Professional Documents
Culture Documents
1024D/1C98774E (99/08/23): 94DD 1125 CDFB AB48 6573 28EF C662 E1EA 1C98 774E
1024R/CEFC9215 (97/09/08): 92 00 AC 56 59 50 13 83 3C 18 6F 1B 25 A0 3A 5F
1024D/C272A126 (99/10/13): 93A3 365E CE47 B889 DF7F FED1 389A 563C C272 A126
Abstract
This document describes how to sign and encrypt mail and other
data. It first tells a little bit about the basics of cryptography and
then gives an overview of GnuPG functionality and its trust model.
It also deals with integration into mail programs (mutt + Gnus) and
with compatibility issues for old PGP2 keys.
1 Basics
1.1 How secure is it?
There are a couple of algorithms which are considered safe by mathemati-
cians. Safe means, that there is no known weak point in the algorithm,
resulting in the fact, that the only possible attack is brute force1 . Brute
force means that every possible key is tried, until the right one has been
found. A brute force attack against a 56 bit DES key took a little more
than a year to crack by thousands of computers spending their idle time
to crack it in 1997/1998 in the distributed.net effort. In 1999, specialized
hardware built by the EFF was able to crack it within less than a day. So
56 bit DES can no longer be considered to be safe.
∗
General, GnuPG and mutt part
†
Gnus part
1
This is not entirely true. When the key is generated, you need good random numbers.
If those are bad and predictable, your key might be found easily. Linux /dev/random
however is OK.
1
As every single bit in the length of the key doubles the number of possible
keys, reasonably long keys are safe, unless some mathematician finds a weak
point in the algorithm. The 168 bits of Triple DES won’t be found by brute
force attacks within the next hundred years. If computer power increased
by a factor of two every year, you’d need one more bit every year for the
same level of safety . . .
1.3 Hashes
Asymmetric algorithms provide a means to make sure, nobody but the owner
of the secret key is able to read the encrypted message.
Two more things are desired for secure communication: The recipient
wants to know if the sender is really the one he seems to be and the message is
2
really the one the sender sent originally. Ensuring this is called a “signature”.
For prooving his identity, the sender uses his secret key. Without know-
ing it, the recipient can check it by using the well-known public key of the
refered person. However, he still does not know, whether the message is the
one originally sent.
In order to achieve this, Hashes are used. A hash is a sort of a checksum,
which is being computed over the text. The algorithm used for this checksum
(hash value), however, needs to make sure, that changing a bit can not
easily be compensated with changing another one. The hash value itself is
protected by mangling it with the secret key. Ideally, no two different texts
would result in the same hash value. In practice, the hash values used are
much shorter than the text itself and therefore it is in theory possible to
find different texts with the same hash value. The better the algorithm the
more difficult to find it. Commonly used algorithms include MD5, SHA1,
RIPEMD160.
3
fact that it was already published in 1977 by Rivest, Shamir and Adleman.
The symmetric algorithm used, IDEA, is also covered by a patent, also in
Europe, and only strictly private use is possible without having to pay a fee
to Ascom Ltd. Newer versions of PGP (5.x, 6.x) used other algorithms, but
the program was no longer available for free for everybody. In commercial
environments, fees had to be paid. So, a lot of people did never accept PGP5
or later.
Therefore a new project came up: Gnu Privacy Guard, called GnuPG
or gpg. It was created within Europe to prevent the US regulations and
patented algorithms were avoided. It is designed to comply to the OpenPGP
(RFC2440) specification and released under the GNU GPL Copyleft. The
version 1.0.0 was released in September 1999.
2.2 Functionality
GnuPG offers the full range of functionality for en- and decryption, hashing
and signing messages and checking those. It supports several algorithms and
can be extended by modules.
It furthermore offers key management. It keeps the keys stored in a
database, called keyring. There is a private keyring, containing secret keys
(often only one), which is protected by a passphrase, and a public keyring
(typically quite large), containing a collection of public keys.
In order to be sure, public keys really belong to the owner, the user would
have to meet the person, check his ID and accept his public key on a floppy
disk. As this is quite unrealistic, GnuPG (like PGP) provides a little help.
First, there are fingerprints. A hash algorithm is run over the public key
and a hash value, called “fingerprint” is displayed. This fingerprint consists
of a couple of hex numbers and can easily be compared at a telephone line.
If the fingerprint is correct, one can be quite sure that the key is authentic.
4
have the real public keys of them, you may allow them to introduce new
trusted keys to you.
Apart from this model, you may also use an hierarchical key signing
policy. In a company, you may designate a person responsible for signing
keys and the user may trust all public keys signed by this one. There are also
Certification Institutes (CA) that sign keys, if you prove your identity with
the help of a passport. Depending on their published policy, their owner,
their visible skill and your paranoia, you may trust keys signed by them.
Note that you can also have untrusted keys in your keyring. You will be
warned, when using them, because you don’t know, those really belong to
the one they seem to.
A lot of people just store their public key on a web site or submit it to one
of the public keyservers. See http://www.keyserver.net/ or http://www.
openpgp.net/ for more information on keyservers. Putting your gpg key
into the file ~/.plan is also a good idea: People can get it by a finger
command. Printing your key’s fingerprint on your business cards is also a
nice idea.
5
Afterwards, you might want to export the signed key again and give it
back to the owner. He can import this key again and your signature will
then also show up in his public keyring. Whenever he exports his public
again, your signature will be included and tell others, that you trust him.
2.4.4 Miscellaneous
There are a lot more commands. Use the man page or the --help option to
get this info. You can add user-IDs to keys, revoke keys, etc.
You missed the options to encrypt, decrypt, signing and checking mes-
sages? Well, look into the next chapter: You will use gpg directly only for
the key management, if you just want to use it for mail. Otherwise have a
look at the man page.
6
3 Encrypting and Signing e-mails
Very often you have confidential information that you want to tell some-
body else by e-mail. Therefore you want to use encryption and signatures.
You may use GnuPG directly to encrypt and sign your letter and send this
document as attachment to your party. But there’s software that helps you
doing this automatically, so you won’t have to bother about calling GnuPG
yourself.
For e-mails, it’s the job of the mail reader (MUA = Mail User Agent) to
provide this help.2
The Mail program mutt does provide excellent support for PGP and
GPG. It has a lot of other nice features like mail threading and it is therefore
the prefered MUA of a lot of people. The interaction between mutt and gpg
will be described below. Other program with gpg support include pine
(limited), Gnus and others.
7
# Sign by default
set pgp_autosign
# How many seconds does mutt remember your pass phrase
set pgp_timeout=600
# If you have more than one private key, specify which one you want
set pgp_sign_as=0x1C98774E
# pgp2 language: "mutt" is english with shorter messages
set pgp2_language=mutt
# You need this if you want to be able to encode 8bit messages
set pgp_strict_enc
For mutt-1.2, the PGP support settings have changed slightly. I split
most of them out of my ~/.muttrc by putting a source ~/.gpg.rc there.
I left
set pgp_replysign
set pgp_replyencrypt
set pgp_autosign
set pgp_timeout=1200
set pgp_strict_enc
# decode application/pgp
set pgp_decode_command="gpg-compat %?p?--passphrase-fd 0? \
--no-verbose --batch -o - %f"
8
# create a pgp/mime signed attachment
set pgp_sign_command="gpg-2comp --no-verbose --batch -o - --passphrase-fd 0 \
--textmode --armor --detach-sign %?a?-u %a? %f"
# verify a key
set pgp_verify_key_command="gpg-compat --no-verbose --batch \
--fingerprint --check-sigs %r"
# verify a key
set pgp_verify_key_command="gpg-compat --no-verbose --batch \
--fingerprint --check-sigs %r"
9
Another note: Many editors create backup copies. If those stay lying
aroung in /tmp/, your privacy is not protected very well . . . . Use edi-
tors, where you can switch off backup copies or use the mutt option set
delete_tilde, which will delete the file with a tilde appended after edit-
ing.3 You may instead set the dir for temporary files to one belonging to
you in your ~/.muttrc: tmpdir=~/tmp. Needless to say that this directory
should better exist . . .
PGPpine, an old package to help pine (3.9x) to produce encrypted mes-
sages, produces PGP messages without the correct MIME type. Add the
following to your ~/.procmailrc, if you want to have mutt recognize those
as PGP messages.
# Part of your ~/.procmailrc
# This recognizes PGPpine PGP messages and places the correct MIME type
:0
* !^Content-Type: message/
* !^Content-Type: multipart/
* !^Content-Type: application/pgp
{
:0 fBw
* ^-----BEGIN PGP MESSAGE-----
* ^-----END PGP MESSAGE-----
| formail \
-i "Content-Type: application/pgp; format=text; x-action=encrypt"
:0 fBw
* ^-----BEGIN PGP SIGNED MESSAGE-----
* ^-----BEGIN PGP SIGNATURE-----
* ^-----END PGP SIGNATURE-----
| formail \
-i "Content-Type: application/pgp; format=text; x-action=sign"
}
10
(setq load-path
(cons "/home/aj/ELisp/mailcrypt-3.5.5" load-path))
To hook Mailcrypt in your (X)Emacs, add the following lines to .emacs:
(load-library "mailcrypt")
(mc-setversion "gpg")
(autoload ’mc-install-write-mode "mailcrypt" nil t)
(autoload ’mc-install-read-mode "mailcrypt" nil t)
(add-hook ’gnus-summary-mode-hook ’mc-install-read-mode)
(add-hook ’message-mode-hook ’mc-install-write-mode)
(add-hook ’news-reply-mode-hook ’mc-install-write-mode)
Next time you start Gnus, you get a menu called ¨Mailcrypt¨ which gives
you an easy access to GnuPG.
Some variable settings which might be helpful are:
;; Use the pgp2 compatibility wrapper
(setq mc-gpg-path "/usr/bin/gpg-compat")
;; If you have more than one key, specify the one to use
(setq mc-gpg-user-id "0x12345678")
;; Always sign encrypted messages
(setq mc-pgp-always-sign t)
;; How long should mailcrypt remember your passphrase
(setq mc-passwd-timeout 600)
To sign automatically every message you send, you need to add some
lisp code. After adding the following lines to your .emacs file, (X)Emacs
will ask you if the message is to be signed before sending it.
(add-hook ’message-send-hook ’my-sign-message)
(defun my-sign-message ()
(if (yes-or-no-p "Sign message? ")
(mc-sign-message)))
Please note that Mailcrypt and Gnus don’t support proper MIME han-
dling as specified by the OpenPGP (RFC2440) specification. It just replaces
the text.
References
[1] Bruce Schneier, “Applied Cryptography: Protocols, Algorithms,
and Source Code in C”, 2nd edition, John Wiley & Sons, 1995
[2] Documentation to pgp and GnuPG, to be found in the man
pages and /usr/share/doc/packages/pgp resp. /usr/share/doc/
packages/gpg.
[3] GnuPG HOWTOs in english, french, german and spanish.
11