WARNING This is a very rough draft, and not a final product as of 28/10/01. Expect a lot of improvements in the next 10 days or so.

How to get around in PGP, and 51 things to not do

As you can see in the section, PGP can refer to several different programs. Unless otherwise specified, you can assume this document is talking about anything that plays well with the OpenPGP standard

A very brief list of what you should do

There are many guides on how to set up and use PGP. What they don't tell you is what you need to know first. This is a script rather than a than a manual. If you do things in this order, not much can go wrong. Look up the details of how to do these steps in the manual for your software: The GNU Privacy Handbook is the manual for GPG. The www.pgpi.org site has all of the PGP User's Guides.
  1. Install the software
  2. Build (Generate) your personal key (digital ID).
    Make sure your key has an expiration date. If you're new to PGP, make sure that it expires in less than a year.
  3. Use a pass phrase to lock your private key.
    An 8 character password isn't enough, use a sentence.
  4. Back up your public and private key to a floppy.
  5. Generate a revocation certificate in case you loose your passphrase later.
    Store the revocation certificate in a new file on your floppy. Don't add the revocation certificate to your backup keyring, just put it in a new file.
  6. Make another copy of your backup floppy, possibly onto CDrom or compact flash.
  7. Extract an ASCII armored copy of your public key
  8. Put your public key someplace where other people can find it.
    If you're new to pgp, just mail it to people, or put it on a keyserver not many people use. e.g. http://www.tenhand.com/pgp
  9. Have someone (Bob) send you encrypted email & read it.
  10. Get Bob's public key. (from a key server, or ask them to mail it to you)
  11. Encrypt an unimportant mail message with that public key, and send it to Bob.
    Call up Bob on the phone & check that he was able to decrypt your message.
  12. Verify that the key you got is really for the Bob you want to talk to & not someone else with the same name.
    Look up the key fingerprint of the public key for the other person. While you're on the phone with Bob, have him read you his key fingerprint.
  13. Sign Bob's key so other people will know that you trust that key to represent Bob.
    Remember, you're just notarizing the fact that the key is legitimate, not that Bob's a good person.
  14. Sign your documents so people know that you wrote them.
    The real reason for signing your documents is that it forces you to use your PGP passphrase. If you don't use it, you will forget it.
Once you can do all of this, consider the following improvements:
Generate a large key and use it solely to sign all of your other keys. Have people sign the signing key. That way other people only have to keep track of one of your keys. This is good if you change jobs often or have to use PGP on someone else's machine.

PGP history and compatiblity

 PGP is an encryption program designed to provide Pretty Good Privacy to electronic communications. There are plenty of histories of pgp on the Internet, here's a long one , and here's a short one. The important thing to know is that the first versions of PGP played fast & loose with patent & copyright. For a long time the most widespread version of PGP was 2.6, which used two software algorithms (RSA and IDEA) that were not legal for free use in the USA.

People came up with two different solutions to this problem:
PGP.com set up a way to allow legal, private use of PGP distributed by pgp.mit.edu.
A whole bunch of other people started up www.openpgp.org and wrote programs that offered security just like the original PGP, but used different algorithms instead (DH, ElGamal, CAST). As time went on, most people switched to software that doesn't require the patented algorithms. This is important because it means that the older versions of PGP will have difficulty talking to many of the newer versions of PGP.

The other problem with PGP was it has been illegal to export PGP from the US. The Internet ignored this limit, and international versions of PGP have been available from www.pgpi.org. For some time. While they may look different, the international copies function identically to the US version.

51 things NOT to do with PGP

Using PGP properly either takes some studying in advance, or just learning through making a lot of regrettable mistakes. There are lots of sites that provide the background, this just aims to show you the mistakes before you make them.

The mistakes are ordered in the order that an unwitting PGP user is likely to make them. At the end of each line I've left a bolded number from 1 to 5 indicating how paranoid this concern is. 1 is OK if you're trying to use PGP to protect yourself from your grandparents. 5 is black helicopters or Amnesty International territory.

Using the wrong software

The first problem is getting the right software.
  1. Using a different version of PGP from all of your friends. 1
    There are three different flavors of PGP right now. Old versions (2.6) that use RSA and IDA, Open PGP compatible versions that can't talk to 2.6 or the newest PGP.com version, and a few versions that will happily exchange email with everybody. Unless your friends all use 2.6, just download any new version of PGP or GPG, and you should be fine.
  2. Using an insecure version of PGP 2
    Over the last year, People have discovered security bugs in PGP and GPG. Some of the bugs of them are very serious, so you should make sure your software is up to date.
  3. Using a version of PGP at work that you haven't paid for. 2
    If you use PGP at work, you should either buy PGP.com's version, or just use GPG. Anything else is naughty to be using for commercial purposes.
  4. Using a version of PGP provided to you by your company for private transactions. 2
    Most commercial versions of PGP support having a corporate public key automatically included in the list of recipients. This lets the company recover the message if you loose your key. So don't use this for personal email.
  5. Not checking to see if someone has modified your PGP code 4
    Check the signature of the PGP source or binary you downloaded. If you don't have an older version of PGP to check with, find someone who does, and have them check it. This is the reason that some people stick with the often audited PGP 2.6

Mistakes in generating and storing a key

  1. Generating a key on a a machine you don't control. 4
    Don't generate a key on a machine you don't have exclusive control over. Shared servers, machines that have been hacked or machines you don't have the administrator password to are all bad. It's easy for an attacker to interfere with the key making process or capture enough information to figure what the secret information is. It's also good practice to disconnect from any network while generating keys.
  2. Not giving your key an expiration date. 4
    There are good reasons for having your PGP key expire. It reduces the threat of a stolen key or a forgotten password. If you change jobs often, this helps people keep track of where you are.
    When you're starting to use PGP, don't generate any keys that last longer than a year. If you're testing, create keys good only for a week.
  3. Saving the private key to a machine you don't control. 3
    If someone is able to grab the private key, they will be able to read everything ever encrypted to you, as soon as they figure out your pass phrase.
  4. Forgetting to back up your key. 1
    As soon as you've made it, you should back up your key. Especially if you're about to make a revocation certificate.
  5. Forgetting to create a revocation certificate 2
    It's really sad to have a key published throughout the Internet & not be able to turn it off because you forgot your passphrase. Generate the revocation first thing.
  6. Revoking a key by accident 1
    If you haven't made a backup, and you revoke your last copy of the key, you're out of luck. Make the backup first.
  7. Leaving your private key on just one floppy 3
    Floppy disks go bad. Don't loose the only copy of your private key when you sit on that floppy.
  8. Don't store your private keys someplace where you may delete them. 3
    Think about where you're storing the keys. Temp directories, test machines or drives that crash a lot are probably bad choices.
  9. Don't store your private keys on a hard drive 5
    Modern forensic tools make it very easy to search for private keys on a hard drive. For example TCT can find a private key even on a hard drive that has been reformatted and a new OS installed. Store your keys and your plaintext on a ram disk or an encrypted partition.
  10. Don't generate a key that's too small 3
    If you're worried about communications staying safe for many years, you should probably be generating 2048+ bit keys. Some of the key size questions are addressed in http://www.scramdisk.clara.net/pgpfaq.html
  11. Generating a misleading key description 3
    Sometimes you may want to generate a key for a service or something other than yourself. When you do so, be very careful to put an explicit description of the key in the comments. "signs example.com customer billing requests" is a lot better than "example.com web key".

passphrase mistakes

In order to read your PGP mail, an attacker has to have your private key and your passphrase, or a way to break the PGP encryption. If your passphrase is really good and very random, it will be faster for the attacker to try break the encryption. Here are some good ways to get a strong passphrase: The passphrase FAQ, which has some really good examples. An elegant and simple way is to grab some dice and a dictionary, or go to The diceware page which helps automate the process.
  1. Forgetting your passphrase 1
    This is probably the most common PGP mistake. The best defense is to use PGP frequently, so you don't get a chance to forget.
  2. Using a password instead of a pass phrase. 2
    Most people are used to using passwords that are 5-10 characters long. In order to not be the weakest link in the chain, your password needs to be about 30 random letters and numbers. That's a bit much to memorize, so you need to think of a phrase instead of a short word.
  3. Using just dictionary words 3
    Dictionaries are just as simple to search through as characters. I can try all two word phrases in a matter of weeks, and 3 words in months.
  4. Using a common phrase. 4
    There are dictionaries of phrases, and huge numbers of books and movie scripts online. Computers can just grind through until they figure out that "good night moon" is your passphrase.
  5. Using a lingusticly viable phrase 5
    One of the optimizations for searching multiple word phrases is to look for noun verb object instead of verb verb verb.
  6. Forgetting your punctuation. 1
    Don't forget if you're using punctuation or not. Don't be locked out of your key because you can't remember if it was good_night_moon or "goodnightmoon" or "good night moon". Pick a standard and stick with it.

  • Publishing and obtaining keys

    1. Don't publish your private key 1
      Should be obvious, but it's easy to do with some versions of PGP.
    2. Using the wrong keyserver. 2
      There are a surprising number of keyservers out there, but they don't all talk to each other. Here are the best ones to go looking at:
    3. Don't publish your key on a web page. 4
      By default your key contains your email address, which spammers like to pick up off of web pages. Of course it also may let you get a lot more mail from people you do want to talk to.
    4. Don't publish a key unless you're certain you can revoke it. 2
      Remember that you can't remove keys from a keyserver (since anyone can upload your key again),you can only revoke them.
    5. Trusting any key that you receive 2
      Just because you get a PGP key that claims to be from Bill Clinton, doesn't mean that you're talking to an ex President. You need to either trust someone else's judgment , or validate the key yourself . PGP will try to remind you that this key isn't trustworthy until you sign it yourself.
    6. Don't let the PGP software inflict trust on you 4
      By default, PGP and GNU PG may start trusting users if they've been signed by 3 other people you know. You may need to raise this number to a higher default setting.

    Encrypting messages

    Sending mail is interesting, since it doesn't require any secret information from you. You're just dropping mail into drop boxes for other people to retrieve.
    1. Sending encrypted email to someone who doesn't have the key to decrypt it
      If you encrypt a message for Alice and Bob, it's cruel to send that message to Charlie, since he won't be able to read it. Make sure that your email recipients list matches the list of public keys you encrypted this for.
    2. Forgetting to also encrypt messages to yourself. 3
      If you encrypt email to just one person, then nobody else will will be able to read it, including you. If you want your sent mail box to be useful, you should encrypt it to your public key in addition to theirs.
    3. Sending mail encrypted to yourself instead of your recipient. 1
      Strangely, they won't be able to read it. This is really easy to do, especially when you're learning to sign mail.
    4. Sending mail to the wrong key for that user. 1
      This is very common if the recipient has an old key floating around. This is why you should be certain to revoke keys you don't want to use any more and make sure your keys expire.
    5. Sending the unencrypted message instead of the encrypted one 1
      This mostly is a problem when you encrypt a file & attach it to an email. When you're sending email, it's obvious if the message is full of garbage or if it looks like what you typed. Don't hit the send button until you can see the encrypted message and not what you typed. Watch out for Netscape's forward option (it doesn't show you the forwarded text).
    6. Encrypting with the wrong type of key 4
      This is increasingly rare. Some old timers still use the PGP 2.6 software, which can't inter-operate with newer (5,6,7) PGP or GPG software. Either you have to install PGP 2.6, have them upgrade to GPG, or upgrade yourself to a recent version of PGP and install support for IDEA and RSA.

      One way to check if someone is using an older version of PGP is to look at the person's pgp public key in ASCII format. RSA keys are much shorter, and the fingerprint will be shorter as well.

    7. Forgetting to modify PGP settings before sending mail to a 2.6 user 3
      There have been a lot of changes changes between PGP 2.6 and newer versions. Assuming you've installed RSA and IDEA support, you may still need other configuration changes. For GPG the full string of backwards compatibility options is
      gpg --rfc1991 --cipher-algo idea --compress-algo 1 -e --recipient alice secret Note that this requires a file instead of stdin.
      For PGP 5+, you may have to change the compression algorithm, but everything else should work.
    8. Encrypting with the wrong symmetric cipher 5
      If you're fully paranoid, use 3des encryption.

    Decrypting messages

    Decrypting messages is the time that your private information is vulnerabl, both on your machine and on your recipient's machine.
    1. Not having the private key needed to decrypt a message 1
      The opposite of This problem
    2. Decrypting your message while someone is watching 2
      An obvious way to give up your passphrase, but people do it all the time.
    3. Storing the message on a hard drive you don't own 3
      After the effort of encrypting this message, do you really want to store it where someone could get to it? PGP has an option (-m) for just showing things on the screen instead of saving to disk.
    4. Storing the message on a hard drive 4
      See the problem with forensics tools mentioned above.
    5. Decrypting messages on a machine you don't carry with you. 5
      If someone can install a keystroke logger on your machine when you aren't there, your passphrase won't do you much good.

    Signing keys and verifying key signatures

    Ok, we're into advanced PGP use here. Most of the errors here are errors of omission instead of commission. If you need a refresher, here's a less technical intro and here's here's a comparison of X.509 and PGP

    1. Don't Sign keys until you've verified them 2
      It's a very common beginner mistake to sign a key that someone has just mailed them. Usually the beginner does this to make the distracting "this key is not trusted" error messages go away. Since anyone can mail you a key, you shouldn't trust the new key until you've either talked to the key's owner or made a decision based on other people's signatures of the new key
    2. Don't be afraid to trust and verify one high security key. 3
      While PGP is designed as a web of trust, there's no reason you can't put your faith in a Certificate Authority or CA. For example, a company can generate one (large) key and designate it as the signing key. This key can then be used to sign everybody's key, and everybody can set their PGP to trust keys that have been signed by this key. Now everybody who wants to communcate with the company only needs to download a copy of the signing key, instead of trying to walk through the web of signatures between companies.
    3. Not verifing someone's identity before signing their key. 4
      I've seen people sign each other's keys based on a business card. Try to hold out for photo ID, or at least a call through the corporate switchboard.
    4. Not using the right information to verify a key 3
      In order to verify someone else's, you need to check 3 pieces of information: The Key ID, the length of the key, and the key fingerprint. You need all three because it is possible to forge a pgp key . You can get the key fingerprint information in the following ways:
      • PGP 2.6 : pgp -kvc [ userid ]
      • GPG : gpg -kvc [ userid ]
      • PGP 5+ : Click on a Key, then select Key Properties from the Key menu

    Signing files and verifying file signatures

    1. Verifying a file's signature without checking the key
      A signature is only as good as the key that signed it. GPG make checking files quite simple: gpg --keyserver pgp.mit.edu signature.asc
    2. Using the wrong type of signature:
      PGP has 3 different ways of signing a file. Here are some of the ways to avoid:
      • Signing a file and sending it to someone without PGP.
      • Clear-signing a binary file
      • Creating a detached signature file instead of an in-line (clearsigned) signature.
      Each of the signing options has advantages and disadvantages
      1. Default Signing: This encapsulates the file that's being signed and appends a signature to the end of the encapsualation.
        This requires the recipient to have PGP in order to make any sense of the document. Use this when you're encrypting the message, otherwise use one of the other options.
      2. Detached Signatures: This option creates a new file that contains the signature for the file being signed.
        This works well, since people can ignore the signature file if they want to.
      3. Clear Signed: The final choice is to bracket a section of text with the --- tags, and tack on a signature of this area. for example:
        -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1


This is a very short text message that I'm going to clearsign
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (GNU/Linux)
Comment: For info see http://www.gnupg.org

iEYEARECAAYFAjvngeoACgkQZovK3U6KwwqewgCgrRN0GQK+ZIHHAOPpxL4FN4nU
JFYAoMJqRpRZMZ9CVgkDR6uoeNQqX19N
=bKh9
-----END PGP SIGNATURE-----

        This easy to read, but almost all mail programs or web pages will subtly garble this message in a way that invalidates the signature. And clearsigning an executable file will break it. You're usually better off attaching a signed copy of the letter and not clear signing.
    3. Sending people the wrong detached signature
      If you publish software, you may choose to sign all of your software with a detached signature. Please make sure to update the signature when you update the binary. Otherwise people are going to think that the software has been tampered with.
    4. Sending binary signature files
      If you want to email a signature, remember to add ASCII Armoring.

    Deleting files

    This is a topic that is certainly related to PGP. Anyone can use a commercial data recovery program to find a deleted file. The paranoid can worry about problems mentioned In Peter Gutmann's document on secure deletion
    1. Forgetting to delete the original document. 3
      GPG doesn't delete files by default. XXXX insert patch here XXXX PGP 2.6 has the -w option for wiping files.
      PGP 5+ uses XXXXXXX option for deleting files. PGP 5+ also includes pgpwipe, which will wipe your disk clean of all deteted files.
    2. Relying on PGP 2.6's file wiping 5
      PGP 2.6 only performs a single pass when wiping files. More is better.
    3. Your OS may prevent successful file wiping 4
      Look at the the Wipe homepage for a discussion of this type of problem.
    Todo: 
    Keyservers. 
locked memory 
deleting files