- #1
- 2,355
- 10
[size=+2]I. Getting Started[/size]
[size=+2]About this Tutorial[/size]
This tutorial is intended to help Physics Forums SA/Ms use GnuPG (Gnu Privacy Guard, GPG for short) to
As some of you already know, PKI has historically been troubled by some highly contentious issues of public policy. These issues are difficult, complex, highly fluid, and by no means unworthy of our consideration, but to avoid distraction, I propose to focus in this thread on the problem of explaining how to use GPG in practice. It would be impossible to avoid any suggestion of implicit (and possibly politically controversial) stances on public policy issues, but I'll try my best.
[size=+2]Secure Cryptography is Normative and Good[/size]
PKI encryption of emails and PMs is analogous to putting a personal letter or personal check in a sealed envelope. (One of Ben Franklin's revolutionary ideas was that the U.S. Mail should be inviolate, quite unlike the mails in monarchial Europe c. 1774.) Encryption of a file (or your hard drive) is analogous to locking your private diary in a drawer. The postman could not deliver a letter, or he could open the envelope and misdirect your check, and your wife could break the lock and read your diary--- but we trust them not to do that. You trust your wife because you know her (you hope). You trust the postman because historically, AFAIK, the U.S. Postal Service has not become embroiled in known abuses affecting large numbers of ordinary Americans, unlike... some other U.S. governmental institutions.
In contrast, sending plaintext emails or PMs, or archiving email in a web server, or archiving PMs in your PM Inbox, is analogous to posting a personal letter on a bulletin board in the local laundromat, where it remains visible for years, and where anyone who happens by can read it at any time, without your knowledge, and quite possibly without the knowledge of anyone else but the snoop.
When I frame the use of personal PKI this way, I hope that most SA/Ms will see that on occasion they will have a legitimate need to use PKI cryptosystems, for example if they discover a security flaw in VB, or need to discuss in private a sensitive issue. Using PKI is not wrong!
Not only is using crypto not wrong, most people are almost certainly-- but quite possibly without being aware of it--- using crytographic software already. If you do your banking on-line, you probably connect to your bank's servers using https, which "tunnels" your connection through SSL (Secure Socket Layers), which in lay terms provides fairly strong cryptographic protection for your connection. (SSL is not the same as GPG, and there are many other ways besides SSL in which strong cryptography is used routinely for all kinds of web transactions.)
Tragically, many people have been given the impression--- apparently as a consequence of the infamous "crypto wars" between advocates of strong cryptography for citizens and the U.S. secret police in the 1990s--- that using PKI is illegal everywhere but the US. Which is not true. But the situation is fluid and current information about crypto laws in various nations is hard to come by. My advice (possibly very bad advice) is to ask around locally, but if all you hear are unsubstantiated rumors, I urge you to assume that crypto is legal in your locality--- unless and until your local government representative can provide a citation to the exact section of your local/provincial/national legal codes which says otherwise!. Just the same way you would assume that eating and breathing are legal in your locality unless your local government can cite the exact section of the applicable legal codes which says otherwise--- secure crypto is really that vital for virtually every aspect of on-line existence.
Just one quotation, if I may, from someone who knew a lot about betrayal and about speaking up for the disenfranchised, because I seem to be writing for two audiences, one legitimate, and one convinced that trying to teach citizens how to use strong cryptography is literally traitorous:
[size=+2]Secure Cryptography is Hard[/size]
Unfortunately, secure cryptography is notoriously hard to achieve, even if you are not doing any coding yourself. PKI software has the reputation of being challenging for newbies to use. And some vitally important points about using PKI properly are hard for newbies to grasp. Heck, there are points which are hard for me to grasp, and I've been worrying about this stuff for years.
One "metaprecept" seems noteworthy: cryptography is the kind of field which by its very nature is full of mutually contradictory maxims, all having more than a grain of truth. Trust no-one. Never do-it-yourself. You yourself pose the greatest security risk to your own cryptosystem. All crytosystems are broken eventually--- usually at the worst possible moment. And so on.
One of the scariest facts of life about crytography is that the one thing you can be sure of is that there are considerations you have never even dreamt of which could vitiate all your efforts to provide a safe way to transmit your private letters, to store your private diary, &c. Does that mean that one should just give up and not even try to use strong cryptography? Of course not. It just means that you should try to be prepared for possible compromises, insofar as it is possible to prepare for unknown future catastrophes.
One particularly scary fact about current PKI is that it depends upon the factorization of primes remaining hard. Several other "hard" problems which have been designed into the heart of alternative PKI systems turned out not to be so hard after all. If there were ever a huge advance in prime factorization, GPG could become insecure overnight. Then the world would turn, I guess, to algorithms based upon elliptic curves, unless quantum cryptography has become practical.
One bit of good news: strong cryptography provides an essential component of a robust response to crytographic compromises, and indeed to all kinds of computer security and privacy compromises. Just one more reason why it is so important for the key people in any organization (in this case PF) to have some familiarity with using strong cryptography--- before an emergency situation arises.
[size=+2]Do I Really Need to Read This Tutorial?[/size]
I think so, but for those who find it tough sledding on first reading, there are some shortcuts which may help.
If your primary interest is in using gpg with gmail, there are now many GUIs (graphical user interfaces) which make using GPG relatively painless for those who are afraid of "the shell" (in Linux-speak; I think Windows users call this "the command line interface"). Some of these are Windows, Mac, or Linux specific; many are available for all popular operating systems and platforms.
If you use Windows, you can find and read Steven Shankland's tutorial of Jan 14, 2010; search
for "Want really secure Gmail? Try GPG encryption". Using Gmail is a really, really bad idea unless you routinely use strong encryption. By strong contrast, using Gmail with GPG is probably not a bad idea at all, assuming you don't perform your cryptographic processing "in the cloud"!
[size=+2]Some Important Points to Bear in Mind[/size]
Before you start learning to use GPG, there are some things you should know:
[size=+2]Installing GPG[/size]
If you've read this far, I'm sure you are eager to get started, so let's begin at the beginning, by installing GPG.
If you use Debian Linux or a related distro (good for you!) you can install gpg in a few clicks using the package manager, or more likely a GUI which interfaces with the package manager, like kpackage or synaptic. Note that Debian packages are cryptographically signed (using GPG!) and also have checksums, which should be automatically checked by the package installer prior to installation. This is important because it provides reasonably secure assurance that the source code has not been tampered with before you install it on your computer--- obviously an important consideration when dealing with critical software such as crypto software!
If you use another Linux distro like SUSE or Mandrake or Ubuntu, these have their own package managers and you should ask on appropriate Linux forums for help if problems arise.
In general, if you use a Linux distro with a package manager, it is a very good idea to try to install software using the package manager rather than trying to install from source code. Howver, the option of installing from source code is available as a last resort.
If you use Mac or Windows, I can't help with installation issues, but I know it is possible to install gpg without pain. See
[size=+2]About this Tutorial[/size]
This tutorial is intended to help Physics Forums SA/Ms use GnuPG (Gnu Privacy Guard, GPG for short) to
- exchange public keys and build help build a "web of trust" among sci forum/blog administrators
- sign important plaintext posts (usually in SA or Mentor forum) for purposes of authentication
- exchange encrypted communcations with each other, either via email or via PM
As some of you already know, PKI has historically been troubled by some highly contentious issues of public policy. These issues are difficult, complex, highly fluid, and by no means unworthy of our consideration, but to avoid distraction, I propose to focus in this thread on the problem of explaining how to use GPG in practice. It would be impossible to avoid any suggestion of implicit (and possibly politically controversial) stances on public policy issues, but I'll try my best.
[size=+2]Secure Cryptography is Normative and Good[/size]
PKI encryption of emails and PMs is analogous to putting a personal letter or personal check in a sealed envelope. (One of Ben Franklin's revolutionary ideas was that the U.S. Mail should be inviolate, quite unlike the mails in monarchial Europe c. 1774.) Encryption of a file (or your hard drive) is analogous to locking your private diary in a drawer. The postman could not deliver a letter, or he could open the envelope and misdirect your check, and your wife could break the lock and read your diary--- but we trust them not to do that. You trust your wife because you know her (you hope). You trust the postman because historically, AFAIK, the U.S. Postal Service has not become embroiled in known abuses affecting large numbers of ordinary Americans, unlike... some other U.S. governmental institutions.
In contrast, sending plaintext emails or PMs, or archiving email in a web server, or archiving PMs in your PM Inbox, is analogous to posting a personal letter on a bulletin board in the local laundromat, where it remains visible for years, and where anyone who happens by can read it at any time, without your knowledge, and quite possibly without the knowledge of anyone else but the snoop.
When I frame the use of personal PKI this way, I hope that most SA/Ms will see that on occasion they will have a legitimate need to use PKI cryptosystems, for example if they discover a security flaw in VB, or need to discuss in private a sensitive issue. Using PKI is not wrong!
Not only is using crypto not wrong, most people are almost certainly-- but quite possibly without being aware of it--- using crytographic software already. If you do your banking on-line, you probably connect to your bank's servers using https, which "tunnels" your connection through SSL (Secure Socket Layers), which in lay terms provides fairly strong cryptographic protection for your connection. (SSL is not the same as GPG, and there are many other ways besides SSL in which strong cryptography is used routinely for all kinds of web transactions.)
Tragically, many people have been given the impression--- apparently as a consequence of the infamous "crypto wars" between advocates of strong cryptography for citizens and the U.S. secret police in the 1990s--- that using PKI is illegal everywhere but the US. Which is not true. But the situation is fluid and current information about crypto laws in various nations is hard to come by. My advice (possibly very bad advice) is to ask around locally, but if all you hear are unsubstantiated rumors, I urge you to assume that crypto is legal in your locality--- unless and until your local government representative can provide a citation to the exact section of your local/provincial/national legal codes which says otherwise!. Just the same way you would assume that eating and breathing are legal in your locality unless your local government can cite the exact section of the applicable legal codes which says otherwise--- secure crypto is really that vital for virtually every aspect of on-line existence.
Just one quotation, if I may, from someone who knew a lot about betrayal and about speaking up for the disenfranchised, because I seem to be writing for two audiences, one legitimate, and one convinced that trying to teach citizens how to use strong cryptography is literally traitorous:
Martin Luther King said:A time comes when silence is betrayal.
[size=+2]Secure Cryptography is Hard[/size]
Unfortunately, secure cryptography is notoriously hard to achieve, even if you are not doing any coding yourself. PKI software has the reputation of being challenging for newbies to use. And some vitally important points about using PKI properly are hard for newbies to grasp. Heck, there are points which are hard for me to grasp, and I've been worrying about this stuff for years.
One "metaprecept" seems noteworthy: cryptography is the kind of field which by its very nature is full of mutually contradictory maxims, all having more than a grain of truth. Trust no-one. Never do-it-yourself. You yourself pose the greatest security risk to your own cryptosystem. All crytosystems are broken eventually--- usually at the worst possible moment. And so on.
One of the scariest facts of life about crytography is that the one thing you can be sure of is that there are considerations you have never even dreamt of which could vitiate all your efforts to provide a safe way to transmit your private letters, to store your private diary, &c. Does that mean that one should just give up and not even try to use strong cryptography? Of course not. It just means that you should try to be prepared for possible compromises, insofar as it is possible to prepare for unknown future catastrophes.
One particularly scary fact about current PKI is that it depends upon the factorization of primes remaining hard. Several other "hard" problems which have been designed into the heart of alternative PKI systems turned out not to be so hard after all. If there were ever a huge advance in prime factorization, GPG could become insecure overnight. Then the world would turn, I guess, to algorithms based upon elliptic curves, unless quantum cryptography has become practical.
One bit of good news: strong cryptography provides an essential component of a robust response to crytographic compromises, and indeed to all kinds of computer security and privacy compromises. Just one more reason why it is so important for the key people in any organization (in this case PF) to have some familiarity with using strong cryptography--- before an emergency situation arises.
[size=+2]Do I Really Need to Read This Tutorial?[/size]
I think so, but for those who find it tough sledding on first reading, there are some shortcuts which may help.
If your primary interest is in using gpg with gmail, there are now many GUIs (graphical user interfaces) which make using GPG relatively painless for those who are afraid of "the shell" (in Linux-speak; I think Windows users call this "the command line interface"). Some of these are Windows, Mac, or Linux specific; many are available for all popular operating systems and platforms.
If you use Windows, you can find and read Steven Shankland's tutorial of Jan 14, 2010; search
Code:
http://news.cnet.com/
[size=+2]Some Important Points to Bear in Mind[/size]
Before you start learning to use GPG, there are some things you should know:
- PKI serves two equally vital but distinct functions
- authentication: proof that you are who you claim to be, that a post was written by the author named in the byline, etc.
- privacy: assurance that no-one but the intended recipients of a private communication can read a private written communication (or spoken, if you are using Skype).
- To use PKI properly it is vital that you and your correspondents be related by a "web of trust" (WOT). The idea is this: suppose that A wants to email a cryptogram to X. Suppose that A knows B well enough that B could swear in court that A is who he claims to be. Similarly B knows C well enough... and finally, Y knows Z well enough. Then, assuming trust of strength S is transitive, Z and A can each be confident that the other is who they claim to be. It's a bit difficult to explain briefly why the WOT is so critical--- or in other words, why secure authenticiation is essential for secure privacy--- so for the moment, please take my word for this. The important point here is that at present there is nothing approaching a WOT connecting PF SA/Ms. That can change if we all make a point of attending key-signing parties in our localities, but it will take time to build enough connections. In the mean time, we should start using PKI anyway, and hope for the best.
- Any cryptosystem is only as strong as its weakest component. More generally, any computer implementation of a cryptosystem is only as strong as its most carelessly written code. In particular, if you use a GUI for PKI encryption, and it turns out that there is a weakness in the code of the GUI, your crypto could be compromised.
- Similarly, the WOT is only as trustworthy as its most duplicitous/careless node. Thus, it is important for all SA/Ms to share some reasonable minimum of knowledge about using PKI properly.
- As with any software package, using GPG or PGP involves making tradeoffs between security and convenience; knowing something about the most critical issues can help you to make better choices adapted to the needs of your community (in this case, PF SA/Ms).
- GPG (and PGP) encrypt messages using a conventional "symmetric" block cipher such as Blowfish or CAST5; this means that the message is encrypted and decrypted using the same key, using a publically known algorithm, so the message can be read by anyone who obtains the key. A public-private keypair "trapdoor" type encryption algorithm, such as RSA, is used only to transmit the "one-time key" used to encrypt/decrypt a particular message. This is because trapdoor encryption is less computationally efficient than conventional block ciphers.
- Assuming proper use of PKI, the weakest point of GPG itself is probably the keyring where each user keeps his public-private key pairs, even though these are stored in hashed form rather than plaintext (and checksums are autoverified by GPG). Thus, it is vitally important to keep your key-ring someplace safe. Ideally, you'd keep it off-line, or only encrypt/decrypt on a computer which never connects to the web. That wouldn't be practical for most of us; below I will try to explain what I think is a reasonable compromise.
- Using PKI improperly could be much worse than simply sending sensitive information in plaintext over the InterNet! The reason is that anyone who is able to obtain your keyring can probably (with some effort)
- read all your past "private" communications,
- (if you do not learn immediately of the compromise) read all your future "private" communications,
- plausibly impersonate you.
- Examples of inappropriate and dangerous misuses of PKI cryptosystems include (in reverse order of self-destructive idiocy):
- using telnet or http to contact a remote server where you have installed GPG and where you keep your keyring, because in order to encrypt or decrypt remotely, you will then be transmitting your secret pass phrases in the clear over an insecure connection,
- using a computer which you do not own to perform personal PKI processing (companies which give out company laptops often install key loggers to check up on how their employees are using "their" laptop),
- storing a PKI pass phrase in an electronic device, such a PDA, or a "wallet" (software) on your computer, or anywhere in any form in any electronic medium (except possibly a smart card),
- storing plain text decrypts of sensitive messages in a PDA, smart phone, or on a webmail server not under your physical control,
- keeping your keyring in an unencrypted area of your hard drive, particularly if you use a laptop,
- storing plain text decrypts of sensitive messages in an unencrypted area, particularly if you use a laptop,
- making such elementary cryptographic blunders as using a poor passphrase, leaking information about your pass phrase, (possibly) posting the plaintext of a "test" cryptogram...
- Expanding on the last point, in practice, operator error has historically proven to be the single greatest threat to the security of cryptosystems--- and of "secrets" generally. Recent examples include the rushed British official, apparently late for a meeting, who was photographed outside the residence of the Prime Minister clutching a typescript. Blowing up the photograph revealed a clearly legible image of a top secret briefing on an alleged terrorist plot--- a revelation which led to a panicked series of "premature" arrests of some persons who were being entrapped by the British secret police and who were visibly named in the document. And you wouldn't believe (unless you read the same news stories I have read) the things which people have left in taxis, on trains, in airplanes, or confided to people they just met. Trained people who are supposed to know better.
- To emphasize a critical point: unless you are using a very secure VPN and really know what you are doing and really have very strong reasons to trust the owner/operator of a remote server, you really should not even think about mixing PKI and "cloud computing"; in particular, you should not trust Google and other providers of commercial cloud computing services, at least not for performing personal crytographic processing,
- Contrary to my assessment of only a few months ago, it is probably no longer safe to assume that your hard drive is unlikely to be seized and seriously attacked at some point in the next five or ten years. "All other things being equal", you say? Well yes, but all other things are not equal. As a SA or Mentor, you are not just any PF user. And PF is not just any web forum. Bearing this in mind, there are various security issues associated with risk of your hard drive being stolen or seized and studied in detail. For example, various kinds of "information leakage" can seriously compromise PKI, but the risks can be difficult to estimate or mitigate without considerable technical expertise.
- Making regular backups of your files on your computer is a very good idea. Backing up your keyring and any archive of sensitive emails/PMs involves somewhat tricky issues. Later I might try to explain some practical advice by encrypted comms.
- GPG tries hard to avoid having your operating system carelessly write to disk sensitive information (such as as your passphrase as you typed in in plaintext into your keyboard). The problem is that a sophisticated attacker who steals or scans your laptop can possibly recover your passphrase in plaintext if it was ever written to disk, and this would completely compromise that particular key. GPG uses setuid (ouch!) to lock memory (whereupon root privileges should immediately be dropped) to try to ensure that sensitive information won't be written to disk. But if you use a laptop, you should look into measures you can and should take to ensure that if your laptop goes into a power-saving "sleep mode", you passphrase won't be written to disk.
- These days, sensitive information can often be recovered from RAM by a sufficiently sophisticated attacker who has possession of your computer. And of course a keylogger will completely compromise any keys you have used, because the attacker will learn the passphrase in the clear. TEMPEST technology is said to already be more common than most people realize, and is currently difficult to circumvent. Your CPU, your browser, your router, and other items of equipment you use--- even your printer--- all log much more information than (most likely) you realize. Some software you require may well surreptitiously "call home" with possibly sensitive information about you. Any and all of these phenomena can potentially vitiate some or all of your crytographic protection.
- If you use a laptop and travel by air, the chances that your laptop will be scanned are fairly high. Some travelers have been ordered to provide border control officers with the password to unlock their personal laptop. Since we know that you are not using PKI to abet anything but the legal privacy of a citizen who has a legitimate need to transmit and store some personal information secretly, consider using steganography, so you won't have to try to explain difficult concepts to a policeman who may not be as well educated as we are, or who may not be fluent in a common language--- or who simply doesn't like your looks.
[size=+2]Installing GPG[/size]
If you've read this far, I'm sure you are eager to get started, so let's begin at the beginning, by installing GPG.
If you use Debian Linux or a related distro (good for you!) you can install gpg in a few clicks using the package manager, or more likely a GUI which interfaces with the package manager, like kpackage or synaptic. Note that Debian packages are cryptographically signed (using GPG!) and also have checksums, which should be automatically checked by the package installer prior to installation. This is important because it provides reasonably secure assurance that the source code has not been tampered with before you install it on your computer--- obviously an important consideration when dealing with critical software such as crypto software!
If you use another Linux distro like SUSE or Mandrake or Ubuntu, these have their own package managers and you should ask on appropriate Linux forums for help if problems arise.
In general, if you use a Linux distro with a package manager, it is a very good idea to try to install software using the package manager rather than trying to install from source code. Howver, the option of installing from source code is available as a last resort.
If you use Mac or Windows, I can't help with installation issues, but I know it is possible to install gpg without pain. See
Code:
gnupg.org
Last edited: