Docs/SysAdmin/Security/GnuPG

From Mandriva Community Wiki

Jump to: navigation, search


GnuPG (GNU Privacy Guard) is the most commonly used tool for securely encrypting e-mail on Linux. Moreover, it can be used to encrypt any other data for secure storage or transmission. And it can be used to create a digital signature on any text document (for example e-mail), but also any other data file. The digital signature can be used to verify that the written text was produced by the person claiming to have done so, as any change in the content changes the hash contained in the signature. Any attempt to tamper with the text will void the signature.

Similarly, binary files containing a programme are often published on the internet with a detached signature file to be able to verify the source. For example gnupg-1.4.6-tar.gz contains the latest (on date of writing: 2006-12-09) stable version of the GnuPG programme and can be found at: http://www.gnupg.org, along with gnupg-1.4.6.tar.gz.sig. With this small file the authenticity can be verified of the larger one that packs this version of the gpg programme, together with the public key of Werner Koch, one of the co-authors of GnuPG.

In a software package from Mandriva Linux, contained in a file with the extension .rpm, the signature from Mandriva Linux is normally included and upon installation will be verified against the public keys of Mandriva Linux. This is much *more secure* than only checking the MD5 checksum of a file. See below for some additional notes about rpm's and gpg signatures on these.


Contents

Compatibility

GnuPG is compliant with all OpenPGP standards as described in RFC 2440. Therefor it can be used in exchanging encrypted e-mail with people using various versions of 'PGP' (Pretty Good Privacy, originally created by Philip R. Zimmermann and currently maintained by PGP Corporation) and, of course, other versions of GnuPG.

Moreover, for several years a Windows version of GnuPG has been available that works exactly the same as the Linux original. It also runs on many other flavours of UNIX. We will not go any further into this here, except to say that for people using both Mandriva Linux and Windows this can be quite helpful when switching from one environment to another. Public and private keys can be exchanged easily between the two and can be used without problem in each environment (but I do not recommend storing them on any type of FAT partition if it can be avoided).

Some remarks on usage

The program files contain extensive documentation on the operation of the programme. Also, many help documents are available on the internet showing the basics of how keys and data can be manipulated, options are preset or used variably, encryption is done, as well as clearsigning or signing with a detached file.

For that reason, I am not going to repeat all this here. Please read the documentation thoroughly and you will find that using the programme is not hard at all. Just a few tips are given below.


Where can I find more information about using GnuPG?

Your first port of call should be: http://www.gnupg.org/documentation/

There is a friendly mailinglist at: http://www.gnupg.org/documentation/mailing-lists.html, but as with any mailinglist it is recommended to seach the archives first, before starting to ask a whole lot of questions that have been asked many times before: http://marc.theaimsgroup.com/?l=gnupg-users&r=1&w=2

And there are many more sites available with basic introductions or more thoroughly detailed explanations, both on GnuPG and on OpenPGP in general. Use your favourite search engine to look them up. A few additional references are already given at the end of this page.

How do I get GnuPG?

Mandriva rpm's for GnuPG are on the Mandriva CDroms. Any installation of Mandriva Linux includes GnuPG. Depending upon how old your CDs are, you may find a newer version on the Mandriva mirrors.

If you want the very latest version published by the programme authors, get the tarball from: ftp://ftp.gnupg.org/gcrypt/ or preferably one of the mirrors listed at: http://www.gnupg.org/download/mirrors.html

and follow the instructions for compiling contained in the INSTALL and README documents. In this case it is recommended to remove any previous package installed from an rpm.

Since the program binaries install not necessarily in your PATH, you may want to consider using the option:

./configure --bindir=/usr/bin

which will normally put the executable in your PATH.

How do I use it?

Many mail programs provide interfaces or plugins to operate your keys, encryption and signing ('clearsigning' or 'detached signing') of e-mails. These can be very handy. And you may want to use them when you want to use GnuPG with your e-mail every day. But before that, I strongly recommend to make yourself familiar with operating GnuPG from the console. It is not difficult and it will be your easiest way to understand what is happening between your mailer and your keys. Each mailer has it`s own particular way of working with encrypted and clearsigned mail. Usually the included helpfiles will go a long way to aiding you with this. If not, look at the mail programme's homepage or perhaps ask on a related mailinglist.

A few tips & warnings

When using GnuPG to encrypt or sign a piece of text or a file, it uses your secret key. These secret keys are normally stored in the directory /home/USER-ID/.gnupg in the file secring.gpg.

I recommend any starter to make a first 'test'-key and play around with it. Make one only for testing. Don't send or publish it anywhere. First, get the feel of what you are doing and encrypt a simple document. Decrypt it. Clearsign it and verify the signature.

In your ~/.gnupg directory you will also find a file called pubring.gpg. These contain the public keys of other people, as well as yourself. You will need these to encrypt their messages or files they send you and to verify the authenticity of their signed messages or files. Below I will write a few words on how to obtain public keys.

When you've found that you've got the operation in your fingers you should generate a secret key for real. Remember the password. Do not write it down where anyone can read it. Do not use the name of your cat as a password, make the password as complex as you can remember and without anyone being able to guess it. Export the key to removable media and store these in a safe place. Not a drawer in the kitchen, but a real fire and burglar proof safe. Do not store it together with your password. Both are needed to decrypt data and to identify that stuff is coming from you and noone else. So you don't want these to fall into the wrong hands. At the same time you should generate a revocation certificate. Store this in another safe place: if your secret key and/or password are ever abused or their integrity must be doubted, the revocation certificates are your only protection left and only these will enable you to renounce a public key that has been previously published.

You should also note that once you have put a public key on one keyserver it will be disseminated to other keyservers and can no longer be removed from them.

The private or secret key(s) are stored in the same directory in one file named secring.gpg. It is needed to decrypt files or messages that you receive (or send to others which could include your key also as encrypt-to-key), and needed to generate a PGP signature on a message or file.

Why all these keys?

The keys are a clever invention which are all there for a purpose. The secret keys are just that: secret and used by the owner only. All keys come in pairs: each key has a public key associated with it that can be put in a public place (keyserver) or sent to a friend by e-mail. Both keys are used when encrypting: when you encrypt a message to your friend you use his/her public key. Due to that only your friend can read the message and nobody else. If you want to be able to read the message even after you sent it, use your own key as well. This causes the message to be encrypted both to your own key and your friend's key. Now only you and your friend can read it.

Public keys

Public keys are just that: they can be used by anyone who has access to them. So if you want only a small group of friends to be able to exchange encrypted mail, send public keys to each other and nobody else can encrypt to this club of people. In the larger world it is easier (but not necessary) to send them to a public keyserver. Anyone can retrieve them there. For two purposes: anyone can get your public key from there so they can encrypt a message to you and they can verify that a message (be it on a mailinglist, usenet, a direct e-mail or anywhere else) that you have clearsigned really is signed with the key which you have published.

The most common keyservers are listed in the documentation. To name just a few:

Naturally anybody devious enough could generate a key with your name on it. So even if your key is on the keyserver it is not yet sure that the person who sent it there was really you. That is where keysigning comes in. It is strongly recommended to only sign the key of another person for which you have personally verified that the key belongs to the owner and that the owner is who (s)he claims (s)he is. Use a passport or official driver's licence to verify this. And check the identity of the key (fingerprint) against the key and a statement handed to you by the keyowner reproducing this fingerprint. If you are satisfied that they match, sign the other person`s key and send the signed key by e-mail to that person. Do not upload the signed key to the keyserver yourself. The keyowner should be able to decide for him/herself whether or not (s)he wants to do so. It isn't upto you to decide that for them.

How are keys identified?

Most easily by the name and e-mail address of the owner. But also by means of short and long versions of a hexadecimal number. For instance: 0x1234ABCD would be the short version, or Key-ID; but there is a small chance that more than one person has the same number. With the long version or 'fingerprint' this is virtually impossible. Such a fingerprint looks like this:

Key fingerprint = 8120 0A7C 1BEC1 5BEA 64B5 E51E 3409 7DBF 1234 ABCD

You'll notice that the short version contains the last 8 digits of the long version.

rpm package validation with GnuPG keys

In short - for Mandriva Linux packages: See here

In general:

Usually packages of the type .rpm are signed internally with a GnuPG key. Any package that contains such a signature can be checked for authenticity with the command:

rpm -K package-1.2.3-92mdk.i586.rpm

or simply:

rpm -K pack*

Regular Mandriva distribution packages are signed with the key 0x70771FF3. Updates (particularly security updates) are signed with key 0x22458A98. Currently, Cooker and Contrib packages are usually signed by key 0x26752624.

All three can be found on common keyservers.

Such keys (as any other public keys) can be looked up on the keyserver: when you find them, save them to a file on your computer (text only, not html or whole web page), for instance file with name `foo`.

rpm maintains it's own keyrings. The keys, if any, which aren't installed can be obtained from the public keyservers, or exported from the user's, or root's, keyring to file and imported via Urpmi or rpm. If you update/add packages via Urpmi, the related keys should be imported automagically.

If you obtained a key as above, change to a root console and give the command: rpm --import foo (*)

Now the key is on the rpm keyring and will be used by rpm/urpmi/rpmdrake for verification of packages.

On the other hand, for using RPMDrake via Mandriva Linux Control Center, the keys can be managed via Software Manager --> Software Media Manager --> Manage keys...

(*) Should you prefer to obtain keys via GnuPG, you should make sure that to import them later into the rpm keyring, you should first (with GnuPG) remove all external signatures, leaving only the self signatures (keys with same UID, remove with different UID) and then export to any file, and then import into rpm. If the key in the file contains external signatures, the import into rpm will not succeed.

Is e-mail encryption legal?

Yes, it is legal in all free countries where you have the right to your own privacy and therefor the right to communicate securely without anyone prying into your private affairs and/or communications. In some countries, unfortunately, it is not legal to use it, or only under certain restrictions. It is my hope that any such restrictions will be lifted soon.


But why would you want to encrypt your e-mail?

Can't only sender and receiver read my e-mail? No! Anyone can who is positioned between the sender and the recipient. Plus anyone with a little bit of hacking skill can catch your e-mail en route and peek at the contents. Anyone who values their privacy won't like that. Just as you won't send private snail mail in an open envelope or on the back of a postcard, you should encrypt your e-mail to keep it away from the prying eyes of those who have no business reading your correspondence.

Are there no backdoors/Can it be freely used?

No: the source code is freely available from http://www.gnupg.org and can be reviewed by anyone.

Yes: ¨GnuPG is part of the GNU family of tools and applications built and provided in accordance with the Free Software Foundation (FSF) General Public License (GPL). Therefore the software is free to copy, use, modify and distribute in accordance with that license. Please read the file titled COPYING that accompanies the application for more information¨ (quoted from the GnuPG FAQ).

A few additional places of interest:

GUI interfaces for managing keys; several flavours are available:

  • For KDE: kgpg installs a tray-icon, from which you can import and generally manage keys (which is installed with the package kdeutils-kgpg-*.rpm).
  • and for GNOME: gnome-keyring, gnome-keyring-manager, seahorse and gpgp, for which rpm's are available in contrib on your usual mirror.
  • The official GnuPG FAQ
Personal tools