Cover V10, I01

Article

jan2001.tar


GnuPG: An Open Solution to Data Protection

D. Hageman

It has often been said that changing times dictate changes in the way we interact with the world around us. In today's world, the movement of private communications to the public arena of the Internet is no exception to this rule. Businesses and individuals are now finding the need to utilize computer networks to facilitate their communications, and these transmissions of data need to be protected from the prying eyes of the public. Phil Zimmerman recognized this need, and in 1991 he created an application for protecting data called Pretty Good Privacy (PGP). This software soon became the primary program used for securing email communication. However, changing times have again dictated that a new contender enter the ring. This software is Gnu Privacy Guard.

What is Gnu Privacy Guard ?

Gnu Privacy Guard (GnuPG or GPG), is an open, patent-free encryption application whose main purpose is to protect communication and secure data archives. It achieves this goal by implementing a hybrid cipher system that utilizes both a symmetric cipher system and a public-key cipher system. A symmetric cipher is a system that uses a single key for encryption and decryption of data. One problem of using only this type of cryptography system for securing communications is that all parties must know and agree upon the key. The subsequent concern is regarding the best way to securely transmit the information about this key. Unfortunately, no sufficient method for performing this task exists -- hence, the weakness in the nature of symmetric cipers.

The public-key cipher system utilizes two keys: a private one that is used for decrypting data, and a public one for encrypting data. This eliminates the problem of secure key communication that is inherent in the symmetric cipher system, since the public key may be freely transmitted. It is, however, imperative that the private key be kept just that -- private. As such, the hybrid cryptosystem is one in which the core is the public-key cipher and a symmetric cipher is used to protect the private key.

GnuPG is also intended to be an implementation of RFC2440, the OpenPGP Internet Standard. This specification is based on Pretty Good Privacy 5.0, thus GnuPG (to some degree) is compatible with PGP. This compatbility will be further refined as future versions of each software packages are released. This a major feature that will interest free software enthusiasts, allowing them to use open software to work with closed systems.

Where Do I Get GnuPG?

The source code and documentation for GnuPG can be found at its official Web site, located at: http://www.gnupg.org. However, if you are using a recent release of your favorite Linux distribution or free UNIX, you may already have GnuPG installed. Since each flavor of UNIX and its variants are different, it is up to the reader to determine whether it is already installed. In this article, I will be using RedHat Linux 7.0 for my examples and assume the reader has a modest level of experience in using RedHat Linux. However, what I will be demonstrating is applicable to most UNIX platforms.

How Do I Compile GnuPG?

If you have discovered that you do not have GnuPG already installed on your system, or if you would just like to compile it from scratch for the experience, go to the official Web site, download the latest source code, and uncompress it. It will create a directory with a name of the form of gnupg-, followed by the version of the application. At the time of this writing, the version is 1.0.3, thus the directory name is gnupg-1.0.3. Change your current working directory to this directory. I recommend that you take time to read the NEWS and INSTALL file that is located in the source tree. When you are ready to compile the software, type:

sh configure --enable-static-rnd=linux             

This command will run the configure script that will attempt to automatically detect your system type and capabilities and configure the software package for your machine. In the example that I have shown, I added the --enable-static-rnd=linux switch to force the use of /dev/random for access to random data because I am using GnuPG on a Linux distribution. In theory, the configure script should be intelligent enough to detect and select the best option, but it is imperative that GnuPG have the optimal source for random byte data for the platform on which you are compiling the software. As I have already discussed, the strength in this cryptography system is located in the keys, and when GnuPG generates these keys, it needs a large quanity of random byte data. If you fail to have this, you will have weak keys, thus weak protection of data.

After you have run the configure script, it will generate the appropriate makefiles for your system. After it has completed this, you should simply be able to type:

make             

And if there are no errors, follow it up by:

make install             

After this command is completed and you have ensured that the gpg executable is in your system path, GnuPG should be ready to use, except for one small thing. It is recommended that you make GnuPG setuid root. It is usually a poor idea to do this with software, but it is necessary in this case because GnuPG can only allocate pages of memory that are not paged out to the disk as root. The concern is that if this information is paged out to disk, prying eyes could conceivably manipulate the data on the disk to retrieve your keys, taint your data, or other things that could compromise the strength of your key pairs. This last item is optional, but if you choose not do it, GnuPG will repeatedly advise you that it would be a good idea if you did.

How Do I Set Up GnuPG?

The configuration process for GnuPG has been made as painless as possible by the developers. The default values the GnuPG will use are adequate for most users. They occasionally need to be modified to accommodate special needs, but if you recognize these special needs, then you will probably know what requires modification. All use of GnuPG should be done on a local computer. It will work on a remote machine, but there's no guarantee that tampering with your connection or the remote machine won't occur. In my examples, the values that I have input into the software are in bold print.

The first step in setting up GnuPG is to generate your public and private key pairs. This is done by the following command:

[jdoe@typhon jdoe] gpg --gen-key 
gpg (GnuPG) 1.0.3; Copyright (C) 2000 Free Software Foundation, Inc.
This program comes with ABSOLUTELY NO WARRANTY.
This is free software, and you are welcome to redistribute it under certain conditions. See the file COPYING for details.
gpg: /home/jdoe/.gnupg/secring.gpg: keyring created 
gpg: /home/jdoe/.gnupg/pubring.gpg: keyring created
Please select what kind of key you want: (1) DSA and ElGamal (default)
(2) DSA (sign only) (4) ElGamal (sign and encrypt)
Your selection? 1

GnuPG currently supports three key types: DSA, ElGamal, and RSA (which was recently acquired due to the expiration of the patent protecting that algorithm). However, as of version 1.0.3, it can only generate keys of the first two types with RSA key generation planned for a future release. The recommended option at this time is the first one to generate both a DSA key and an ElGamal key. After you select this option, you will see output similar to the following:

DSA keypair will have 1024 bits.
About to generate a new ELG-E keypair.
minimum keysize is 768 bits
default keysize is 1024 bits
highest suggested keysize is 2048 bits
What keysize do you want? (1024) 1024

It is now prompting you to enter the size of the key you want to generate. All other things being equal, the higher the bit size of your key, the stronger it is. However, because other factors are involved, this is not always the case, and these other variables have a good possibility of weakening your keys. Thus, the recommended key size is 1024 bits, due to the possibility of large hash sizes weakening the keys. After you select 1024, you will see output similar to the following, prompting you for input on the expiration time of your keys:

Please specify how long the key should be valid.
0 = key does not expire
<n> = key expires in n days
<n>w = key expires in n weeks
<n>m = key expires in n months
<n>y = key expires in n years
Key is valid for? (0) 0
Key does not expire at all
Is this correct (y/n)? y

At this point, you have the option of selecting a time period after which your keys will expire. If you are truly paranoid, and some experts recommend it depending on the data you are handling, then you should choose an expiration date for your keys. Most users will find this inconvenient for them, thus the default option is that the key will not expire. After you select your preference, GnuPG will prompt you for verification and then continue with something like the following:

You need a User-ID to identify your key; the software constructs
the user id from Real Name, Comment and Email Address in this form: "Heinrich Heine (Der Dichter) <heinrichh@duesseldorf.de>"
Real name: John Doe
Email address: johndoe@yourisp.com
Comment:
You selected this USER-ID:
"John Doe <johndoe@yourisp.com>"
Change (N)ame, (C)omment, (E)mail or (O)kay/(Q)uit? O 

You then need to input your name (in the manner that you prefer it to be displayed in the key management system), along with your email address and any comments you want to add to your key when prompted. GnuPG will help ensure that you don't make any mistakes by prompting for verification since you cannot return to modify this information at a later date. It then prompts you for a passphrase to protect the private key of your key pair. It is a good idea to follow the same rules that govern the choosing of good passwords. Do not choose names, dates, addresses, or other data that is related to you and easily accessible (i.e., guessable) by other people. I like to pick longer passphrases (e.g., quotes from a book that I have randomly pulled off the shelf). Try not to pick something too long or you may regret it, because you will be required to type this in every time you decode data that was sent to you using your public key.

After you have selected and verified your passphrase, GnuPG will begin to generate your key. When this happens, you will see output similar to the following:

We need to generate a lot of random bytes. It is a good idea to 
perform some other action (type on the keyboard, move the mouse,
utilize the disks) during the prime generation; this gives the
random number generator a better chance to gain enough entropy. +++++++++++++++++++++++++.+++++++++++++++++++++++++.+++++++++++++++++
++++++++++++++++++.++++++++++..++++++++++++++++++++++++++++++++++++++++>.

It is important to introduce a good amount of entropy into your random byte generating device at this time. As the instructions indicate, it is a good idea to type on the keyboard, move the mouse, and do other system tasks to generate random data. On platforms that utilize the Linux kernel, entropy is gained into /dev/random mainly through the keyboard. As such, make sure you type copiously when this happens on Linux systems. Once it completes, you have finished the first step in setting up GnuPG!

The next step is a safe guard against problems that might occur in the future, such as forgetting your passphrase, having your private key compromised, or simply deciding to change keys. I cannot stress enough the importance of this step. In this step, I will go through the process of generating a revocation certificate. This is certificate will be used if you encounter any problems with your key pairs. The command used to generate the revocation certificate is below:

[jdoe@typhon jdoe] gpg --output revoke.gpg --gen-revoke  johndoe@yourisp.com 
sec 1024D/4DD4162D 2000-09-28 John Doe <johndoe@yourisp.com> 
Create a revocation certificate for this key? yes
Please select the reason for the revocation:
1 = Key has been compromised
2 = Key is superseded
3 = Key is no longer used
0 = Cancel
(Probably you want to select 1 here)
Your decision? 1
Enter an optional description; end it with an empty line:
>
Reason for revocation: Key has been compromised
(No description given)
Is this okay? yes

After you generate this certificate, you must remove it from your computer and store it in a safe place. I recommend storing it on a floppy disk (or two -- due to the fail rate of this media type) and put it in a safe place. If you do not do this, and someone acquires this certificate, they can make your key pair sterile.

We have now generated a key pair and the revocation certificate. The next step is to export the public key into a format that we will be able to distribute to colleagues. The keys are stored natively in a binary format, so this does not allow for easy exchanging. Because of this, when we export our public key, we will enable the option called ASCII armor (which will translate the native binary format into an ASCII block of text for easy exchanging of keys). The command to do this is:

[jdoe@typhon jdor]$ gpg --armor --output "johndoe.gpg" --comment                \
               "John Doe <johndoe@yourisp.com>" --export johndoe@yourisp.com 

This will output your public key into the file you specify with the output switch -- in this example, johndoe.gpg. You can now distribute this file by sending it via email, posting it on your Web page, or serving it using finger. Anyone who retrieves your public key will be able to send secure messages to you. All parties with whom you need to do two-way communication must do the same with their public key and send it to you. Once you have received their public key, you need to import their key into your keyring, and verify its legitimacy. Shown below is a hypothetical key importing for the public key of Jane Doe:

[jdoe@typhon jdoe]$ gpg --import janedoe.gpg 
gpg: key 8E7A5B3B: public key imported
gpg: /home/johndoe/.gnupg/trustdb.gpg: trustdb created 
gpg: Total number processed: 1 
gpg:               imported: 1 

This process imports the key into your keyring, but how do you know for sure that this is the key belonging to Jane Doe? GnuPG enforces this train of thought by warning you if you have not verified the legitimacy of the public key you are working with. Once you have verified that the key is legitimate, you need to sign the key. You do this by the following:

[jdoe@typhon jdoe]$ gpg --edit-key janedoe@yourisp.com 
gpg (GnuPG) 1.0.3; Copyright (C) 2000 Free Software Foundation, Inc. 
This program comes with ABSOLUTELY NO WARRANTY. This is free
software, and you are welcome to redistribute it under certain conditions. See the file COPYING for details.
pub 1024D/8E7A5B3B created: 2000-09-28 expires: never    trust: -/q 
sub 1024g/96A71488 created: 2000-09-28 expires: never 
(1)Jane Doe <janedoe@yourisp.com> 

This will put you at a command prompt that allows you to do key management. If you are interested in all the commands you can use in this interactive mode, just type the command help. At the moment, though, we are only interested in verifying and signing the key of Jane Doe. We do this by first retrieving the fingerprint of her public key. This is done by the fpr command as shown:

Command> fpr 
pub 1024D/8E7A5B3B 2000-09-28 Jane Doe <janedoe@yourisp.com>
Fingerprint: EF71 7A8C 9667 152E 4156 19A1 7AD4 AF95 8E7A 5B3B

The output will show you the fingerprint of Jane's public key. Now you need to contact her in some manner to get absolute verification that this is her key by comparing the fingerprint you have for her key, with the one she displays for her key. It is important that this is not done over email or through some other form that could be manipulated. In fact, the ideal way to verify fingerprints is to do it in person. Now that you have verified that the key you have for Jane Doe is authentic, you must sign it to show that you went through this process. This is done by using the sign command in this interactive mode:

Command> sign 
pub 1024D/8E7A5B3B created: 2000-09-28 expires: never trust: -/q
Fingerprint: EF71 7A8C 9667 152E 4156 19A1 7AD4 AF95 8E7A 5B3B
       Jane Doe <janedoe@yourisp.com> 
 Are you really sure that you want to sign this key
with your key: "John Doe <johndoe@yourisp.com>"
Really sign? y 

Once you have answered yes to this question, it will ask you for the passphrase to your private key so that you can sign Jane Doe's key. You can then type quit and it will prompt you to save your changes. You need to input yes to this question also. You can now safely use Jane Doe's key with the knowledge that unless something happens with her private key or passphrase, only she can get the data you send to her. There are more details to key managemant; what I have shown you here is only the tip of the iceberg. If you intend to seriously use GnuPG, you should research this topic in more detail.

I will now show an example of encrypting data to send to another person. You should first prepare the document for encryption. If you have multiple documents, it is recommend that you archive them into one single file so the receiving person doesn't have to type in his or her passphrase for each individual document you send. Encrypting a file is a simple process to remember because the command line is very straightforward. It is not, however, particularly easy on your machine because it is required to do a good amount of math to encrypt the data. Do not be surprised if it takes some time. An example command for encrypting data is:

 [jdoe@typhon jdoe]$ gpg --output resume.doc.gpg --encrypt \
  --recipient janedoe@yourisp.com resume.doc             

The encrypted document in the above example is named resume.doc.gpg. After you send this document to the receiver, he or she will have no problems decrypting it because that command is even easier then the encryption command. It will take a while to decrypt it because it has to do some math, just like when it encrypts. When you run the following command, it will prompt you for the password and then output the information to standard out, unless you specifiy the --ouput switch. The command for this is:

[janedoe@typhon janedoe]$ gpg --ouput reply.doc --decrypt reply.doc.gpg             
You need a passphrase to unlock the secret key for            
user: "Jane Doe <janedoe@yourisp.com>"
1024-bit ELG-E key, ID 96A71488, created 2000-09-28 (main key ID 8E7A5B3B)
Enter passphrase:             

Making Life Easier with GnuPG

Everything I have covered to this point has been interacting with GnuPG by using its command-line interface. It has been my experience, though, that many people find this interface to be inadequate. Recognizing this as a potential problem, a graphical user interface was created that is distributed from GnuPG's official Web site. This front-end interface is called Gnu Privacy Assistant. Experiment with this front-end if you or your users have problems with the command-line interface.

Conclusion

GnuPG is an excellent tool for securing your data and communications. However, there is no silver bullet when it comes to protecting sensitive information. GnuPG can definitely help you, but it must be accompanied by a well-implemented policy and enforcement. After a weak link is created, it can compromise the whole system.

References

Official Website for GnuPG: http://www.gnupg.org

Annotated RFC2440 (OpenPGP Internet Specification): http://www.gnupg.org/rfc2440.html

Schneier, Bruce. Applied Cyrptography, 1995. John Wiley & Sons, Inc.

D. Hageman has been involved with the free software (as in free speech, not free beer) movement since 1996. During this time he has held jobs ranging from being a sysadmin for an ISP to being a developer for a programming firm. He currently works as an independent computer consultant. He can be reached at: dhageman@dracken.com.