PGP Class

What is PGP?

PGP is Pretty Good Privacy, a software program that lets you:
  1. Encrypt (scramble) documents and email so that only your intended recipients can read them.
    Or PGP can encrypt messages so that only you can read them. This encryption is strong enough that it won't be broken by millions of dollars of computers working for a decade.
  2. Signs and seals digital documents in a way that proves that you wrote them, and that they haven't been tampered with.
  3. Deletes files so that they REALLY can't be un-deleted.

How did PGP come to be?

PGP has a convoluted history that has still affects how PGP is used. Read on for details, or skip down to the section on how PGP works

So why isn't PGP on every business person's PC?

There are two not very good reasons for this. The first is tied up in PGP's convoluted history. The second is that PGP has an undeservedly bad reputation for being hard to use.

PGP's history

Believe it or not, most of this is relevant...

Back in 1991, a programmer named Phill Zimmerman was concerned about proposed legislation that would require all encryption products to have a back door for the US government. (The law didn't pass that time, but the legislation re-appears every 8 months.)
To make sure that meaningful privacy through encryption would be available to everyone, Zimmerman wrote PGP 1.0 and had friends distribute it far and wide. Copies got on the Internet, and shortly were to be found all over the world.
Zimmerman used the RSA public key crypto system as published in Scientific American back in 1977. Since then, the RSA algorithm had been patented in the US by a company called PKP (which later turned into the company we know as RSA). RSA threatened to sue Zimmerman for infringing on their patent. Eventually RSA gives up, since Zimmerman is no longer developing or distributing PGP. Later still, the RSA develops a special version of RSA software for non profit use in the USA, and allows MIT to distribute this "US-Blessed" version of PGP.
In the second version of PGP, the problem got still murkier with the addition of the IDEA encryption algorithm, which is patented in many countries.
This Patent fuss confuses people in the US and abroad until 2001 when the RSA patent expired. People outside the US developed free "international" versions, which sometimes didn't include IDEA support. People inside the US could choose the MIT version, or a commercial copy offered by a series of companies.

This Patent furor slowed down integration of PGP into email programs and other desktop software. Eventually, everybody tried to move away from RSA and IDEA, moving to new DH, ElGamal and CAST algorithms. The result was a number of flavors of PGP that may or may not talk to each other. As of 2001, most programs will speak to each other most of the time, and pretty much anything will talk to PGP version 7.

And the US government stepped in
The US government has had a steady policy of prohibiting the export of encryption software, in the belief that it would become impossible to eavesdrop on Iraq or terrorists. Ignoring the fact that the information had been published in Scientific American and that PGP was already to be found around the world, the State department started a grand jury investigation of Zimmerman. Years later they gave up on the case, and late in the Clinton administration, they pretty much gave up on blocking the export of open-source encryption software.

PGP's Usability

PGP does as much as the average Email program, and isn't any harder to figure out. The catch is that PGP is much less forgiving of mistakes. Using an email program 2/3 right means you can read email but not attachments, and you don't know the difference between Reply and Reply All. Using PGP 2/3 right will lock you out of your mail and have you send unencrypted secrets over the Internet, which is worse than not using PGP in the first place. In both cases, people who want to use the program will muddle through. There's just a lot more incentive to use Email than PGP right now.

So why isn't PGP built into products yet?

Because nobody has written a decent freely available API or library for performing PGP functions yet. There are a number of people working to build PGP support into OpenSSL, which will help a lot.

PGP tips and tricks

These tricks are biased towards Gnu Privacy guard, since that's what I use the most:

File wiping (Secure Deletion)

PGP 2.6 originally did a simple run of zeros over the file before deleting. After that, Peter Gutman's paper on Secure Deletion proved that wasn't enough if your attacker has access to a good oscilloscope and a lot of time. ( If you missed it, take a look at his recent paper on extracting information from eeproms, SDRAM and other "ephemeral" sources
Newer versions of PGP have the PGP-Wipe program , which should be fairly self explanatory. PGP-wipe includes the ability to wipe all clear space on your hard drive, which is an excellent idea.
GPG doesn't have file wiping by default, so I've bashed together a patch. It works on Linux & seems to work on OpenBSD with minor effort.

Verifying that open source downloads haven't been tampered with

Download the .asc file into the same directory as your your next kernel or apache build. Usually it will be something like linux-2.4.19.tar.bz2.asc. To verify with gpg, use
gpg --keyserver pgp.mit.edu linux-2.4.19.tar.bz2.asc
With PGP 6+, you can click on the .asc icon and it will prompt you to find the file.

Using PGP with a Certificate Authority

By default, PGP is set up so that your copy of PGP will trust a key if it has been signed by 3 other people you trust. You may have to wait a long time for this to happen. Or you can sign every key yourself, but it takes a while to verify all of these keys. One solution is to delegate the decision making to someone trustworthy & trust all keys introduced by that Authority.

To enable this level of trust in GPG, you need to do the following:

  1. type the command gpg --list-keys --with-colons
  2. Write down the 5th field, which is the long hex string before the date.
  3. Edit your $HOME/.gnupg/options file
  4. Find the line that mentions trusted-key and change it to be the following:
  5. trusted-key 0x7A320683FBF32AD3
    that long hex string after 0x should be the one you wrote down in step 2.
Now all keys signed by the @stake signing key will be trusted as though you had signed them yourself.

For PGP7, you must first sign the signing key yourself. In the signing keys window, there's a button for more choices. Select that, and then click on the button for "Trusted Introducer Exportable". You can choose to add in @stake.com as a restriction, but that causes problems when some people use @atstake.com. Then click OK & type in your passphrase.

Using GPG with old 2.6 keys

Normally GPG can't use keys encrypted with IDEA. But you can download my patch to add back IDEA support . Then look at this FAQ for all the other compatibility options you may need.

Using Keyservers

Keyservers are publicly available databases of people's public keys. Anyone can upload a key onto a keyserver so it's no indication of trustworthiness. Keys can be uploaded via a web form. What makes keyservers wonderful is that if you sign someone's key, you can re-upload the key to a keyserver & the signature will be added to that person's file.

If you want to practice using a keyserver, there's one at http://www.tenhand.com/pgp . Go ahead and practice using it before starting to use pgp.mit.edu

Using PGP as a symmetric key program

Many customers are unable to set up PGP for a variety of reasons. Usually they are the same customers who will ask for an insecure encrypted zip file.
PGP commercial has a spiffy way of creating a self decrypting archive, which is good if the client uses windows and allows .exes through the firewall.

Less good, but easier than explaining public keys is getting the customer to use GPG. You can encrypt the file with gpg -ca filename and mail it to them. Call them & tell them the password.
The customer can get gnupg from the Internet or a PST toolkit 2.0. There's a executable zip file of GPG in the /tools/gnupg directory. If the client is able to unzip that archive into c:\temp , and then can download the attachment into c:\temp (two huge ifs), they can decrypt email typing the following into the Run menu
c:\temp\gpg c:\temp\filename.asc and typing in the password.

This unlikely scenario is going to be improved with the next PST toolkit, since it has a copy of GnuPG that you can run from the CDrom.

How a Keysigning works

This is a great opportunity to watch serious people make complete fools of themselves.

The goal of the exercise is for everyone to be able to match a PGP key to it's owner. Many ways have been tried, and this is the fastest and best of them:

  1. Everybody with a public key should have brought a copy of their PGP fingerprint.
  2. Everybody should bring up a copy of the current @stake PGP keyserver information.
    Ideally we'd have printed that out for each office so that people get hard copy. Shrug.
  3. Each person with a key stands up , says their name and reads out their fingerprint.
  4. Everybody else checks to see if the fingerprint is correct & either downloads the key or makes a note of the keyid.
  5. When everybody has had a chance to chant out hexadecimal, we're done.
  6. Once you're back at your desk, sign the keys you've verified.

PGP in 15 minutes

It's an ambitious goal, and I don't think we're going to make it ....

Why use PGP instead of some other encryption software?

Because almost everything else is either a scam, or not as useful once you start using it routinely.
For example, the following "encryption" password protection can be broken in minutes: MS Word, Access and Money files, password-ed Zip files, Quicken files, and of course NT account passwords. (Take a look at Elcomsoft sometime ) Hardly the way you want to protect mail to customers or your financial records.

Most of the other options are proprietary, so nobody knows for sure if they're good or not. And there isn't a standard, so you have to buy whatever software the other person is using.

PGP is both standard, freely available, and has been periodically examined by some of the best encryption experts in the world.

How does PGP work?

Here's an accurate simplification, starting with a metaphor:
Imagine a drop safe like the one on the side of a bank. On the bottom you have a big door that opens with a key. On the top you have a rotating slot like the top of a post office box. Pretty much anybody can walk by, drop in cash and have it drop into the bottom of the safe. They can be certain that only the owner of the safe (who has the key) can unlock it.
Now imagine that we have a room full of safes. On the top of each safe is a publicly visible name and number . If you look me up, I'll be safe number 123 . So if you then go drop a message into safe number 123 , only I will be able to retrieve it.

Every body who uses PGP creates their own unique digital ID which is called a key pair. This key pair is built from of two large prime numbers which are related to each other by very clever math. One half of the key is called the public key, which is like the safe number in the example above. In order to have people send you encrypted messages, they will need to have a copy of your public key.

The other half is called the private key or the secret key. It's the same as the key the owner uses to unlock the safe. Messages are scrambled with the recipient's public key. Because of the clever math, nothing but the recipient's private key will be able to unscramble the message. Note that this means that the private key has to remain a secret. If you leave that key around, anybody will be able to unlock your mail.

Skip if you only have 15 minutes
Other encryption programs tend to use symmetric key encryption. In that case, your messages are locked with a padlock, and both the sender and the receiver have a key to lock or unlock it. This isn't great, since you have to have a different padlock key for each person you since you exchange messages with. Plus there's the problem of how do you distribute the padlock keys without someone intercepting the key & making a copy. PGP is much easier, since you only have to keep track of one private key, and the entire world can easily use your public key drop box without worrying about interception.

Go look at the cryptography FAQ for a in-depth discussion of RSA and Public Key cryptography.

What version of PGP should I use?

If you're using PGP for commercial purposes in the USA, you will need to buy a copy from www.pgp.com a.k.a NAI or use GnuPG.
Non commercial Mac and Windows users should download version 6 or greater from www.pgpi.org.
People who like free software and the command line should go to www.gnupg.org for Gnu Privacy Guard.

How do I start using PGP ?

If you follow these steps, there's not a lot that can go painfully wrong.
  1. Install the software
  2. Build (Generate) your personal key (digital ID)
    If you're new to PGP, make sure that it expires in less than a month. It's easy to make a new key and hard to force people to stop using an bad one.
  3. Use a pass phrase to lock your private key.
    If someone gets hold of your private key, this passphrase is the only thing protecting your identity and all your past messages. Go to The Passphrase FAQ at http://www.stack.nl/~galactus/remailers/passphrase-faq.html if you want a lot more information on passphrases.
  4. Back up your public and private key to a floppy.
  5. Generate a revocation certificate (in case you lose your passphrase later.)
    Revocation certificates are a way of proving that you don't use this key any more & forcing other people to stop using it.
  6. Store the revocation certificate in a new file on your floppy.
  7. Make another copy of your backup floppy, possibly onto CDrom or compact flash. You might also consider writing down your pass phrase if you can think of a secure enough place to put it. (I never can)
  8. Extract an email ready copy of your public key
  9. Put this copy of your public key someplace where other people can find it.
    If you're new to pgp, just mail it to people. When you're ready, you can put it on a keyserver, an Internet database of public keys.
Ok, you're now ready to start using PGP. You're going to need to practice sending a few messages.
  1. Have someone (Bob) send you encrypted email.
  2. Decrypt the email and read it.
  3. Get your friend Bob's public key. (from a key server, or ask them to mail it to you)
  4. Encrypt an unimportant mail message with that public key, and send it to your friend Bob.
    Call up Bob on the phone & check that he was able to decrypt your message.
Most PGP users stop here, which isn't a great idea if you're trying to protect yourself from technically competent adversaries. Instead you should make a habit of doing the following:
  1. Verify that the "Bob" public key you got is really for the Bob you want to talk to & not someone else with the same name.
  2. Sign Bob's key so other people will know that you trust that key to represent Bob.
    Remember, you're just notarizing the fact that the key is legitimate, not that Bob's a good person.
  3. Sign your documents so people know that you wrote them.
    The real reason for signing your documents is that it forces you to use your PGP passphrase. If you don't use it, you will forget it.

PGP usage, with almost enough detail to be useful

There are many different versions of PGP, and the User Interface tends to change between releases. The PGP.com versions of the software come with a very good manual in .PDF format. Or you can just ask a PGP old-timer.

Generating a PGP key

How generate your own digital ID / key pair.
here's a good quick guide to building a key pair in PGP version 5 or 6.
For PGP version 7, open up the PGP keys application, then type Ctrl-N. You won't see the option for key expiration unless you click on the "Expert" button.
For GPG, type gpg --genkey.

You can go along with most of the default choices you are offered. When it asks you how long the key should be good for, pick some date about 3 months out. If you make mistakes, it's nice to move beyond them quickly. When it asks for a passphrase, you should type in a 4 or 5 word sentence. Effectively, this passphrase is your signature. Go to The Passphrase FAQ if you want a lot more information on passphrases.

Revoking a key

If you lose your private key, it would be nice to be able to force people to stop sending mail with it. You can do this, but only if you've created a key revocation certificate in advance. If you send the key revocation to a keyserver, it will prevent other people from continuing to use that key.

When you want to revoke your key, import the revocation certificate (just like anybody else's public key). This will then modify your keypair. Send the modified public key to the keyserver, and everyone will be able to see that your key has been revoked.
Generating a revocation certificate for GPG is simple: just type gpg -a --gen-revoke username > revoke.asc . Then save the revoke.asc file someplace safe.

For PGP , generating a revocation is actually a big hassle. You have to back up your pgp keyrings, then revoke the key. Then backup the revoked key someplace, then restore your working keys. You can revoke the key by opening up the PGPkeys program and then clicking on the key you want to revoke, then choosing Revoke from the Keys menu. Suggestions for how to make this less painful are very welcome.

Sharing your new public key with the world

When you're starting out, DON'T put your key up on a keyserver.
Instead, export an ASCII (text) version of your public key and mail it to your friends.
In Windows or Mac PGP , you can open up the PGPkeys application, then right click on your key and select copy. Then paste the result into an email you send to your friend.
For GPG it's gpg -a --export yourname@youremail.com

Getting the public key of someone you want to send a message to

The simplest way to start is to have someone else mail you their public key. Failing that, you can look for their key on a public keyserver
Once someone has mailed you a email containing their public key, you have to import it into PGP. Use your mouse to highlight the public key, including the whole section from ----BEGIN to BLOCK---- .You need to include all the "---"es. Copy the highlighted area into your clipboard. Then right click on the icon of your PGP program (on the bottom of your screen), and select "Add key from clipboard". Then select the Import option.
For GPG, type gpg --import , then paste in the public key.

Encrypting a message to someone else

To encrypt a message with PGP 7, first write an email in notepad, Word or your email program's editor. After you've written your mail, highlight the whole thing, and copy it into your clipboard. Then start the PGPTools program, and click on the icon of an envelope with a padlock in front. A file selection window will pop up. Click on the "Clipboard" button in the lower right hand corner. "Encrypt Clipboard". It will then prompt you to select the public key of the recipients. Select the names of all the people you're sending the email to. You should probably also include yourself, so you can decrypt the message yourself if something goes wrong.
Select OK. PGP will then encrypt the clipboard. Go back to your mail program and paste. You should see a bunch of random letters bookended with ----. For example: 
 
-----BEGIN PGP MESSAGE-----
Version: GnuPG v1.0.6 (GNU/Linux)
Comment: For info see http://www.gnupg.org

jA0EAwMClFTVbhHHb2RgyR3IvE5Jk6PtfvsjleAD58fmY3mFslXLiBJW9uCLeg==
=Splm
-----END PGP MESSAGE-----
. If you don't see that, you need to try again. Make sure that you don't still see the unencrypted message. Send the mail when all seems well.
For GPG, type gpg -ear recipient1@example.com -r your-email@yourcompany.com >message.asc and paste in the message. Then you can attach the message.asc file, or paste it into the email. If gpg doesn't do anything after you paste in the email, type CTRL-D.

Decrypting a message

This is the reverse of sending mail. Copy the entire received PGP block, from the ----BEGIN through BLOCK----, and cut it into your clipboard. You can then decrypt by opening up PGPtools, by clicking on the icon of the envelope with an open padlock (Decrypt/Verify), and selecting the "Clipboard" button from the lower left hand corner. You can then paste the reply into notepad or any other word processor.

Why should I bother verifying a key?

Anybody can claim to be Napolean & may give you a PGP key that matches their name. The trick is to be able to separate the real general from the loonies. The way PGP takes care of this problem is by having people sign each other's keys once they've verified each other. This creates a "web of trust", whereby I can safely assume that this really is the dry cleaner if both my brother and my neighbor have signed the dry cleaner's key. You probably don't need to do this if you're just sending mail, but you'd be silly not to verify a key when you're accepting a digital signature on a contract.

How do I verify a key?

Once someone has sent you a key, you need to look up the key fingerprint. There are 3 pieces of data here to verify:
  1. fingerprint, for example AD 23 A1 90 B1 2B AF BA 44 49 16 7E 3D A0 F3 C3
  2. key length, for example 1023 Bits
  3. KeyID, for example D79B4A39
For PGP 7, you can do that by
  1. Opening up PGP keys and selecting your friend's PGP key.
  2. Select Properties from the Keys menu.
  3. Click on the Hexadecimal box on the bottom of the new window
For PGP 2.6 just type pgp -kvc .
For GPG that's gpg --fingerprint --list-keys
Call up your friend and have her read you the fingerprint of her key, while you check it out yourself. If all is well, you can move on to signing your copy of her public key. Many people put their fingerprint on business cards as a way of jump starting this process. All you have to do is know that the face and the key go together. You don't have to worry about if they're a good person or not.

Sooner or later, you're going to receive a public key that's been signed by a couple friends of yours. If you've already signed your friends keys, PGP will automatically trust the newcomer's key.

How do I sign someone else's key?

In PGP 2.6 just type pg -ks user@example.com
For GPG it's gpg --sign-key user@example.com
In PGP 5+, you should open the PGPkeys program, then select the key you want to sign. Go to the Keys menu, then choose Sign. Click on the Allow signature to be exported box. Then click Ok.

Once you've signed someone's key, you should give it back to them, so that they can use your signature as a reference. You can send them a copy of their newly signed public key using the same techniques you used to give them your public key.

What is a keyserver?

A keyserver is a database of people's public keys put up on the Internet to make it simpler to download other people's keys. There really great, except for one thing: There is no way to remove a key from a keyserver. ( But you do get most of that effect by revoking the key ) If you lose your PGP passphrase & have to generate a new key, there are going to be 2 keys on the keyserver, and people are going to have trouble picking the right one. Since you're likely to make some mistakes as you start, don't put your keys on a key server until you're confident.

How to send a key to a keyserver (certificate server) ?

PGP 2.6 doesn't do keyservers. You'll have to do everything by hand using a web interface, for example http://www.tenhand.com/pgp.

GPG does support keyservers, but in an irritating way. It will only ask for or send key ids, not user names. So you have to look up your key id before sending. ( gpg -kc yourname ) Then you can send the key with gpg --keyserver www.tenhand.com --send-keys 0xkeyid . You have to add 0x onto the front of the keyid name.

PGP 5 through 7 make sending keys almost too easy, since they use some very public keyservers by default. ( This is good if you know what you're doing).
To send keys in PGP, Open PGP Keys, click on the public key you want to send, then click on the Server menu and select the server you want to send to on the Send To sub menu.

Getting keys from a keyserver (certificate server)

For PGP 2.6 and GPG, just download the key by hand from the keyserver's web interface. (eg http://pgp.mit.edu or http://www.tenhand.com/pgp. Then you can cut and paste it in as though you got it in the mail.

For PGP 5 through 7, open PGP keys, Click on the Server menu, and then select Search. Choose the server you want to search on, and type in what you want to search for (username, keyid) , then click on Search. To import the keys, drag them onto the PGPkeys main window.

Signing files

By FAR the easiest way to sign a document is to click on the "encrypt & sign" option when you're sending someone else an encrypted document. For PGP 2.6 or GPG, just add -sa to your command line.
The next best option is to save the file you want to sign, and then make a detached signature of that file. You will then need to email the recipient both the original file, and the separate signature file.
For GPG, the syntax is gpg -a --detach-sign [filename]

Wiping files

This is probably the simplest part of PGP. For newer versions of PGP, the PGP-Wipe program should be fairly self explanatory. For PGP 2.6, you can use pgp -w [filename], but it doesn't do a good job of wiping. GPG doesn't wipe files by default, but I've written a Fairly shabby patch to do so.

More reading

If you've got more than 15 minutes, go look at The international PGP home site where you can download a copy of every PGP manual. or PGP for dummies or PGP for absolute beginners or The PGP FAQ or 101 things not to do with PGP or http://www.mccune.cc/PGP.html