15-410 GPG PGP page

Overview

You will generate a public/private key pair and turn in the public key information with the remainder of your homework assignment. Of course, you will need to retain the private key so you can sign documents and/or receive encrypted mail.

Because it is impractical to memorize and type in random 128-byte quantities, your PGP private key will be stored in a keyring file, encrypted with a symmetric key. Anybody who guesses that key can assume your identity, meaning they can read your encrypted files and also sign documents as if they were you, so it is vital that you choose an industrial-strength super-password, called a pass phrase.

Choosing a pass phrase is not a process to rush through, as you must come up with something which is very hard for others to guess but very easy for you to remember. Just as you wouldn't change your password right before going away on a trip, you shouldn't generate a pass phrase before going to sleep, for example.

Paranoia

You may use, but are not required to use, the GNU Privacy Guard (GPG) binary found in /usr/bin/gpg on Andrew Linux. You may instead use gpg on your personal machine or build your own copy for your Andrew account (for your reference, your instructor is currently running GPG version 1.4.5, compiled from a gnupg-1.4.5.tar.bz2 with a SHA256 hash value of f30a2679ed6bed71b4af6919cd9b963c896fca64e42eeb0536788cb41b2e1805). In addition, you may use a non-GPG OpenPGP client such as PGPi pgp, in which case these directions (though dated) may be useful.

You will be provided with directions for vaguely protecting the AFS directory which will hold the encrypted version of your key ring, but you should be aware that the truly paranoid might never store their key ring in AFS since it is an unencrypted medium outside their personal control.

If you intend to use this key permanently, it would be more secure for you to generate and use it on a cluster workstation than on a public server machine, and even more secure for you to generate and use it on a machine privately owned by someone you trust.

Step 0 - Pass phrase

You need a pass phrase to protect your secret key. Your pass phrase can be any sentence or phrase and may have many words, spaces, punctuation, or any other printable characters.

Choosing a good pass phrase is something of an art. It should be both easy to remember (so you don't have to write it down) and hard to guess. It should be long enough that it contains a reasonable amount of entropy (so that the key will be good), but short enough that you can usually type it without making mistakes. The term "pass phrase" is intended to remind you that it should be longer than a single word -- there is no practical limit on the length of your pass phrase.

Visit one or more of these web sites and read up on the various philosophies of pass phrases:

• http://world.std.com/~reinhold/diceware.html
• http://world.std.com/~reinhold/passgen.html
• http://www.unix-ag.uni-kl.de/~conrad/krypto/passphrase-faq.html
• http://www.iusmentis.com/security/passphrasefaq/

Take 10 or 15 minutes to come up with a good pass phrase. Make sure you can memorize it, and drill yourself on it two or three times a day for the next week, then once a week for "a while".

Step 1 - Create and Protect your .gnupg directory

If you don't do these two steps, GPG will helpfully create a .gnupg directory for you, but because GPG doesn't understand AFS permissions, but it will be readable by everybody in the world, so don't skip those steps.

Step 2 - Declare your TTY

With some versions of GPG you may need to do this in each terminal window you might use GPG in:
% export GPG_TTY=`tty`
(it is odd that GPG can't figure this out, but GPG is odd).

Step 3 - Launch AFS-workaround "GPG shell"

A long time ago GPG ran happily in AFS as long as you took care of AFS permissions. Then, from 2015 through 2020, GPG would run in AFS as long as you launched it carefully. Now that lots of "improvements" have been made to GPG, it doesn't run in AFS.

As a big-hammer workaround, we have provided a shell script which safely creates a private temporary directory located below /tmp, copies your private GPG directory into the private temporary directory, launches a shell, and, after the shell exits, copies your private GPG directory back into AFS so it will be there the next time you log in. This is silly, but over the years GPG has become increasingly elaborate and thus increasingly delicate.

Don't forget to exit the "GPG shell" script when you're done with it!

To launch:
% /afs/cs.cmu.edu/academic/class/15410-s22/pub/gpg_shell

Step 4 - Run GPG to generate your key pair

% gpg --gen-key
gpg (GnuPG) 2.2.19; Copyright (C) 2019 Free Software Foundation, Inc.
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.

gpg: keybox '/tmp/gpg_hqb.C1v0TUJz7hI3a/gnupg-home/pubring.kbx' created
Note: Use "gpg --full-generate-key" for a full featured key generation dialog.

GnuPG needs to construct a user ID to identify your key.

Real name: 

You should use the name you wish to be known by, and an email address that you will use. When others sign your PGP key, what they are really doing is creating a signed "certificate" which asserts that your key and userid belong together. In addition, the PGP tools and keyservers are able to do searches based on partial userid's, so by including both your name and email address, you make your key easier to find.

Our grading script will expect you to use $USER@andrew.cmu.edu as your e-mail address. Please bear with us for the purpose of completing this assignment; if you are already a PGP or GPG user and have a key pair with a different e-mail address, or would prefer your "real" key pair to be signed with some other address (e.g., $USER@cmu.edu), please play along with us for this assignment--you can have as many key pairs on your key ring as you wish, and you can also have multiple "user ID"'s for one key.

Real name: Harry Q. Bovik
Email address: hqb@andrew.cmu.edu
You selected this USER-ID:
    "Harry Q. Bovik "

Change (N)ame, (E)mail, or (O)kay/(Q)uit? o

Hopefully at this point you will get a character-mode dialog box looking like this:

Enter your pass phrase (twice). GPG will mumble for a while and then hopefully say that it has generated a key pair for you.

We need to generate a lot of random bytes. It is a good idea to perform
some other action (type on the keyboard, move the mouse, utilize the
disks) during the prime generation; this gives the random number
generator a better chance to gain enough entropy.
We need to generate a lot of random bytes. It is a good idea to perform
some other action (type on the keyboard, move the mouse, utilize the
disks) during the prime generation; this gives the random number
generator a better chance to gain enough entropy.
gpg: /tmp/gpg_hqb.C1v0TUJz7hI3a/gnupg-home/trustdb.gpg: trustdb created
gpg: key 168F12CB80D11402 marked as ultimately trusted
gpg: directory '/tmp/gpg_hqb.C1v0TUJz7hI3a/gnupg-home/openpgp-revocs.d' created
gpg: revocation certificate stored as '/tmp/gpg_hqb.C1v0TUJz7hI3a/gnupg-home/openpgp-revocs.d/22EFA40E535B9F10CFBF85B4168F12CB80D11402.rev'
public and secret key created and signed.

pub   rsa3072 2021-12-01 [SC] [expires: 2023-12-01]
      22EFA40E535B9F10CFBF85B4168F12CB80D11402
uid                      Harry Q. Bovik 
sub   rsa3072 2021-12-01 [E] [expires: 2023-12-01]

"rsa3072" means that GPG generated a 3072-bit RSA key pair. It would be essentially impossible for you to memorize a three-kilobit random sequence, which is why RSA keys are stored in files, in encrypted form, and pass phrases that temporarily decrypt the keys are what humans remember.

The random-looking string (22EFA40E535B9F10CFBF85B4168F12CB80D11402) is not your key; it is a cryptographic hash of your key, called your "key i.d.", which can be used to tell GPG which key to operate on. Though it isn't always wise (see evil32), you can often abbreviate a "key i.d." down to the last eight characters (80D11402 in this case), and older documentation or directions will often do this.

It is probably wise at this point to exit the shell so that gpg_shell stores your newly-created key in a non-temporary place. Then re-launch gpg_shell, after which you can run gpg --list-keys to check that the save/restore process worked.

Normally at this point you would publish your public key as widely as possible. You would put it on your web page, in your .plan file, on your business cards, hand it out to your friends, etc. You would also probably publish your public key on the world-wide PGP key server network by submitting it at http://pgpkeys.mit.edu/ (or any of a long list of competing key servers, such as https://keyserver.ubuntu.com).

However, the CMU community is a diverse one. For all we know, one of you is from a country which would consider publication of a PGP key in your name a subversive act (even though anybody could do it at any time to smear you--governments often don't understand that sort of subtlety).

Hence we will not require you to publish your key. For the purposes of the homework assignment, we will ask you to turn in a copy of your public key, which we do not intend to publish. During the reading/finals period, we hope to organize a key-signing "party" for interested parties, but that will not be part of this homework assignment.

% /usr/bin/gpg --export -armor $USER@andrew.cmu.edu > /afs/cs.cmu.edu/academic/class/15410-s22/usr/$USER/hw2/$USER.asc

The -armor option tells GPG to emit the public key in "ASCII Armor" format, which encodes the binary information in text which should pass through mail, web forms, etc. So feel free to look at the file as you turn it in.

Step 6 - Send us a message

Here is the 15-410 public key (you trust it coming from this random web page, don't you? Wait a minute, do you need to trust it, or not? When? Hmm...). You can import it into your keyring by cutting and pasting it into a file and running:
% /usr/bin/gpg --import name-of-the-file

-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: GnuPG v1.4.5 (FreeBSD)

mQINBEz2BgIBEADIgtP3LRE2h8IRiV5uQwBgIU0YNwAM+TqIVgJIuknh3MnAf4Va
OeJdQnZKaD09h7oDPVKffvuVQml22Q38jKRSJmvet/pDVrJvvH2YkkVTgkGSEHci
Nm8ZKsol4uZDV9dFC7e1FFWL0BX6DoWcS2IHyHoJfLGwQzmh+yMgIWgNqQFT7LA2
GN7LTFthzC8xoQCBoT3zxvHGvUJEh4HFW0YudBjTsvtFgKHspZ5vaMENPnE8nUKd
5V+XK5sdgcfrtO9toJEM57P7fnYUwf8I42S3g773kX6Jwucsnj0eWfzGexN8w2pm
z90tBXnAHZt4HaUwJ4jz9pv42PqliDbaWizs9FsNy8nokCIGoGjG2YETyl6sjltI
Q7Svgr9wBB+MvP+PX/Z2BCzElcOFdDJiKL5XH5I3gLB9uKdwlEqRfZyIBjB5KZW9
0yLQGR2INeQWtrInXziJ0Vh8Ul/Wx8GrkGYmac7FUAZKK6RKu6KEHjeOvYcjdqRq
IXyw4PtAiRgG1i5wugDkmXnk6Bpi1Ftq7MkkQaGKC52hisbfDoU56+O/tvQK3c4d
cuvHfMTBhvJADUzscJNcXWt8Upc/Q1QzQPbdSdYc5yKq4oOSTuwKa7bB7cd+Zp79
T3/aZpLqWMTP3C1tW68EIHryrrped9d3gAQV3hk4e+Aol92UKAXzaezuhwARAQAB
tCMxNS00MTAgc3RhZmYgPHN0YWZmLTQxMEBjcy5jbXUuZWR1PokCNgQTAQIAIAUC
TPYGAgIbAwYLCQgHAwIEFQIIAwQWAgMBAh4BAheAAAoJEPL/wmyd1hXtFJMP/3Mb
gsDxLIOmwLB4MUezb1aJ4dCua4j/ZNnk2wu9nQxRhC5vRYf/fbnrbkrl5v+WnUCC
OhRE9w8ZBoLrUrjqKM+tunaAd4mBSBGrEjsriyRouVcMO49kWr/1mY11IHjZdXup
nNQ9dhlXMjNo+SKVNuGLDW9nSwG9hrd+d3KvfzoFm1SoKy0oBnnrclNAofkrnlJU
JvkZBhK6uMDR1/aVi2BWbEDQBD7XjUD6mK8CPzSMn67uc7F2ZDw5GZJl2ad6XRCj
uOobbjFsrReXt8lzpHA9Hy8Spfxq9lOWY15E7mdL/GUD1PuY5JzgHigFe0r0dAaw
NwhmmwQzWP3HiqO+swc/OWWwNw1xsXFWMIQ462YPwftS2JXZxlyAK2mcvVXccbsh
Ey73s1GCZltTJ1zre00EldjmMVdCOUGI/L/m1t1jPdZ25pPIGXdO9XKAt7FdIwb2
o1XO28K3nk5GXyLyo2LZgdJDR1xVU6dbsR0f+vWGJhmk5HusQ2m4DZg/+/sOCtbx
yIlF71mtI7gTD52KwFMN1+/webmbWREgK7X8xnZnlZzVb0wgxxzcv3XypsAsLUAZ
AUNg9Hv99EHtaK6sqv7yCRTty0RFEfY6fhIva2NityzPciHmVMeUES2q5acZRePi
0pH7aqrQBHNOI7nInc6ttaB3kMX8QIe8ALw/gtCDuQINBEz2BocBEADJET8nDs6l
tZSsJPlwsUNneN5jrPelUe7lllnCiZr0MOh2TcoVLSJ00QwvI/IMVd6Sncv3USbq
9ms1tVsVkc9riJ/9cZLWV7O3RxbwrRI/IapKyhh0OhePkXQj+hyAzNc8bO1CzzAd
QAdcPIC8lPGjpVTrTNGgaO7FLJQ/l7GS09F9YcSK7zuK9BhKW+XtWWwUt94cl0Va
JWA1CuRoGsxbK8294J0LD2hPU73YkRG8BcdMI34QAeJoqe3tHvGO50mnFgJtxl7R
N+ZHzWTVLyeuhCOe0XU1bu7z0dfX/ioCl395YVSRTpmiAp+fvt6Z8u+7aWnAFRfu
ezteIlEZQcxU8XbxC4Esg8tKsFQEMJOve9gX0XdFv/sm6d0lCVMTYZShSaUrqrkY
tg5Pzz3fMGHdN5kHQqpUdU26rCLnTS+6SM0iw/sI/uSBdTwewEtJ4nO+4UKKthQR
KRc1nFgS0x8yp+sINKbH8BcX6BLb179ONg531n8mob2CVyLVQBsX/fhmbil+l0FL
YkYtWW2OvNvYBu8zZtDyQnL1AcOuubiCvzpHHUGswNGGSjD16RzI+gCBl3TyS8d2
Xlt7LFMvT5/V/RxMovXjj2scqwzNIVyZzv0JIl66oXIKS409oIVzQSrkiW/MkxU+
AJyNzziVpqv6ADMQigfS8ea8xELG5sE7uwARAQABiQIfBBgBAgAJBQJM9gaHAhsM
AAoJEPL/wmyd1hXtbA4P/i38fIIw0eWwyfuNYD2qf997oIGuKH2eQ4zVs+Ofn/yK
TThOlPNqYAYAXshSnV1uuTjAn8iF76+D0TS3LoBkNcmw4ravUcWtWbNy1sqrNSEd
XdBb5n37sfARWb8wLQzstzT1GJNIUDxBSKTA7j4c/LWK2R9CnkIg2L/aCaodU7jK
lSTszwN/c/GCiirLK2oQUEZj/oujwbQYyt1Alb7205ma0uwsB/PeWDXXsKwbOlQN
PlGAibOwenJG0zedBiCCbykiBeM8c0OrVLHtmyhqVjbMoz7NMLBqxL81AHMl1YV8
HAFkQfTY20Soy9LPGo8q1jMv6ehUfFCL5mDpHLKYQFrGzrAUILG1+s80u1fDyuIz
8qWkB9ixYdp8TXgm2puqNWLPHPUYbq6ZBUJTwtGiAl8U8q99jK9RMmI+rVdbfYnx
bdh1FesekDXrFtoE8ghHq0Rgu8M/HD3f7QHocS/VlWBjEh5xPExXjZYyNeJTKyNC
+eClITWcY8iVX7zK5xsyfoKq2Ol+DlofbcgO+oa/o/F+L3dQ3oKxy1o/tLm4Q4p0
m/82jwPljFVmBD/pxeIEHG25ogYn0ub9cvQgRgEF6T2YDOTjVgCXmrC6bboIcFs0
RoO885aU2+R9sTCySHtwQuO1JozA7KWmmUUQ6PEhkWRu6mzWX9vMLfkTnOdA2+VN
=rscA
-----END PGP PUBLIC KEY BLOCK-----
 

Now create a "secret" message for the 15-410 course staff. Put it in a file called "secret" and encrypt/sign it:
% /usr/bin/gpg --encrypt --armor --sign -r '15-410 staff' -r $USER@andrew.cmu.edu secret

This will create a secret.asc which will be signed by you and decryptable by each recipient designated with a -r flag (you may as well include yourself!).

Turn this file in as /afs/cs.cmu.edu/academic/class/15410-s22/usr/$USER/hw2/$USER.secret.asc. Once we have your public key in our key ring, we will be able to verify that you signed the message, and decrypt it for viewing, by running
% /usr/bin/gpg /afs/cs.cmu.edu/academic/class/15410-s22/usr/$USER/hw2/$USER.secret.asc
(assuming of course we remember our passphrase).

Since $USER.secret.asc contains a symmetric-cipher message key, used to encrypt the actual text, which is then public-key encrypted with your public key and also with ours, you can decrypt the file for viewing using the same command.

If you want more information about the structure of the encrypted messsage, you can run
% gpg --list-packets secret.asc

Don't forget to exit the shell so that gpg_shell stores your state back into AFS.

There, now you understand public key cryptography! Well... it might be wise to compare the commands you ran to the lecture material on PGP as an aid to genuine understanding.

[Last modified Wednesday December 01, 2021]