Generating a PGP key pair (15-412, Spring 2003)

Overview

You will generate a public/private key pair and turn in the public key information with the remainder of your homework assignment. Of course, you will need to retain the private key so you can sign documents and/or receive encrypted mail.

Because it is impractical to memorize and type in random 128-byte quantities, your PGP private key will be stored in a keyring file, encrypted with a symmetric key. Anybody who guesses that key can assume your identity, meaning they can read your encrypted files and also sign documents as if they were you, so it is vital that you choose an industrial-strength super-password, called a pass phrase.

Choosing a pass phrase is not a process to rush through, as you must come up with something which is very hard for others to guess but very easy for you to remember. Just as you wouldn't change your password right before going away on a trip, you shouldn't generate a pass phrase before going to sleep, for example.

A word about paranoia: The SCS Facilities security expert who drafted these directions looked into who built the PGP software for the Andrew environment. If my opinion of his opinion is good enough for you, you can use the Andrew software. However, if you are very paranoid and wish to obtain and build your own copy of PGP, be my guest. Likewise, you will be provided with directions for vaguely protecting the AFS directory which will hold the encrypted version of your key ring, but you should be aware that the truly paranoid might never store their key ring in AFS since it is an unencrypted medium outside their personal control. Finally, while these directions suggest creating unlimited-expiration keys, you may do as you wish in this regard.

Step 0 - Pass phrase

You need a pass phrase to protect your DSS secret key. Your pass phrase can be any sentence or phrase and may have many words, spaces, punctuation, or any other printable characters.

Choosing a good pass phrase is something of an art. It should be both easy to remember (so you don't have to write it down) and hard to guess. It should be long enough that it contains a reasonable amount of entropy (so that the key will be good), but short enough that you can usually type it without making mistakes. The term "pass phrase" is intended to remind you that it should be longer than a single word -- there is no practical limit on the length of your pass phrase.

Visit one or more of these web sites and read up on the various philosophies of pass phrases:

• http://world.std.com/~reinhold/diceware.html
• http://world.std.com/~reinhold/passgen.html
• http://www.skuz.net/passfaq.html
• http://www.stack.nl/~galactus/remailers/passphrase-faq.html

Take 10 or 15 minutes to come up with a good pass phrase. Make sure you can memorize it, and drill yourself on it two or three times a day for the next week, then once a week for "a while".

Step 1 - Protect your .pgp directory

Step 2 - Run PGP to generate your key pair

First we will generate a DSS (signature-only) key pair, and then a separate Diffie-Hellman key pair which will be used for encrypting files or mail.

% /usr/local/bin/pgp -kg

Choose the public-key algorithm to use with your new key
1) DSS/DH (a.k.a. DSA/ElGamal) (default)
2) RSA
Choose 1 or 2: 1

Choose the type of key you want to generate
1) Generate a new signing key (default)
2) Generate an encryption key for an existing signing key
Choose 1 or 2: 1

Pick your DSS ``master key'' size:
1)  1024 bits- Maximum size (Recommended)
Choose 1 or enter desired number of bits: 1
Generating a 1024-bit DSS key.

You need a user ID for your public key.  The desired form for this
user ID is your name, followed by your E-mail address enclosed in
, if you have an E-mail address.
For example:  John Q. Smith 
Enter a user ID for your public key:
  Josephine Q. Student <jstudent@andrew.cmu.edu>

You should use the name you wish to be known by, and the email address that you will use. When others sign your PGP key, what they are really doing is creating a signed "certificate" which asserts that your key and userid belong together. In addition, the PGP tools and keyservers are able to do searches based on partial userid's, so by including both your name and email address, you make your key easier to find.

Enter the validity period of your signing key in days from 0 - 10950
0 is forever (the default is 0): 0

This allows you to set an expiration date on your key. Once the key expires, most PGP software will no longer use it for encryption, or trust signatures created by it. Common practice is to use the default unlimited lifetime, and to issue a revocation certificate if the key is lost or compromised.

You need a pass phrase to protect your DSS secret key.
Your pass phrase can be any sentence or phrase and may have many
words, spaces, punctuation, or any other printable characters.

Enter pass phrase: 
Enter same pass phrase again: 

There is NO WAY to recover your secret key if you forget your passphrase.

PGP will generate a signing key. Do you also require an 
encryption key? (Y/n) y
Pick your DH key size:
1)  1024 bits- High commercial grade, secure for many years
2)  2048 bits- "Military" grade, secure for forseeable future
3)  3072 bits- Archival grade, slow, highest security
Choose 1, 2, 3, or enter desired number of bits: 1

Enter the validity period of your encryption key in days from 0 - 10950
0 is forever (the default is 0): 0

The encryption key pair will use a variant of Diffie-Hellman key exchange called "El Gamal".

At this point you have told PGP what to do. Since it is absolutely crucial that the key pair be truly random, PGP will ask you to provide it with random events for a period of time. It will ask you to type for a while. The keys you choose to press do not matter in the sense that they do not become part of your key. However, while you type random characters, PGP captures a fine-grain timestamp each time you press a key; the low-order bits of those timestamps are collected and used to feed a random-number generator.

Make this the default signing key? (Y/n) y

Step 3 - Turn in your public key as part of your homework

Normally at this point you would publish your public key as widely as possible. You would put it on your web page, in your .plan file, hand it out to your friends, etc. You would also probably publish your public key on the world-wide PGP key server network by submitting it at http://pgpkeys.mit.edu/.

However, the CMU community is a diverse one. For all I know, one of you is from a country which would consider publication of a PGP key in your name a subversive act (even though anybody could do it at any time to smear you--governments often don't understand that sort of subtlety).

Hence I will not require you to publish your key. For the purposes of the homework assignment, I will ask you to turn in a copy of your public key, which I will not publish. During the reading/finals period, we hope to organize a key-signing "party" for interested parties, but, likewise, this will not be part of this homework assignment.

The -a option tells PGP to emit the public key in "ASCII Armor" format, which encodes the binary information in text which should pass through mail, web forms, etc. So feel free to look at the file as you turn it in.

Step 4 - Send us a message

Here is the 15-412 public key (you trust it coming from this random web page, don't you? Wait a minute, do you need to trust it, or not? When? Hmm...). You can import it into your keyring by cutting and pasting it into a file and running:
% /usr/local/bin/pgp -ka name-of-the-file

-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: PGP 6.5.8

mQGiBD6qBksRBADkFfSDZV19dIZlJSb+JJ70KXG9CeHMDmAgsQc/QNdPWHOl+Kb3
qizbQHDMU8xdc3YgH0v53Q3/TaV2cd2pV/D2R3wlVKa/SR2muIMMEciqA1MYXPpa
00FbvwM4WMH1aBEOCHvic2ohQHTc4eYTRyeX//Q5YUuIxyPHk8BjoEmIvwCg/6Dn
mjWgRPXkBkFBjnwQ7uuHja8D/13WeGcvwp9u93c/SQY6I6e4EVyPSGJeh3g0TgnP
iX4TC7Bkqa2vp045siDJQNhAue/3qrATxzpGLrHyd+aUXxtIZzHt7CIFkn29Hn2K
guAvYj9BHsTrG57vHGUvy3FuMrTKs1eUYWY2eN6psEDpF67cZ530tTAryhSBUjsw
4jRvBACqtBKuEuhrTPS0+IYAkFBwoPoXNlRJqA8kkkn00aMOoh9PzCIvZjjD1UDZ
qNkB3J2tghqxP7L66ez7r5jwna0EFHRgKiPK4r+ivJyWQ+7J4pTp5eZHgt0lz4ug
/ZugJOvVPoFS+o7R2CxGEqS+5NNoxcH+CjDvHwxB/vZYU2CzS7QGMTUtNDEyiQBU
BBARAgAUBQI+qgZLBQkATxoABAsDAQICGQEACgkQCxFrVrEE9qUibQCfQMswydpe
auHMtwYMLjQXnRsipO0An2PTZZ+TCsGvO6W7GkZBLz0mjX9wuQENBD6qBlQQBADp
LEA99wDktLj3qkteKYqc+lBzlWLM8C316+kKpeadwZ5kdT2x3nO1zkGuYPddIPW8
GKKUqqx+iQYioHhidxiRmKX/M2XbGbvZEjzPXFMQFE4jBATnPLvoi8H+vWoD+9ut
L6gipGOveOVv65Az4UXSweige1i22flX7LbdKQ2+ywACAgQAhcH9LknlZHApwkDb
gaTq9tOrDq9FPcDXiE6xGSPsrR/zZpnREumL8WmuVssK88nLkxNiWKFs10/AMsGD
XLYgcS8KaWDpR7Aj9PpKXL0BqOvS6Fop+tG6jN4gTDSvE+Ue1wGL16lvu8HdDTAa
2zfhSf0DBG/qHUl7gikUHKC/Bo2JAEwEGBECAAwFAj6qBlQFCQBPGgAACgkQCxFr
VrEE9qUROACbB5i8NXXSSsL6alzzu7LSvhD0eV8AoPyzZp/f7mqPiOdTnqzfiAyx
al0S
=0y9d
-----END PGP PUBLIC KEY BLOCK-----

Now create a "secret" message for the 15-412 course staff. Put it in a file called "secret" and encrypt/sign it:
% /usr/local/bin/pgp -eas secret 15-412 $USER@andrew.cmu.edu

This will create a secret.asc which will be signed by you and decryptable by the holder of the 15-412 private key (and by you, which is why you are mentioned on the command line). Turn this file in as /afs/andrew.cmu.edu/scs/cs/15-412/usr/$USER/hw2/$USER.secret.asc. Once we have your public key in our key ring, we will be able to verify that you signed the message, and decrypt it for viewing, by running
% /usr/local/bin/pgp /afs/andrew.cmu.edu/scs/cs/15-412/usr/$USER/hw2/$USER.secret.asc
(assuming of course we remember our pass phrase).

Since $USER.secret.asc contains a symmetric-cipher message key, used to encrypt the actual text, which is then public-key encrypted with your public key and also with ours, you can decrypt the file for viewing using the same command.

There, now you understand public key cryptography!