permitted by law. Please select what kind of key you want: (1) DSA and Elgamal (default) (2) DSA (sign only) (5) RSA (sign only) Your selection?
Mary Jo simple selects the default.
DSA keypair will have 1024 bits. ELG-E keys may be between 1024 and 4096 bits long. What keysize do you want? (2048)
And again, she accepts the default.
Please specify how long the key should be valid.
0 = key does not expire
<n> = key expires in n days
<n>w = key expires in n weeks
<n>m = key expires in n months
<n>y = key expires in n years
Key is valid for? (0)
This is an interesting question. How long should the key be valid? If the key never expires, and the key becomes compromised (i.e., Mary Jo loses her private key), then anything encrypted with it will be compromised. On the other hand, if the key expires in 1 day, she'll constantly be creating new keys. A reasonable compromise? I'd say six months to one year.
Key is valid for? (0) 6m
Key expires at Wed 02 Jun 2010 01:29:22 PM PDT
Is this correct? (y/N) y
You need a user ID to identify your key; the software constructs the user ID
from the Real Name, Comment and Email Address in this form:
"Heinrich Heine (Der Dichter) <heinrichh@duesseldorf.de>"
Real name:
Now Mary Jo is asked to fill in identifying information.
Real name: Mary Jo Jones Email address: mjj@example.com Comment: You selected this USER-ID: "Mary Jo Jones <mjj@example.com>" Change (N)ame, (C)omment, (E)mail or (O)kay/(Q)uit? o You need a Passphrase to protect your secret key. Enter passphrase:
The passphrase is a long string that only Mary Jo knows. What's appropriate here? Something long with lowercase and uppercase letters, numbers and punctuation. And something she won't have to write down to remember.
We need to generate a lot of random bytes. It is a good idea to perform some other action (type on the keyboard, move the mouse, utilize the disks) during the prime generation; this gives the random number generator a better chance to gain enough entropy. .+++++.+++++.+++++++++++++++.++++++++++.+++++++++++++++.++++++++++.+++++.+++++.. +++++++++++++++++++++++++.++++++++++.++++++++++++++++++++++++++++++..>+++++..... ............................................+++++ We need to generate a lot of random bytes. It is a good idea to perform some other action (type on the keyboard, move the mouse, utilize the disks) during the prime generation; this gives the random number generator a better chance to gain enough entropy. +++++.++++++++++++++++++++++++++++++++++++++++.+++++..+++++++++++++++...+++++..+++ ++..+++++..++++++++++.++++++++++.++++++++++++++++++++...+++++..+++++++++++++++..++ +++>++++++++++>+++++>+++++.................................>+++++................. ..........................................................+++++^^^ gpg: key 8888BBD4 marked as ultimately trusted public and secret key created and signed. gpg: checking the trustdb gpg: 3 marginal(s) needed, 1 complete(s) needed, PGP trust model gpg: depth: 0 valid: 2 signed: 0 trust: 0-, 0q, 0n, 0m, 0f, 2u gpg: next trustdb check due at 2010-06-02 pub 1024D/8888BBD4 2009-12-04 [expires: 2010-06-02] Key fingerprint = C61E 14EC 8078 AC8C 59A6 D909 7B07 6A08 8888 BBD4 uid Mary Jo Jones <mjj@example.com> sub 2048g/092F4D36 2009-12-04 [expires: 2010-06-02]
That's it! Mary Jo has created a public and private key.
Now she needs to share her public key with others. It doesn't matter who knows the public key. Public keys are, after all, meant to be public. But her point in doing this is that she wants Sam to have it, so that Sam can send her private messages.
Mary Jo must export the public key.
mjj@example.com:~$ gpg --armor --export "Mary Jo Jones" -----BEGIN PGP PUBLIC KEY BLOCK----- Version: GnuPG v1.4.9 (GNU/Linux) mQGiBEsZcSIRBACmAct8gJeyp84JaZw7mkvx3rVwlkaYMkG4whQ9kVutYHlgzr+8 GhQVB1XEnXfAZdqO2/7vTIZJW3cbjMYkDXFhknXMbIQMUMyEt6N97gpQfw38mXaq 7eYppwjQiiw1vIKmtQl0AkMVhvK6MQVmwwk7U4kAN9o5XG8vLJubG0uFvwCgrw+K a9k/mEYRjKsS6Zidxrd5s0MD/jvIt6aSdE4nXv2lAx76l/mdvXFvHoJD8N1+zQ04 WM9RA8C7lo96JiBLsqwRR8r9JaoinwSFKegMCR5p/KWjp8MxyBaKHqd4pt5X1Axp myIm4tbIyq434cvVMVAtHPnPNFowql9FKXjLZ9QK1TgK/2DRElwD1WQrSZT+aJGf 6RnyA/9lUwOG9q41ByEpWZx2iCrIjNL9pkjrSGCQWM88xg81a5VCgBQhZEcDDcFe W0oElFknUUASElz0vYImA4gf8hsZ7dVMnETzo9DflnlGB3b83Czxd1ys3QeUhJhM roXWeh3qD9U6fBbdoLOIWPJ0xNLhPx4nqv47SX5WnnYEgfnNzrQfTWFyeSBKbyBK b25lcyA8bWpqQGV4YW1wbGUuY29tPohmBBMRAgAmBQJLGXEiAhsDBQkA7U4ABgsJ CAcDAgQVAggDBBYCAwECHgECF4AACgkQewdqCIiIu9SZsQCfej7huito5s4fiLsZ A7LbDiZEacsAnjbDTlxqfFJgr017vmhSYxgAZiUIuQINBEsZcSIQCACR/Ggqhcle 1FPAGlr29rhEPekFXTXlpezXaWIoMctUmyrHMzzjGwP6cI8B0N/SX6bFGYfyJVk1 FueFTV87dcA791Am/h3d+6Vg4jeizsWzKPkpPRuSycAftz3Nv5jqxfgMTwSvTq92 qRPZmWPTraNJXLqESJKUe0/6CzX7h5oijTDAA8Yq2IvdQp5lkDac3lDC60DbGalb vas7R4CckfdyMtc9ZOSgrGZ+P5LEq5ivMmi6zv/+ijzjQ7oNpdsAIIobeeX89mDh 2C9RnkGHtx52zqgNCrhzDkyvdWhcjAYpKPDzFwZyzyruYausLQ3pq4x9BBzCe2Jv xGhPD0YCZxe7AAMFB/9pcLD08sR/1EpvUjDNLGLprQrulXL39tPGixxEhie8E0Pw jfMckPSUcaXoOMvXDqgqGh/4ITIsA7fg5mQp3bgFxZWxm0JyJq7UQAxzMfhtG2GV Y8rnmuinPdRpTXMkjswoDqTNvJsVvLcjyqaZjZaXVMgdN+ayqsYI7pLFErkdP1s9 h3Cp874226iSiBzwjxKZuCqmgbt/0RdpCVz+sQwoqXTJcJthGtk4ZFYv9P82CXMi 3N+AwScx7a3zZasH30n4o4Pr/FvDTByQfZempxX+PdGCS8jH31RLGImz9UHLp+52 E0LiMU54V3A8aasViQco2gNpjKjPJprpYTOmUKjSiE8EGBECAA8FAksZcSICGwwF CQDtTgAACgkQewdqCIiIu9ReSgCgqObqN6FkRwk+9KP01EcpMc9BP4IAoJmKd6xA wjNXz+WB4+hUzPX7lahQ =TN4y -----END PGP PUBLIC KEY BLOCK-----
Now Mary Jo cuts and pastes this into an email to Sam. Sam will then import this key into his keyring. Let's assume that Sam puts the key into a file called key.
sam@example.com:~$ ls key sam@example.com:~$ gpg --import key gpg: directory `/home/sam/.gnupg' created gpg: new configuration file `/home/sam/.gnupg/gpg.conf' created gpg: WARNING: options in `/home/sam/.gnupg/gpg.conf' are not yet active during this run gpg: keyring `/home/sam/.gnupg/secring.gpg' created gpg: keyring `/home/sam/.gnupg/pubring.gpg' created gpg: /home/sam/.gnupg/trustdb.gpg: trustdb created gpg: key 8888BBD4: public key "Mary Jo Jones <mjj@example.com>" imported gpg: Total number processed: 1 gpg: imported: 1
6 Using the Public/Private Keys for Privacy
Everything has been set up for Sam to send encrypted messages to Mary Jo.
So, how does he do it?
First he creates a message
sam@example.com:~$ cat message Let's meet mom and dad for lunch.
Now, he encrypts it.
sam@example:~$ gpg --armor --encrypt message You did not specify a user ID. (you may use "-r") Current recipients: Enter the user ID. End with an empty line: Mary Jo gpg: 092F4D36: There is no assurance this key belongs to the named user pub 2048g/092F4D36 2009-12-04 Mary Jo Jones <mjj@example.com> Primary key fingerprint: C61E 14EC 8078 AC8C 59A6 D909 7B07 6A08 8888 BBD4 Subkey fingerprint: 130D A4AF 9366 42CE F7D7 272E 06FE EC0C 092F 4D36 It is NOT certain that the key belongs to the person named in the user ID. If you *really* know what you are doing, you may answer the next question with yes. Use this key anyway? (y/N) y Current recipients: 2048g/092F4D36 2009-12-04 "Mary Jo Jones <mjj@example.com>" Enter the user ID. End with an empty line: sam@example.com:~$ ls key message message.asc
The message.asc is the encrypted message. Let's see what's in it.
sam@example.com:~$ cat message.asc -----BEGIN PGP MESSAGE----- Version: GnuPG v1.4.9 (GNU/Linux) hQIOAwb+7AwJL002EAf9FggZeDtS9OB9cuXtM/TRsNlKHCtuKMd+aMr2h1m/CpoO cWpXG3NOBT/0UW5iYntW1N6Ofhjykr1gkJBFvsdCa1dg5rc8Kl2Js6DZh6Y7eNEA Osto+AvzZDI8dvH4FJjEw8hnSTqpQfnkQEGX0uo0cJdZX8EEeUV0iMmN7UB6r4St vQdpJYyamoqZaWYx40YUdXZFB+fYQ5xvMS3QDy4es/gTHaNppaGqZitmPK71bZwZ 1VZt2nNemRivvnxWaKgSWW7gTmfDruVaTLfyXfn97jFyAQAdZq/rjWKipZiZuMAl gXV8yta5z2TmyCmHOBQSA5LeBAg1dyvmATzn2OHmoAf/bIqpLj7lSSmGeffh45Rn fMatNflNMPaDeHc5aq4kjP9qQELDH8+KIiDXY7o701h4ICtzIZuKepkJNfxEklu5 l25lvEA3Cri75yLIDDphJqsf/NdWyrUnFVSvh+q85nhE8qjCkVsmPFCGAub7mmHL W7jb4moYWRdpPLgL46zR84wAO5Tu7KAcNAateMi6OEmoGxMExX4uB2vk+GAG7FVR p9bWKXeH9r++RNke29/rsLHPH9h4gAVLmb8VILzhXep5mXaQOh/yb4oeEZod3HiD g/JkU2C8y4mXrEkXw0DyxbRw36Sh5r7dFHalUZiG4d8zA0ViS7TFEGCSXVaVESMK FNJkAS239J/YxWky1b12rkuaY4yEw0vC0MH4DlFa2kQptzneA87XZ6JmQLT/D822 tglvIaVT/0IM8g6fZWnjy6LSdvYBagB6L5mYOuuoxcLmSCe6E49biuctVo7hgqn2 lIu1Ygf9Rg== =iA+4 -----END PGP MESSAGE-----
So, Sam puts this message (encrypted with Mary Jo's public key) into an email. The only way that this message can be decrypted is with Mary Jo's private key. Let's see how she does it.
mjj@example.com:~$ gpg --decrypt message.asc You need a passphrase to unlock the secret key for user: "Mary Jo Jones <mjj@example.com>" 2048-bit ELG-E key, ID 092F4D36, created 2009-12-04 (main key ID 8888BBD4) gpg: encrypted with 2048-bit ELG-E key, ID 092F4D36, created 2009-12-04 "Mary Jo Jones <mjj@example.com>" Let's meet mom and dad for lunch.
7 Using the Public/Private Keys for Authentication
Suppose Sam needs to be sure that a public unencrypted message that claims to be from Mary Jo really is. That is, that the message is authentic.
PGP can do this too.
This is called signing the message.
Mary Jo creates a message and puts it into the file called message.
mjj@example.com:~$ cat message I can meet mom and dad for lunch. See you at 1:00!
Now she signs the message with the following:
mjj@example.com:~$ gpg --clearsign message.signed You need a passphrase to unlock the secret key for user: "Mary Jo Jones <mjj@example.com>" 1024-bit DSA key, ID 8888BBD4, created 2009-12-04 Enter passphrase:
After entering the passphrase, a file called message.signed is created. It contains the signed text.
mjj@example.com:~$ cat message.signed -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 I can meet mom and dad for lunch. See you at 1:00! -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (GNU/Linux) iEYEARECAAYFAksZiN4ACgkQewdqCIiIu9RazQCgjJh11+H5M92ss5qRIj4+FamJ rRQAniieQI8jIC2t4RN/omrYcV7j6sFN =hKjl -----END PGP SIGNATURE-----
Sam gets the message from Mary Jo. Now he wants to verify it.
sam@example.com:~$ gpg --verify message.signed gpg: Signature made Fri 04 Dec 2009 02:10:38 PM PST using DSA key ID 8888BBD4 gpg: Good signature from "Mary Jo Jones <mjj@example.com>" gpg: WARNING: This key is not certified with a trusted signature! gpg: There is no indication that the signature belongs to the owner. Primary key fingerprint: C61E 14EC 8078 AC8C 59A6 D909 7B07 6A08 8888 BBD4
So you see that the signature is good. Sam is assured that this message has come from Mary Jo.
For a test let's change the text in message.signed to this:
sam@example.com:~$ cat message.signed -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 I can meet mom and dad for lunch. See you at 2:00! -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (GNU/Linux) iEYEARECAAYFAksZiN4ACgkQewdqCIiIu9RazQCgjJh11+H5M92ss5qRIj4+FamJ rRQAniieQI8jIC2t4RN/omrYcV7j6sFN =hKjl -----END PGP SIGNATURE-----
The time has been changed from 1:00 to 2:00. What happens when Sam tries to verify the message now?
sam@example.com:~$ gpg --verify message.signed gpg: Signature made Fri 04 Dec 2009 02:10:38 PM PST using DSA key ID 8888BBD4 gpg: BAD signature from "Mary Jo Jones <mjj@example.com>"
As you can see the signature is now bad. This message did not come from Mary Jo.
8 Conclusion
There's more. Like putting your public key on a key server, and setting up you mail reader to automagically use gpg.
That will come later.
For now work through practicing with gpg.
No comments:
Post a Comment