A thought that I haven’t had a chance to fully consider (so I’m asking the Internet to do that for me)…
I have a geographically-diverse team that uses GPG to provide integrity of their messages. Usually, a team like this would all huddle together and do a formal key-signing event. With several large bodies of water separating many of the team members, however, it’s unlikely that we could even make that work.
The alternative I thought of was using a video chat meeting to facilitate the face-to-face gathering and exchange of information. There are obviously some risks, here, but I wonder if those risks are suitably mitigated through the use of authenticated/encrypted links to the video chat system? Can anyone point to why this would be a bad idea?
Generating a PGP using GnuPG (GPG) is quite simple. The following shows my recommendations for generating a PGP key today.
$ gpg --gen-key gpg (GnuPG) 1.4.16; Copyright (C) 2013 Free Software Foundation, Inc. This is free software: you are free to change and redistribute it. There is NO WARRANTY, to the extent permitted by law.
Please select what kind of key you want: (1) RSA and RSA (default) (2) DSA and Elgamal (3) DSA (sign only) (4) RSA (sign only) Your selection? 1 RSA keys may be between 1024 and 4096 bits long. What keysize do you want? (2048) 3072 Requested keysize is 3072 bits Please specify how long the key should be valid. 0 = key does not expire = key expires in n days w = key expires in n weeks m = key expires in n months y = key expires in n years Key is valid for? (0) 1y Key expires at Tue 16 Jun 2015 10:32:06 AM EDT Is this correct? (y/N) y
You need a user ID to identify your key; the software constructs the user ID from the Real Name, Comment and Email Address in this form: "Heinrich Heine (Der Dichter) <email@example.com>"
Real name: Given Surname Email address: firstname.lastname@example.org Comment: Example You selected this USER-ID: "Given Surname (Example) <email@example.com>"
Change (N)ame, (C)omment, (E)mail or (O)kay/(Q)uit? o You need a Passphrase to protect your secret key.
We need to generate a lot of random bytes. It is a good idea to perform some other action (type on the keyboard, move the mouse, utilize the disks) during the prime generation; this gives the random number generator a better chance to gain enough entropy. ..........+++++ .....+++++ We need to generate a lot of random bytes. It is a good idea to perform some other action (type on the keyboard, move the mouse, utilize the disks) during the prime generation; this gives the random number generator a better chance to gain enough entropy. +++++ ....+++++ gpg: key 2CFA0010 marked as ultimately trusted public and secret key created and signed.
gpg: checking the trustdb gpg: 3 marginal(s) needed, 1 complete(s) needed, PGP trust model gpg: depth: 0 valid: 2 signed: 49 trust: 0-, 0q, 0n, 0m, 0f, 2u gpg: depth: 1 valid: 49 signed: 60 trust: 48-, 0q, 0n, 0m, 1f, 0u gpg: depth: 2 valid: 8 signed: 17 trust: 8-, 0q, 0n, 0m, 0f, 0u gpg: next trustdb check due at 2014-09-09 pub 3072R/2CFA0010 2014-06-16 [expires: 2015-06-16] Key fingerprint = F81D 16F8 3750 307C D090 4DC1 4D05 E6EF 2CFA 0010 uid Given Surname (Example) <firstname.lastname@example.org> sub 3072R/48083419 2014-06-16 [expires: 2015-06-16]
The above shows the complete exchange between GPG and myself. I’ll point out a couple of selections I made and explain why I made those choices.
Key type selection
I selected the default selection of two RSA keys. The keys used for signing and encryption will both be RSA which is strong right now. DSA has been proven to be weak in certain instances and should be avoided in this context. I have no comment on ElGamal as I’ve not done research here. Ultimately the choice is up to you.
I’ve selected 3072 instead of the default 2048 here. I recommend this as the minimum bit strength as this provides 128 bits of security as compared to 112 bits of security with 2048. 128 bits of security should be secure beyond 2031 as per NIST SP 800-57, Part 1, Rev 3.
By default, I make my keys expire after a year. This is a fail-safe and can be later modified before the expiration to extend the expiration another year. This makes sure the key will self destruct if you ever lose control of it.
You’ll now be asked to add your name and email address. This should be self-explanatory.
Once you have completed your key generation now is the time to generate the key revocation file. If you ever lose control of your key you should immediately upload this file to the public key servers so everyone using your key will know that it has [potentially] been compromised. Once you’ve generated this revocation just keep it somewhere safe. You can even print it out and keep it locked up somewhere. It’s important to do this this ahead of time as you may not be able to do this later. You’ll obviously want to substitute your own keyid for 2CFA0010.
$ gpg --gen-revoke 2CFA0010
sec 3072R/2CFA0010 2014-06-16 Given Surname (Example) <email@example.com>
Create a revocation certificate for this key? (y/N) y Please select the reason for the revocation: 0 = No reason specified 1 = Key has been compromised 2 = Key is superseded 3 = Key is no longer used Q = Cancel (Probably you want to select 1 here) Your decision? 1 Enter an optional description; end it with an empty line: > Reason for revocation: Key has been compromised (No description given) Is this okay? (y/N) y
You need a passphrase to unlock the secret key for user: "Given Surname (Example) <firstname.lastname@example.org>" 3072-bit RSA key, ID 2CFA0010, created 2014-06-16
ASCII armored output forced. Revocation certificate created.
Please move it to a medium which you can hide away; if Mallory gets access to this certificate he can use it to make your key unusable. It is smart to print this certificate and store it away, just in case your media become unreadable. But have some caution: The print system of your machine might store the data and make it available to others! -----BEGIN PGP PUBLIC KEY BLOCK----- Version: GnuPG v1 Comment: A revocation certificate should follow
iQGfBCABAgAJBQJTnwtaAh0CAAoJEE0F5u8s+gAQHMQMANH1JG5gVDnp5NY4o8ji 3j6GljQ9ieY+u3c5q0c08/uSAqGvL9jmPn1QAnikAkIJGy9kNmBJ/uC6pSMcHeCW /vYWMD/cToy63tgLOf4A8GgX2k8ttFe+DpFFSt43zbGVowykZ5AHwKImtyFwVO7M IKQZV21uFcIDl7jb5GkymkpWRZmIrexOyIAQjpyYWQT4BFFnI7kwpYyVbmodkwE/ JaC0d5dMVT9DRLr5FGuGSpzYJEeB14GCjT2EQ1js/Bji2fguFqpzM5z77FdzhS7s SNGgY8bioyjUN3CsyHMfPpkJi9mBDCV4gTxyLlVOdDiSdqA56mzjvrx3tnltfjyN kFJfPDWLqXFNpzX516oOo37b3P92bSEPcIgGeTL58nVUn/BWMsoDlIbwNyjxx7Tq YYXa2T2rbH1JHndOrmAc9X98cNrhs+vppV6SBev2MnvqobT2nqW7hKeNvwIyqunF 79fL9En2p57pQ8vH4EeRhjFSciuZZBpCEv2cMIDQGMFKVQ== =6ljf -----END PGP PUBLIC KEY BLOCK-----
Proper key storage
Generally speaking, your private PGP key is stored on your computer encrypted. It is protected by your normal security measures of your computer and whatever password you set. There is a better way. Use a hardware security module (HSM) like a Yubikey Neo, OpenPGP card, or CryptoStick to protect your private key from disclosure.
Publishing your public key
Now that you have your PGP keys you’ll want to publish your public key to the key servers so others can easily obtain it to validate your signatures.
$ gpg --keyserver hkps://hkps.pool.sks-keyservers.net --send-keys 2CFA0010
You’ll obviously want to substitute your own keyid for 2CFA0010. This command will send your key to the SKS public key servers which will then replicate your key around the world in a few hours.
I run a SKS key server and watch my daily numbers to see how many keys get updated, etc. Being a numbers guy I wondered how many people, like me, update their GPG keys, I specifically update the expiration date and generate new encryption keys annually, at the beginning of the new year. Apparently I’m not alone:
|Time||New Keys||Updated Keys|
Specifically these keys were updated at 1700Z. I’m not sure I have the ability to see which keys were updated but I’d love to know how that happened.