Originally at http://www.ip-wars.net/story/2005/1/10/0460/14319
An Overview of GPG
by T. W. Zellers
GPG stands for Gnu Privacy Guard. It is a program from the FSF which allows you to encrypt and verify signed files created by others all without a shared secret which would allow others to impersonate you or get access to your encrypted files.
I am by no means expert at GPG or encryption generally. But I have used it and PGP over the years and the question has come up, so I thought to share what knowledge I have. There are many sources on the web, starting of course with info gpg and The GNU Privacy Handbook, which explains it in much more detail than I can here. I definitely recommend reading through them if you need more than basic operation.
The importance of privacy cannot be overstated. The word does not just connote things hidden, though that is a part of it, but things belonging exclusively to us as well. In other words, property. This forum exists to discuss "intellectual property", and encryption and particularly validation can be used to identify the original owner of a digital work as you can see in various software archives where the signature is stored with the package. Similarly DRM technologies, for good or ill, will be using many of the same features and techniques used in GPG and other encryption packages.
The purpose of encryption is to make something readable only to a select individual or group. The simplest ways of doing this are "codes" which basically mean that parts (possibly all of it in total) are transposed with other unique items. The most common example of this is the daily cryptogram in many newspapers though of course that is too simple and easily broken for practical use. Historically more common have been codebooks where particular words and phrases would be transposed with others and then back again to read the message. The weakness here is that if a lot of traffic is intercepted by a black hat and the topic of the messages discerned, soon he will have enough information to uncover the meaning of most of the codes, just as you can easily solve the daily cryptogram by looking for the most common letters until you see a pattern which lets you discover the rest. Worse, if the black-hat gets a copy of the encoded and decoded message he has *all* the code transubstitutions used in the message.
The next step up and the basis for all modern encryption is called "ciphering". The idea here is that a reversible mathematical or symbolic technique is applied to a message to generate the encrypted message. The common feature about encryption ciphers is that they rely upon a unique key. For classical cyphers the key is the same for encrypting and decrypting the message. The most important feature of a good cypher is that even if black-hats intercept an encrypted message and it's decrypted version it should still be very difficult to impossible to discern the key used to encrypt it; that way having one message compromised does not lead to the likelihood that other encrypted messages will be exposed. The weakness of this scheme is that it depends upon a single key which both the sender and all recipients must share. If any one of the circle of trust reveals the key through misattention or ill intent, all future and any past intercepted encrypted messages are broken.
Despite this weakness, single key (also known as symmetric key) ciphers have been and still are very prevalent. Today's Federal Encryption Standard is called AES and is such a system. It supersedes the earlier DES and triple-DES standards which have fallen out of favor mostly because with modern computer power it is now possible to crack DES. Wikipedia from which much of the background material for this article was pulled, has a lot of historical information for those interested.
In the late 1970's MIT Mathematicians Rivest, Shamir and Adleman published a paper on a new ciphering technique supporting two (or more) independent keys. The scheme came to be known as RSA. The important thing about this technique is that the possessor of either key can decipher a message encrypted this way, and there is no way to discern the encrypting key. New algorithms have since been invented which work similarly. The more commonly known are Diffie-Hellman and ElGamal.
In 1991 Philip Zimmerman released a program called Pretty Good Privacy or PGP. It used RSA to encrypt and decrypt messages and became quite famous. Mr. Zimmerman, in the mid 1990's lived through interesting times, courtesy of the U. S. Government. But despite publishing the source code for PGP and allowing free use, PGP was never an "open source" program by modern definitions. There were some variously open versions released by Mr. Zimmerman's commercial successors but the end result was that in 1999 the FSF released it's own completely free version of those programs, keeping a great deal of command compatibility as GPG, Gnu Privacy Guard.
The uses of that program will be our concern for the rest of this article.
The Software
There are too many variations of installations for me to explain how to install gpg, but it is a largely stand-alone program without a lot of dependencies and should install easily. Very likely it came with your Linux distro. If all else fails, the source tarball can be retrieved and compiled from the source for all info on gpg, http://www.gnugp.org -- which is also where you should go to find something you don't see or don't understand here.
My current version of gpg is 1.2.6; I understand 1.2.7 is out, but it hasn't come out for my distro yet.
For purposes of our discussion we will consider our users adam, bill, and cindy. For demo purposes I have created the users on my machine with their own home directories, and a shared directory for the examples. In real life of course you would generally have your own directory where you would do things and messages would come from ftp, email, snarfed from a message board or wherever.
Getting Started
Now that you have gpg installed the first step is to generate your key. This is the key you will use for your communication. It is important. You will be asked for a pass phrase, which you must remember exactly in the future to access your key. But first you need a secret place to store your key information. You should, under your home directory make the ".gnupg" directory and give it permissions only for yourself (mkdir ~/.gnupg and chmod 700 .gnupg). It is possible to use an alternate directory for gpg configuration and databases by setting the environment variable GNUPGHOME. You can also change things such as using keyrings from elsewhere (e. g. a keyfob or portable disk drive) by setting options in the ${GNUPGHOME}/gpg.conf file. Once again info gpg is your friend, though the options can be overwhelming.
The command to create a key is gpg --gen-key. This gives you a dialogue where you enter your information for this key (entered information is high-lighted:
bash-2.05b$ gpg --gen-key
gpg (GnuPG) 1.2.6; Copyright (C) 2004 Free Software Foundation, Inc.
This program comes with ABSOLUTELY NO WARRANTY.
This is free software, and you are welcome to redistribute it
under certain conditions. See the file COPYING for details.
gpg: keyring `/home/adam/.gnupg/secring.gpg' created
gpg: keyring `/home/adam/.gnupg/pubring.gpg' created
Please select what kind of key you want:
(1) DSA and ElGamal (default)
(2) DSA (sign only)
(4) RSA (sign only)
Your selection? 1
DSA keypair will have 1024 bits.
About to generate a new ELG-E keypair.
minimum keysize is 768 bits
default keysize is 1024 bits
highest suggested keysize is 2048 bits
What keysize do you want? (1024) 1024
Requested keysize is 1024 bits
Please specify how long the key should be valid.
0 = key does not expire
<n> = key expires in n days
<n>w = key expires in n weeks
<n>m = key expires in n months
<n>y = key expires in n years
Key is valid for? (0)
Key does not expire at all
Is this correct (y/n)? y
You need a User-ID to identify your key; the software constructs the user id
from Real Name, Comment and Email Address in this form:
"Heinrich Heine (Der Dichter) <heinrichh@duesseldorf.de>"
Real name: Adam Atavist
Email address: adam@localhost.com
Comment: This is Adam
You selected this USER-ID:
"Adam Atavist (This is Adam) <adam@localhost.com>"
Change (N)ame, (C)omment, (E)mail or (O)kay/(Q)uit? o
You need a Passphrase to protect your secret key.
Enter passphrase: adam's passphrase
Repeat passphrase: adam's passphrase
We need to generate a lot of random bytes. It is a good idea to perform
some other action (type on the keyboard, move the mouse, utilize the
disks) during the prime generation; this gives the random number
generator a better chance to gain enough entropy.
+++++++++++++++.+++++++++++++++.+++++++++(may go on a while and be repeated, lots of +'s and
.'s)
gpg: /home/adam/.gnupg/trustdb.gpg: trustdb created
public and secret key created and signed.
key marked as ultimately trusted.
pub 1024D/2D118A8E 2005-01-09 Adam Atavist (This is Adam) <adam@localhost.com>
Key fingerprint = 855E FBFE A7BB E634 E0AB BBE6 915B 2924 2D11 8A8E
sub 1024g/4B08D37B 2005-01-09
Of course you wouldn't want to use my passphrase or anything so obvious; you want something you can remember exactly but would be unlikely for anyone else to guess. It should be pointed out that this passphrase has nothing to do with encrypting messages directly, but rather the key you just generated is encrypted in your keyring with that passphrase and you will be prompted for it when you do anything which requires it. In other words it makes it impossible for someone to steal your key just by having access to your files. Think of your pass phrase as a lock on your key itself. It is *still* best to protect your keyring and the .gnupg directory with every possible measure.
Managing Keys
Now the whole point of gpg and encryption is communication. So you need a way to save other people's keys. Well naturally gpg has that handled. So if our friend Adam, has been sent Bill's public key, he just types gpg --import bill-pubkey.txt and sees:
gpg: key 2DCA8230: public key "bill blather (bill) <bill@localhost.com>" imported
gpg: Total number processed: 1
gpg: imported: 1
bash-2.05b$
Now of course there may be other people Adam wants to talk to, so he needs to get their public keys. Lot's of places like IPW have places in their user information for users to save their public keys. Another place is on public keyservers which allow people to save their public keys so that others may find them. So our friend adam goes to http://wwwkeys.pgp.net and looks for this guy, tzellers, whom he wants to give a piece of his mind.
After typing in "tzellers" in the search box he gets:
Public Key Server -- Index ``tzellers ''
Type bits/keyID Date User ID
pub 1024/9A0C3602 2002/11/19 Terrence W. Zellers (Me at verizon)
<terrence.zellers@verizon.net>
Key fingerprint = CA78 09A0 7015 3D47 F46B 500A 7DAC 054C 9A0C 3602
Terrence W. Zellers <terrence.w.zellers@pobox.com>
Terrence W. Zellers (updated email) <tzellers@pobox.com>
And clicking on the key ID (9A0C3602) he get's the public key on a page which he cuts and pastes into an editor, from the ----BEGIN PGP PUBLIC KEY BLOCK----- through the -----END PGP PUBLIC KEY BLOCK----- and saves as tzellers-pubkey.txt, which he then imports.
Now of course he realizes he may want others to be able to use gpg to communicate with him, or to verify his messages, so he needs a way to pull his key out of his keyring. This is fairly obvious, the option is --export, but there is a catch: most of the operations in gpg produce binary files but having anticipated this maker's of these programs provided a way to armor the outputs into purely text characters so that they can be passed through programs such as email and web browsers (well, back then it was bulletin boards) which would have a problem with non-ascii characters. The solution is to use the --armor or -a flags to produce pure ascii output which is nonetheless read just as the binaries are. Similarly most output operations will go to the console output which you can capture with shell redirection, but there is also an -o option which will redirect things....
So now Adam wants to list the keys he has:
bash-2.05b$ gpg --list-keys
/home/adam/.gnupg/pubring.gpg
-----------------------------
pub 1024D/2D118A8E 2005-01-09 Adam Atavist (This is Adam) <adam@localhost.com>
sub 1024g/4B08D37B 2005-01-09
pub 1024D/2DCA8230 2005-01-10 bill blather (bill) <bill@localhost.com>
sub 1024g/11AD3215 2005-01-10
pub 1024D/9A0C3602 2002-11-19 Terrence W. Zellers (updated email) <tzellers@pobox.com>
uid Terrence W. Zellers (Me at verizon)
<terrence.zellers@verizon.net>
uid Terrence W. Zellers <terrence.w.zellers@pobox.com>
sub 2048g/AC3825A4 2002-11-19
bash-2.05b$
Now to export, in text mode his own key he would type gpg --export --armor -o adam-pubkey.txt adam and his public key is written to adam-pubkey.txt. This can be verified simply by feeding the file back into gpg:
bash-2.05b$ gpg < adam-pubkey.txt
pub 1024D/2D118A8E 2005-01-09 Adam Atavist (This is Adam) <adam@localhost.com>
sub 1024g/4B08D37B 2005-01-09
bash-2.05b$
As opposed to a file with no valid gpg data:
bash-2.05b$ gpg < junk
gpg: no valid OpenPGP data found.
gpg: processing message failed: eof
bash-2.05b$
Now of course exporting bill's or that annoying tzellers guy's key would be as simple as substituting any distinctive part of their id into the export command. gpg will either stop when it finds the first valid matching part in an id or, more often depending on the operation, pull all matching ids from the keyrings; it is not necessary to type in (as you could, in quotes) "bill blather (bill) <bill@localhost.com>" if "bill" is sufficiently distinctive. In this case if you had typed "ll", then the bill and tzellers keys would be exported. If no particular user id is found, the entire keyring, all public signatures will be exported.
Once he has a good signature file with only his own public signature, he may wish to save it in his user info at his favorite web site, publish it to lists he frequents or save it to a keyserver so others can find it.
Now there is one more basic thing about signatures. You can "sign" a signature in your keyring to denote the level of trust you have in it. In our example we assume Adam knows for sure that the signature came from Bill. For the rest of these examples we'll just presume that people are lazy; in most instances it won't matter, but if you are really involved in something which requires security these kinds of things will matter.
So Adam signs Bill's key (the passphrase would be hidden)....
bash-2.05b$ gpg --edit bill
gpg (GnuPG) 1.2.6; Copyright (C) 2004 Free Software Foundation, Inc.
This program comes with ABSOLUTELY NO WARRANTY.
This is free software, and you are welcome to redistribute it
under certain conditions. See the file COPYING for details.
pub 1024D/2DCA8230 created: 2005-01-10 expires: never trust: -/-
sub 1024g/11AD3215 created: 2005-01-10 expires: never
(1). bill blather (bill) <bill@localhost.com>
Command> lsign
pub 1024D/2DCA8230 created: 2005-01-10 expires: never trust: -/-
Primary key fingerprint: 3256 1B51 81F0 6925 8023 BF0D F6D7 FE6E 2DCA 8230
bill blather (bill) <bill@localhost.com>
How carefully have you verified the key you are about to sign actually belongs
to the person named above? If you don't know what to answer, enter "0".
(0) I will not answer. (default)
(1) I have not checked at all.
(2) I have done casual checking.
(3) I have done very careful checking.
Your selection? (enter '?' for more information): 3
Are you really sure that you want to sign this key
with your key: "Adam Atavist (This is Adam) <adam@localhost.com>" (2D118A8E)
The signature will be marked as non-exportable.
I have checked this key very carefully.
Really sign? yes
You need a passphrase to unlock the secret key for
user: "Adam Atavist (This is Adam) <adam@localhost.com>"
1024-bit DSA key, ID 2D118A8E, created 2005-01-09
Enter passphrase: adam's passphrase
Command> quit
Save changes? y
bash-2.05b$
Actually using GPG
Now we get to the meat of the matter, actually using gpg. So Adam writes something for Bill's eyes only. The "e" in "-ear" means encrypt and could have been --encrypt; the "a" means --armor or to make the output ascii; r means recipient or --recipient, as in this is going to bill. If you leave off the recipient flag gpg will prompt you for the recipient and you can specify multiple recipients as it will continue to prompt until you enter a blank line; in such case gpg will build a merged key and each recipient will be able to independently decipher the message. In these examples /tgpg is just the test directory that everyone can read and write; in practice the files may have been sent by email, left on a server or transmitted by other medium. Note that the ascii armoring is not required if the medium can handle binaries. (No passphrase required here because gpg saved that from prior in the session).
bash-2.05b$ gpg -ear bill -o /tgpg/adam2bill.txt.gpg adam2bill.txt
gpg: checking the trustdb
gpg: checking at depth 0 signed=1 ot(-/q/n/m/f/u)=0/0/0/0/0/1
gpg: checking at depth 1 signed=0 ot(-/q/n/m/f/u)=1/0/0/0/0/0
bash-2.05b$
And the resulting file is totally unintelligible ...
bash-2.05b$ cat /tgpg/adam2bill.txt.gpg
-----BEGIN PGP MESSAGE-----
Version: GnuPG v1.2.6 (GNU/Linux)
hQEOAxqSnTkRrTIVEAQAoAF1qduJ5JOajqD7FbOdZJMayJBOJG7vKQ37QQs80nZ3
zSBSRsq/9wkgRcMdHpSSsnApJuv/wmVteQCDYygM7XuwKKcvZJoKfjAFAUPswvvI
GgkJtwe2d3chWfwvZSlYE4prO3Mn7pum7E5T5OJYBtJwClNi50v6Q6MuY8ALQo0D
/2cO3ynoV3q9D9uV4QJBUTulYWm+ei8Dv5eTfNsGm9U3z52xK4YtrJjRSwoiYTVe
YDYlZkjIWDn7FRIi/XE7ns7ShM60oL6F9NCh83ay2J54IlwDfARldyTS3ZoDBd2H
h/T4N/av+0ZqlhLQJq8y6D+BqmZQWUBN0TDQJdiGkKqp0okBlgSU7rs7V6kH7oC8
mKu0ZQQ+2iDVrBBmH3/TRxtxaa5mwzEQ2Q35bxLoxGsfkNBLZESy8QITmk4Edf2O
dqQGsRLrWyk01rg78/d0rzhAnkk65fRjKQr3G3Nl3sS6tIkUS/Rt31P0gfyp9dw7
QiZrXLIA+NzpopjnaZWgaILdv00ehcuqY65Yvw==
=RkDA
-----END PGP MESSAGE-----
bash-2.05b$
Now Cindy is curious, she sees that file out there so just for kicks she tries to read it and gets nowhere ...
bash-2.05b$ gpg < /tgpg/adam2bill.txt.gpg
gpg: encrypted with 1024-bit ELG-E key, ID 11AD3215, created 2005-01-10
"bill blather (bill) <bill@localhost.com>"
gpg: decryption failed: secret key not available
bash-2.05b$
But Bill can read the message:
bash-2.05b$ gpg < /tgpg/adam2bill.txt.gpg
You need a passphrase to unlock the secret key for
user: "bill blather (bill) <bill@localhost.com>"
1024-bit ELG-E key, ID 11AD3215, created 2005-01-10 (main key ID 2DCA8230)
Enter passphrase: bill's passphrase
gpg: encrypted with 1024-bit ELG-E key, ID 11AD3215, created 2005-01-10
"bill blather (bill) <bill@localhost.com>"
Hi Bill:
I'm going to ask Cindy out. Do you think she's hot?
bash-2.05b$
And Bill replies, but not having signed Adam's key, the dialog is just a little different:
bash-2.05b$ gpg --encrypt --armor --recipient adam -o /tgpg/bill2adam.txt.gpg
bill2adam.txt
gpg: 4B08D37B: There is no indication that this key really belongs to the owner
1024g/4B08D37B 2005-01-09 "Adam Atavist (This is Adam) <adam@localhost.com>"
Primary key fingerprint: 855E FBFE A7BB E634 E0AB BBE6 915B 2924 2D11 8A8E
Subkey fingerprint: 8610 BEA2 D87A F9DB 0A1A 56FA 879B 9FEB 4B08 D37B
It is NOT certain that the key belongs to the person named
in the user ID. If you *really* know what you are doing,
you may answer the next question with yes
Use this key anyway? yes
bash-2.05b$
Which of course Adam has no problem reading and sadly agrees with:
bash-2.05b$ gpg < /tgpg/bill2adam.txt.gpg
You need a passphrase to unlock the secret key for
user: "Adam Atavist (This is Adam) <adam@localhost.com>"
1024-bit ELG-E key, ID 4B08D37B, created 2005-01-09 (main key ID 2D118A8E)
Enter passphrase: adam's passphrase
gpg: encrypted with 1024-bit ELG-E key, ID 4B08D37B, created 2005-01-09
"Adam Atavist (This is Adam) <adam@localhost.com>"
You kidding dude? That hair and her figure.
Get back to the server room, man. Geeks like us
don't belong with babes like that!
Besides the bar's on Grokwars tonight! I know you never
miss a chance to burn that dimbulb.
bash-2.05b$
Meanwhile Cindy has a message of her own to write. She leaves it on the bulletin board at the local Starbuck's and want's anyone who reads it to be sure it came from her. In other words she wants to sign the message.
bash-2.05b$ gpg --clearsign -o /tgpg/cindy.txt.gpg cindy.txt
You need a passphrase to unlock the secret key for
user: "Cindy <cindy@localhost.com>"
1024-bit DSA key, ID ADEC7F08, created 2005-01-10
Enter passphrase: cindy's passphrase
bash-2.05b$
Which of course our heroes will have no trouble verifying once they import Cindy's key:
bash-2.05b$ gpg < /tgpg/cindy.txt.gpg
Hey I'm lonely, frustrated and horny.
They guys around here are a bunch of dorks! I
tried the come-hither with a couple of local
techs named Adam and Bill but they're both
just interested in whether PJ misspelled
incontrovertible in her last article, whatever
that's about.
I'm really looking for someone who can help
me figure out how to get ssh and apache working
on my home computer and maybe explain this
object-oriented programming stuff. Then we
can try some more personal orienting before
bedtime. I love it when a guy mumbles about
parsers in his sleep!
-- Sinful Cindy
gpg: Signature made Sun Jan 9 23:34:55 2005 EST using DSA key ID ADEC7F08
gpg: Good signature from "Cindy <cindy@localhost.com>"
gpg: checking the trustdb
gpg: checking at depth 0 signed=1 ot(-/q/n/m/f/u)=0/0/0/0/0/1
gpg: checking at depth 1 signed=0 ot(-/q/n/m/f/u)=1/0/0/0/0/0
gpg: WARNING: This key is not certified with a trusted signature!
gpg: There is no indication that the signature belongs to the owner.
Primary key fingerprint: 599B AAC0 B39D A9D4 4490 6490 14C7 C492 ADEC 7F08
bash-2.05b$
Of course as left on the bulletin board it was quite readable to their dismay:
bash-2.05b$ cat /tgpg/cindy.txt.gpg
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Hey I'm lonely, frustrated and horny.
They guys around here are a bunch of dorks! I
tried the come-hither with a couple of local
techs named Adam and Bill but they're both
just interested in whether PJ misspelled
incontrovertible in her last article, whatever
that's about.
I'm really looking for someone who can help
me figure out how to get ssh and apache working
on my home computer and maybe explain this
object-oriented programming stuff. Then we
can try some more personal orienting before
bedtime. I love it when a guy mumbles about
parsers in his sleep!
- -- Sinful Cindy
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.6 (GNU/Linux)
iD8DBQFB4gXvFMfEkq3sfwgRAs/UAKC7mUzjhbvXw+KMsh7PVAaEQht1awCgrL8m
Xd5b3+z1nVSM98+1wkNeY34=
=zyZ9
-----END PGP SIGNATURE-----
bash-2.05b$
Conclusion
There is, of course, a great deal more to GPG. I've barely touched upon the deeper uses. There are also some graphical front ends for both dealing with signed and encrypted files and managing the keys. Likewise many modern mailers have interfaces to gpg built in so that signed or encrypted email can be dealt with automatically. In evolution, for instance, signing outgoing email is simply clicking a checkbox in the user's security setting (and answering the passphrase question when sending mail). But hopefully this has given you enough information to pursue it further if you so desire.
----------------------------------------------
Copyright 2005 by Terrence W. Zellers. This article is available for use under terms of the Creative Commons/Attribution-ShareAlike 2.0 license.
|