15-410 GPG PGP page

Overview

You will generate a public/private key pair and turn in the public key information with the remainder of your homework assignment. Of course, you will need to retain the private key so you can sign documents and/or receive encrypted mail.

Because it is impractical to memorize and type in random 128-byte quantities, your PGP private key will be stored in a keyring file, encrypted with a symmetric key. Anybody who guesses that key can assume your identity, meaning they can read your encrypted files and also sign documents as if they were you, so it is vital that you choose an industrial-strength super-password, called a pass phrase.

Choosing a pass phrase is not a process to rush through, as you must come up with something which is very hard for others to guess but very easy for you to remember. Just as you wouldn't change your password right before going away on a trip, you shouldn't generate a pass phrase before going to sleep, for example.

Paranoia

You may use, but are not required to use, the GNU Privacy Guard (GPG) binary found in /usr/local/bin/gpg on Andrew Linux (if you run strings on the Andrew /usr/local/bin/gpg binary you may discover something interesting). You may instead use gpg on your personal machine or build your own copy for your Andrew account (for your reference, your instructor is currently running GPG version 1.4.5, compiled from a gnupg-1.4.5.tar.bz2 with a SHA256 hash value of f30a2679ed6bed71b4af6919cd9b963c896fca64e42eeb0536788cb41b2e1805). In addition, you may use a non-GPG OpenPGP client such as PGPi pgp, in which case these directions may be useful.

You will be provided with directions for vaguely protecting the AFS directory which will hold the encrypted version of your key ring, but you should be aware that the truly paranoid might never store their key ring in AFS since it is an unencrypted medium outside their personal control.

If you intend to use this key permanently, it would be more secure for you to generate and use it on a cluster workstation than on a public server machine, and even more secure for you to generate and use it on a machine privately owned by someone you trust.

Finally, while these directions suggest creating unlimited-expiration keys, if you feel uncomfortable with that, you may select an expiration date for your key pair, though it should be no earlier than the week after grades are due.

Step 0 - Pass phrase

You need a pass phrase to protect your DSS secret key. Your pass phrase can be any sentence or phrase and may have many words, spaces, punctuation, or any other printable characters.

Choosing a good pass phrase is something of an art. It should be both easy to remember (so you don't have to write it down) and hard to guess. It should be long enough that it contains a reasonable amount of entropy (so that the key will be good), but short enough that you can usually type it without making mistakes. The term "pass phrase" is intended to remind you that it should be longer than a single word -- there is no practical limit on the length of your pass phrase.

Visit one or more of these web sites and read up on the various philosophies of pass phrases:

• http://world.std.com/~reinhold/diceware.html
• http://world.std.com/~reinhold/passgen.html
• http://www.unix-ag.uni-kl.de/~conrad/krypto/passphrase-faq.html
• http://www.iusmentis.com/security/passphrasefaq/

Take 10 or 15 minutes to come up with a good pass phrase. Make sure you can memorize it, and drill yourself on it two or three times a day for the next week, then once a week for "a while".

Step 1 - Create and Protect your .gnupg directory

This step is advisable because otherwise it is necessary to trust GPG to correctly understand AFS permissions in addition to standard Unix file system mode bits...I wouldn't.

Step 2 - Run GPG to generate your key pair

% /usr/local/bin/gpg --gen-key

gpg (GnuPG) 1.4.5; Copyright (C) 2006 Free Software Foundation, Inc.
This program comes with ABSOLUTELY NO WARRANTY.
This is free software, and you are welcome to redistribute it
under certain conditions. See the file COPYING for details.

Please select what kind of key you want:
   (1) DSA and Elgamal (default)
   (2) DSA (sign only)
   (5) RSA (sign only)
Your selection?

Choose 1, or hit Return.

DSA keypair will have 1024 bits.
ELG-E keys may be between 1024 and 4096 bits long.
What keysize do you want? (2048) 

Hit Return or enter the key size of your choice. Larger keys are more secure but operations on them are slower.

Requested keysize is 2048 bits
Please specify how long the key should be valid.
         0 = key does not expire
        = key expires in n days
      w = key expires in n weeks
      m = key expires in n months
      y = key expires in n years
Key is valid for? (0) 

Choose at least 2m.

Key expires at Fri Feb  2 01:40:36 2007 EST
Is this correct? (y/N) 

Because the N is upper-case, if you hit Return you will be prompted to correct your "mistake". If this is the expiration date you wish, type yes.

You need a user ID to identify your key; the software constructs the user ID
from the Real Name, Comment and Email Address in this form:
    "Heinrich Heine (Der Dichter) <heinrichh@duesseldorf.de>"

Real name: 

To achieve the example given by the program, you would enter:

Real name

Heinrich Heine

E-mail address

heinrichh@duesseldorf.de

Comment

Der Dichter

But don't do that. You should use the name you wish to be known by, and the email address that you will use. When others sign your PGP key, what they are really doing is creating a signed "certificate" which asserts that your key and userid belong together. In addition, the PGP tools and keyservers are able to do searches based on partial userid's, so by including both your name and email address, you make your key easier to find.

Our grading script will expect you to use $USER@andrew.cmu.edu as your e-mail address. Please bear with us for the purpose of completing this assignment; if you are already a PGP or GPG user and have a key pair with a different e-mail address, or would prefer your "real" key pair to be signed with some other address (e.g., $USER@cmu.edu), please play along with us for this assignment--you can have as many key pairs on your key ring as you wish, and you can also have multiple "user ID"'s for one key.

You selected this USER-ID:
    "Heinrich Heine (Der Dichter) <heinrichh@duesseldorf.de>"

Change (N)ame, (C)omment, (E)mail or (O)kay/(Q)uit? 

You must choose one of the indicated letters.

You need a Passphrase to protect your secret key.

Enter passphrase: 

There is NO WAY to recover your secret key if you forget your passphrase.

Repeat passphrase: 

At this point you have told GPG what to do. Since it is absolutely crucial that the key pair be truly random, GPG will ask you to provide it with random events for a period of time. It will ask you to type for a while. The keys you choose to press do not matter in the sense that they do not become part of your key. However, while you type random characters, GPG captures a fine-grain timestamp each time you press a key; the low-order bits of those timestamps are collected and used to feed a random-number generator.

We need to generate a lot of random bytes. It is a good idea to perform
some other action (type on the keyboard, move the mouse, utilize the
disks) during the prime generation; this gives the random number
generator a better chance to gain enough entropy.
+++++.+++++..+++++++++++++++++++++++++++++++++++..+++++..+++++++++++++
++....++.+++++.++++++++++++++++++++++++++++++...+++++...++++++++++++++
++++++.+++++...........................>+++++.........................
...........................+++++<++++>
+^^^
gpg: key 61808213 marked as ultimately trusted
public and secret key created and signed.

pub   1024D/61808213 2006-12-04 [expires: 2007-02-02]
      Key fingerprint = BEDD 3033 82E2 32B0 6C38  37B0 4AED 73AB 6810 8213
uid                  Heinrich Heine (Der Dichter) <heinrichh@duesseldorf.de>
sub   2048g/5882612E 2006-12-04 [expires: 2007-02-02]

Step 3 - Turn in your public key as part of your homework

Normally at this point you would publish your public key as widely as possible. You would put it on your web page, in your .plan file, on your business cards, hand it out to your friends, etc. You would also probably publish your public key on the world-wide PGP key server network by submitting it at http://pgpkeys.mit.edu/.

However, the CMU community is a diverse one. For all we know, one of you is from a country which would consider publication of a PGP key in your name a subversive act (even though anybody could do it at any time to smear you--governments often don't understand that sort of subtlety).

Hence we will not require you to publish your key. For the purposes of the homework assignment, we will ask you to turn in a copy of your public key, which we do not intend to publish. During the reading/finals period, we hope to organize a key-signing "party" for interested parties, but that will not be part of this homework assignment.

% /usr/local/bin/gpg --export -armor $USER@andrew.cmu.edu > /afs/cs.cmu.edu/academic/class/15410-s07/usr/$USER/hw2/$USER.asc

The -armor option tells GPG to emit the public key in "ASCII Armor" format, which encodes the binary information in text which should pass through mail, web forms, etc. So feel free to look at the file as you turn it in.

Step 4 - Send us a message

Here is the 15-410 public key (you trust it coming from this random web page, don't you? Wait a minute, do you need to trust it, or not? When? Hmm...). You can import it into your keyring by cutting and pasting it into a file and running:
% /usr/local/bin/gpg --import name-of-the-file

-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: PGP 6.5.8

mQGiBEJprHIRBADZbk+FCEaLkmo/uQ8M2hFVzsO37IKZwErdRNgSjEbalRUY8rPI
tztmQz1nU5A75kcD1sCtwcfrIfbf9RCeCFS7AY6emGZk8GhmBdwMzSOoOkQV24pc
Z4LGLFuCZlukGlSpkGhnj8zCeNj0aQPFe5ZJPf3xzI34Kzsj0yZBi6kzDwCg/152
1fT8Zhfj1T655goswjGHLpsD/jtKVyBne4GyL6Z6sxPH50WTn3pzqDpjHfgPGBWw
AibJ4EXcpiRtc46debwg7O2AtqqU2U01T6mjn8+l2plAFixVm4105y+dAuJC54gp
jZYSC+mZ+pULjvoUe/DPPCZ1trrkdf5rHoIEGFV/KCOEymrumr2x0sb9BUZ0dAHs
SyhuA/wJmcxutWql3GVx7Wy7RVGonWRs3SyJvQeCijfAzhyoxGw1LfPcxJOe1rO/
wE9IwPFpo+bWM0LAbzWdQfd/raBGnnp2vV/+0VqkWpJVpQOm+pCL0OX7SSzTW8sn
bTU8SQdTqo5IwriJeUvqrdw4uwQbXjOFq1d8Vq9WtiNbKQh9rLQjMTUtNDEwIHN0
YWZmIDxzdGFmZi00MTBAY3MuY211LmVkdT6JAE4EEBECAA4FAkJprHIECwMBAgIZ
AQAKCRDZB7a2ovNV7LDpAJ962YOxBPFrubaPPxdUNOhVc81lGACgpz9JFpXPzjKw
Aw16fRuciXH3Jmq5AM4EQmmseRADAQEBVLyoXhU+JvxglRHLMcgUUdN3cgdp3OmI
0z9KfTYLBJ/YK16u5Y5BZRwJ0ZIW4aEO760n6oDVXv+z/yh9RB7TTjIRl2U+utF8
rMzZy2QIUt2PfYCrIg14OTK33HDJT+EAAgIDAJg/VYqYbqCsNlYf4uUsOaAfNKD/
QJKqNqqWd8u5K90fCgRvSXvMT8bKgMxsN8bKpXoTKNyxiwffZHbDWjK5iLpcIeeU
XpUbcqamU/ow5p2yOpFIalF1tihFWhjbMWXUCIkARgQYEQIABgUCQmmseQAKCRDZ
B7a2ovNV7B/1AKD6Rb2hsIOnS/1bV7qmyd/x3cEG2QCff2A/67BiSnJe6raT/zXB
N87qL8s=
=hJ2w
-----END PGP PUBLIC KEY BLOCK-----
 

Now create a "secret" message for the 15-410 course staff. Put it in a file called "secret" and encrypt/sign it:
% /usr/local/bin/gpg --encrypt --armor --sign -r 15-410 -r $USER@andrew.cmu.edu secret

This will create a secret.asc which will be signed by you and decryptable by each recipient designated with a -r flag (you may as well include yourself!).

Turn this file in as /afs/cs.cmu.edu/academic/class/15410-s07/usr/$USER/hw2/$USER.secret.asc. Once we have your public key in our key ring, we will be able to verify that you signed the message, and decrypt it for viewing, by running
% /usr/local/bin/gpg /afs/cs.cmu.edu/academic/class/15410-s07/usr/$USER/hw2/$USER.secret.asc
(assuming of course we remember our passphrase).

Since $USER.secret.asc contains a symmetric-cipher message key, used to encrypt the actual text, which is then public-key encrypted with your public key and also with ours, you can decrypt the file for viewing using the same command.

There, now you understand public key cryptography!

[Last modified Monday December 04, 2006]