Using Gnu Privacy Guard (GPG)

Security and encryption are frequently used in the same sentence. If you want to keep something private, use cryptography. In 1991, Phil Zimmerman made public a cryptographic system called Pretty Good Privacy (PGP). This became the basis of his company, PGP, Inc. The PGP system was rewritten and licensed under the Gnu Public License (GPL). This new system, the Gnu Privacy Guard (GnuPG or GPG), has become a de facto standard for file and e-mail encryption among Linux and Unix systems. As such, it is included during the default Ubuntu installation.

GPG is included with every Ubuntu installation, even a minimal install. GPG enables you to create public and private keys, securely exchange keys, and encrypt and decrypt messages. Many e-mail programs either natively integrate with PGP (and GPG) or have plug-ins available. For example, Dapper Evolution mailer natively supports GPG. The mutt text-based mailer also supports PGP, and even Microsoft Outlook users can get a plug-in for PGP encryption.

There are many parts to using GPG:

• Key generation

• Searching keys

• Exchanging keys

• Defining trust for keys

• File encryption and decryption

• Cryptographic signatures

• E-mail integration

Creating Keys

GPG uses asymmetrical key cryptography. This means that one key is used to encrypt the data, and a different key is required to decrypt the data. The two keys are called private and public. Basically, the private key is never passed out (it is kept private), while anyone and his dog can have a copy of the public key. Messages that are encrypted with the private key can only be decrypted with the public key.

Creating keys under GPG is pretty painless: gpg –gen-key. This provides a series of text prompts for creating a private-public key pair (see Listing 10-2). All users have their own set of keys (called a key ring) that are stored in $HOME/.gnupg/. The main key rings are $HOME/.gnupg/pubring.gpg and secring.gpg. The former stores public keys, whereas the latter stores private keys.

Although giving out your public keys is expected, your private keys should be kept as secret as possible. During the generation of your key pair, GPG prompts you for a password. Although this password is not used during the cryptography (only the keys are used for that), it is used to encrypt your private keys while they are on the hard drive. This deters some other user on the system from stealing your private keys and using them to access your encoded data (or impersonating you-see the section on Signing Data).

Listing 10-2: Generating GPG Public and Private Keys

     $ gpg --gen-key     gpg (GnuPG) 1.4.2.2; Copyright (C) 2005 Free Software Foundation, Inc.     This program comes with ABSOLUTELY NO WARRANTY.     This is free software, and you are welcome to redistribute it     under certain conditions. See the file COPYING for details.     Please select what kind of key you want:        (1) DSA and Elgamal (default)        (2) DSA (sign only)        (5) RSA (sign only)     Your selection? 1     DSA keypair will have 1024 bits.     ELG-E keys may be between 1024 and 4096 bits long.     What keysize do you want? (2048) 2048     Requested keysize is 2048 bits     Please specify how long the key should be valid.              0 = key does not expire           <n>  = key expires in n days           <n>w = key expires in n weeks           <n>m = key expires in n months           <n>y = key expires in n years     Key is valid for? (0) 2y     Key expires at Mon 10 Nov 2008 10:56:00 AM MST     Is this correct? (y/N) y     You need a user ID to identify your key; the software constructs the user ID     from the Real Name, Comment and Email Address in this form:         "Heinrich Heine (Der Dichter) <heinrichh@duesseldorf.de>"     Real name: John Travolta     Email address: travolta@discomania.tv     Comment:     You selected this USER-ID:         "John Travolta <travolta@discomania.tv>"     Change (N)ame, (C)omment, (E)mail or (O)kay/(Q)uit? O     You need a Passphrase to protect your secret key.     Enter passphrase: *******     Repeat passphrase: *******     We need to generate a lot of random bytes. It is a good idea to perform     some other action (type on the keyboard, move the mouse, utilize the     disks) during the prime generation; this gives the random number     generator a better chance to gain enough entropy.     .++++++++++..++++++++++..+++++.+++++++++++++++++++++++++++++++++++.+++++++     +++.+++++++++++++++++++++++++++++++++++++++++++++.++++++++++.++++++++++..>     +++++......................................+++++     public and secret key created and signed.     gpg: checking the trustdb     gpg: 3 marginal(s) needed, 1 complete(s) needed, PGP trust model     gpg: depth: 0  valid:   1  signed:   0  trust: 0-, 0q, 0n, 0m, 0f, 1u     gpg: next trustdb check due at 2008-11-10     pub   1024D/EB66D0E2 2006-11-11 [expires: 2008-11-10]           Key fingerprint = 6D01 42F6 C58E CC52 6B32  CEC7 475E 92D3 EB66 D0E2     uid                  John Travolta <travolta@discomania.tv>     sub   2048g/50AFB0BA 2006-11-11 [expires: 2008-11-10] 

Private keys are supposed to be unique, and GPG uses some of the strongest cryptographic algorithms available. If you lose your password, delete your private key, or corrupt your key ring without a backup available, then you are screwed. You will not be able to recover the data.

Similarly, don't delete private keys unless you are positive that you will never need them ever again. Since they are unique, there is no going back after you make this decision. My key ring contains many old and expired keys because they are needed to decode some old messages and verify signatures.

When sending GPG-encoded e-mails, be sure to send a copy to yourself. Otherwise, you won't be able to decode your sent mail. Simply saving a copy of the sent message is not enough since your key is not added to the encryption. I occasionally receive e-mails where the sender asks me to send them back the e-mail so they can have a copy of their own text.

Searching Keys

After you create the keys, you can view them using the –list-keys option. The gpg – list-keys command will list every public key in your key ring. You can also specify filter words for searching the key ring. For example, gpg –list-keys EB66D0E2 returns the key matching this unique identifier. You can also specify words, like gpg –list-keys disco to list every key where the string disco appears in the person's name or e-mail address.

Other search options include gpg –list-secret-keys and gpg –fingerprint. The former lists all of your private keys and the latter shows key-unique hashes that can be used to validate keys. Since anyone can create any key with anyone's name and e-mail address, the unique fingerprint allows you to make sure the key is from the right person (see Transferring Keys).

Search for keys based on name, e-mail address, or unique ID is used by most of the GPG operations. For example, when encrypting a message you will be asked to provide a list of keys for encrypting the message. These can be found by searching names, e-mail addresses, or IDs.

Transferring Keys

After you create your keys, you will need to pass around your public key. Only people with your public key can encrypt messages to you. To do this, you will need to export the public key from your key ring. The command gpg –export -a will export all of your private keys. You can use the search strings to narrow down the keys being exported. For example, gpg –export - a travolta will export my public key for John Travolta. The result from this command is an ASCII-encoded text block that can be e-mailed or passed to other people. The block should look similar to this one:

 -----BEGIN PGP PUBLIC KEY BLOCK----- Version: GnuPG v1.4.2.2 (GNU/Linux) mQGiBEVWXVkRBAC3TPV0zQC85SlEXJtcMiphzUzbqG76fRhAAYwcL5NfnoObKRD7 uEJMb4mphXSz5zMTBxKehPiLTGUm9CDjKyVCGkAahOGAXeGdrcYyL17As8ZZNc7f 64ehXB+VSVQiRTkAdqVMje/qqT8x7vyCkfAoNZxs4zOPF0xt434AD/2rOwCgtcrp ryIimx0b/a2QPHjGhxJ0AY0D/2MlwvQUakMOZJNRyqkhTN0FHx1toLaNI/I8l+v4 E4FTPpyf343n1anAyf44iMzU2/k4ErDMaBuSgWfiDsxFvDuMVS+tN0S86iYLswGX DVKxhMWJ7HRBSiHJhEpdvUlnYM4wxdAoORL6p1tpHRMod6MakHInxYmJelH55bxo G/1rA/4+n3rmnnfOwC4O0LHT9uIsLyRMVDGVFfeSKy3YNOn28KV42ZUFXQguytAZ 31yo+kyYvrjqfjBskGrIg5aEUJqwJjrXirjtHf6K6l0W3LgxllwFmAxSOLEfMEvR T+wbpCmvf+QUvRITNPLxTZHlZ2UNjIZHZjDvHm1ZH94xqViTZrQmSm9obiBUcmF2 b2x0YSA8dHJhdm9sdGFAZGlzY29tYW5pYS50dj6IZgQTEQIAJgUCRVZdWQIbAwUJ A8JnAAYLCQgHAwIEFQIIAwQWAgMBAh4BAheAAAoJEEdektPrZtDiRFsAnj+hHR7z BwNgiDN1/nwbNLtotrU6AJ9lRv2/i5ExejDDNEcDe+YH7FjHvbkCDQRFVl1fEAgA pOe10yQROIyA7Bceky8ZVacEbozbcuHWT/hicNvh8LXtTdBrWXLvTeWZVSvzgACs Kei5yppb7St0i0W/PtkjnfrbBxIMZZG4LeuavAB6eAYqPi+1riTYnGFbB4wOtrxu 0Q1nrm4O3xAYmAYwzf+87TsONFyh3OSA9x6ZDT73lrE5J6HawtBzNZ9bbAJj6Tf9 Y6Yduyi2k/n9VmG5RRHbyn268+tsFs+U2wo/5U8WzJ0X5K/7JleAdyC/lSLDRJfZ zxa0njgg7ccrnNSntPZxu7BCdTmSSd+mVEbtZqtqdU7+5A2kY1edj5PXR6kU9mnd e4uBeWTvtnCHE9/LNI1CnwADBwf8CWucwS3EMxh5BAoBcDvsn6DlPZv4AJ4nhsxQ 1s5G23eEDuIGcP0yODz8PI2ETnU6bopJGS8ryLLG7y+rnLamRMxYqx61+j5q5cCE HxutP5ZnqmZeTbb7hE4/RSctmLUgoRDwEHjWfRnkhqMfQYW1tY1KltFI2pg08sA7 i38ggrREQ+oQScJaibvNUNC3NlfZHhhulyl648zW3KMTPIrNkHYqkIX35GCI5iT3 pIZYA7Lltw6jN1F2aG6Zbt/wWL/D9+OQ7F/zRLnbZ5sG08quJ7AUB005Gjs5MunT YpaW4bSGJeKE+F7NB1gM9OHFpaJNF8an+S3qqu8K60cejfiziohPBBgRAgAPBQJF Vl1fAhsMBQkDwmcAAAoJEEdektPrZtDiNecAnAu1qZeNexAZCPb3C37pRSRyZb/C AJ4lM3ZXyeabTebxnl/ebpM/IoJiZQ== =SQwU -----END PGP PUBLIC KEY BLOCK----- 

When you receive a message like this, you can import it using gpg –import. For example:

 gpg --export -a travolta > travolta.pub # export public key gpg --import travolta.pub                  # import public key gpg --import < travolta.pub             # inline import public key 

The import command looks for the BEGIN and END markers, so you don't even need to separate it from the rest of the file before doing the import. For example, if you have a bunch of keys in an e-mail file (for example, e-mail.mbox), then you can import all of them using:

 gpg --import e-mail.mbox 

Defining Trust

GPG has a well-defined notion of trust. Although a new key that you import can be used to decode a message, you shouldn't communicate with keys you do not trust. Using the gpg command, you can set an explicit trust level for a key. The basic levels are:

• Undefined-You can use the key to decode messages, but probably shouldn't use it for encryption.

• Do not trust-This key is a known forgery or is otherwise evil.

• Marginal trust-The key is probably authentic.

• Fully trust-You know the key is valid. Most likely, you were given a hash fingerprint and have compared it using gpg –fingerprint and you know it is correct.

• Ultimately trust-This usually means it is your own key.

Listing 10-3 shows an example for setting the trust level on the example Travolta key.

Listing 10-3: Setting the Trust Level

     $ gpg --edit-key travolta trust     gpg (GnuPG) 1.4.2.2; Copyright (C) 2005 Free Software Foundation, Inc.     This program comes with ABSOLUTELY NO WARRANTY.     This is free software, and you are welcome to redistribute it     under certain conditions. See the file COPYING for details.     Secret key is available.     gpg: checking the trustdb     gpg: 3 marginal(s) needed, 1 complete(s) needed, PGP trust model     gpg: depth: 0  valid:   1  signed:   0  trust: 0-, 0q, 0n, 0m, 0f, 1u     gpg: next trustdb check due at 2008-11-10     pub  1024D/EB66D0E2  created: 2006-11-11  expires: 2008-11-10  usage: CS                          trust: undefined     validity: unknown     sub  2048g/50AFB0BA  created: 2006-11-11  expires: 2008-11-10  usage: E     [ unknown] (1). John Travolta <travolta@discomania.tv>     pub  1024D/EB66D0E2  created: 2006-11-11  expires: 2008-11-10  usage: CS                          trust: undefined     validity: unknown     sub  2048g/50AFB0BA  created: 2006-11-11  expires: 2008-11-10  usage: E     [ unknown] (1). John Travolta <travolta@discomania.tv>     Please decide how far you trust this user to correctly verify other users' keys     (by looking at passports, checking fingerprints from different sources, etc.)       1 = I don't know or       2 = I do NOT trust       3 = I trust marginally       4 = I trust fully       5 = I trust ultimately       m = back to the main menu     Your decision? 4     pub  1024D/EB66D0E2  created: 2006-11-11  expires: 2008-11-10  usage: CS                          trust: full          validity: unknown     sub  2048g/50AFB0BA  created: 2006-11-11  expires: 2008-11-10  usage: E     [ unknown] (1). John Travolta <travolta@discomania.tv>     Please note that the shown key validity is not necessarily correct     unless you restart the program.     Command> q 

Encrypting Files

GPG has two ways to encrypt files. The first way, gpg -e file, will prompt you to select all of the public keys that should be use to encrypt the data. If you select three public keys, then any of those three people (with the private keys) can decrypt the data. The output from this command is a binary file with the .gpg extension. If you use file, then the output becomes file.gpg, and if you use cow.txt, then the output is cow.txt.gpg. Because this is a binary file, the contents will look like random gibberish. When you transfer the file, be sure to use a system that can transfer binary files-pasting file.gpg into an e-mail will likely corrupt the data.

A second encryption method uses ASCII armoring. In this approach, the binary data is encoded into text characters. The content is wrapped with BEGIN and END labels and is ready for e-mailing. Using gpg -e -a file or gpg -e –armor file will create file.asc, containing the ASCII armored encrypted message. An armored message should look like a random jumble of characters within the BEGIN and END labels:

 -----BEGIN PGP MESSAGE----- Version: GnuPG v1.4.2.2 (GNU/Linux) hQIOA3OCbECpKQX7EAf/b0G1/zBQjyWPPywwZmqFEiZdnTH9r+6Q1hAhMfIvh22S b2lnyAQReRFE05NUdAIj3eE4nYOpILIXqvun3HfRph9dNpAvRTWrUHeJYoJCfhau Ut/JFo6JexikBr2pT1zOXAyrCdohxAKAG1TW+r1p2o/2MFykPJeScD02cXR4UggK NLQQwV5zKkHUJ9ZgJSirCNveU5zWtE/PUWRLStZNcpmEuVdhrZfmDv578lu63BvW A5IAjF97lQphbKMYLVg0qsIV8FJwiztxkNo4Env2bZ9A0No8DvlPTzLedJBINHvq Znfk0rxeBN+8PRpwJA3qu3K7OYUq4IDCghaAAl0+egf/Tp1vUJPfk8iXDpnFoLyc RIF1cytqa5hk41sh2mt9Fbby11FLAg0NLfoxnnyEKpb5qzx//9RwBl4KzP9aD411 ekQfkoKldau8+pc/PCM2cj0KNhG7I28wQkcPZQ7kkrX5f6S4QnnnMjKmyn3qUzQ7 9m8mFZXR9I/T7cG0SFiQg7CbzWdcZc8WLmUAwOcakouV16jdFkxx8WxvlyqsNWNa TK/jw0Y7jlrvvX60rL9I5xwPYXjhuYDEYMrahRsYFMzSxlXWsxP5GZfw/RXvFRzp GTc/pbYDh0AyfP81tbagRt/fyOwISrlXvs3VnNIIrS6ZyH9p01/7SQ+VnuPyd6cc 0tJQAae9GyP09mF3SfWQL6sCiy0wclEaxPBZ9FxnauCjvgF94w3xJ+1uiiOPk+eS Xup6VZoDIcC0TqKJExTbmDg1gHAKVbBEWf+4YPLxyjosw6E= =qzqu -----END PGP MESSAGE----- 

Decoding a GPG message is a snap. The -d parameter means decode and the command line specifies the file to decrypt. The decoded contents are sent to standard-out.

 gpg -d file.gpg > file  # decoding a binary GPG file gpg -d file.asc > file  # decoding an ASCII armored GPG file 

During the decryption, you will be asked to provide your private key's password.

Signing Data

Usually public keys are used to encrypt data, so only the private key can decrypt the file. This way, anyone can encrypt a message and only you can decrypt it. However, GPG does allow you to reverse the process. GPG can be used to sign messages using the private key-anyone with the public key can validate the cryptographic signature. This allows recipients to know that the data has not been tampered and that it is authentic. To sign a file, use:

 gpg -s file        # creates a signed binary file.gpg gpg -a -s file     # creates a signed ASCII armored file.asc gpg -e -a -s file  # creates a signed and encrypted ASCII armored file.asc 

When signing a file, you will be asked to provide your private key's password. During the decoding process (gpg -d), the signature will be tested and validated.

Although signing data may sound like a neat idea, it serves a critical purpose. In some jurisdictions, a digital signature is legal and binding. If you are sending contracts or making business agreements, consider using GPG to digitally sign a document. Doing this will prevent forgeries and is much more secure than faxing your signature on a piece of paper. (Be sure to first check with your legal council to make sure a digital signature is binding.)

Integrating with e-mail

PGP and GPG are most commonly used for encrypted e-mail. The Ubuntu mail program, Evolution, natively supports GPG (although it calls it PGP). When composing an e-mail, select the PGP options from the Security menu (see Figure 10-1).

Figure 10-1: Enabling PGP encryption and digital signatures

Evolution has one big limitation when using PGP: you will only be able to send encrypted e-mail when the trust level is defined on the public key. If the trust for a key is not defined, or a public key is unavailable for the recipient, then you will be unable to send an encrypted e-mail. (See the section on "Defining Trust" earlier in this chapter.) This can become a big problem if the key is associated with one e-mail address, but the user has a couple of different e-mail addresses.

Evolution is not the only e-mail program that supports PGP. I frequently use mutt (see Figure 10-2). This is a text-only mail program (sudo apt-get install mutt). This program enables me to easily send my public key to other people (by pressing Esc, then k) and I can enable encryption or signing by pressing p. Unlike Evolution, if mutt cannot find the appropriate keys, then it allows me to search for alternate keys. However, mutt is not a graphical application-HTML contents and images cannot be viewed using this tool.

Figure 10-2: Sending an e-mail with using mutt. In this example, a public key is being forwarded as an attachment

PGP does have one large limitation when used with e-mail: different e-mail programs may be incompatibility. A PGP e-mail sent with Microsoft Outlook may not be immediately readable with mutt or Evolution. This is because different mailers use different mail headers to identify an encrypted message. With mutt, you can usually resolve incompatible formats by pressing Ctrl+E and changing the Content-Type to application/pgp. In contrast, with Evolution you will need to save the e-mail to a file and decrypt it by hand.