GnuPG is the premier open source public key encryption software. It\u00e2\u20ac\u2122s compatible with Pretty Good Privacy, but has mostly supplanted PGP\u00e2\u20ac\u2122s use by those who care about encryption.<\/p>\n
It includes key management, encryption and digital signature facilities. For those of us with a healthy distrust of government \u00e2\u20ac\u201d you need all of these things.<\/p>\n
Here are the rules<\/p>\n
Debian users can do this:<\/p>\n
$ apt-get install gnupg\n<\/code><\/pre>\nOther distributions\u00e2\u20ac\u00a6 you\u00e2\u20ac\u2122re on your own. Windows users: there are GUI packages<\/a> to do all this command line stuff for you. However, the concepts I\u00e2\u20ac\u2122ll explain will still be of benefit to you, so don\u00e2\u20ac\u2122t give up just because you have a button for every command line switch I\u00e2\u20ac\u2122ll cover.<\/p>\nCreating Your Key Pair<\/h3>\n
The first thing to do is create your key pair. Accept the defaults were you are not sure. Be extremely careful about selecting your passphrase \u00e2\u20ac\u201d it is the weakest link in your encryption system. I suggest a long (40+ characters) sequence of randomly chosen words<\/a>. You will most likely keep this phrase for a long time, so it is worth committing it to memory. Your real name and email are important as well, as they represent the identity you are creating. You can always add and remove identities later, should you wish.<\/p>\n$ gpg --gen-key\ngpg (GnuPG) 1.4.10; Copyright (C) 2008 Free Software Foundation, Inc.\nThis is free software: you are free to change and redistribute it.\nThere is NO WARRANTY, to the extent permitted by law.\n\ngpg: keyring `\/home\/user\/.gnupg\/secring.gpg' created\ngpg: keyring `\/home\/user\/.gnupg\/pubring.gpg' created\nPlease select what kind of key you want:\n (1) RSA and RSA (default)\n (2) DSA and Elgamal\n (3) DSA (sign only)\n (4) RSA (sign only)\nYour selection? \nRSA keys may be between 1024 and 4096 bits long.\nWhat keysize do you want? (2048) \nRequested keysize is 2048 bits\nPlease specify how long the key should be valid.\n 0 = key does not expire\n <n> = key expires in n days\n <n>w = key expires in n weeks\n <n>m = key expires in n months\n <n>y = key expires in n years\nKey is valid for? (0) \nKey does not expire at all\nIs this correct? (y\/N) y\n\nYou need a user ID to identify your key; the software constructs the user ID\nfrom the Real Name, Comment and Email Address in this form:\n "Heinrich Heine (Der Dichter) <heinrichh@duesseldorf.de>"\n\nReal name: Samuel Pepys\nEmail address: samuelpepys@example.com\nComment: \nYou selected this USER-ID:\n "Samuel Pepys <samuelpepys@example.com>"\n\nChange (N)ame, (C)omment, (E)mail or (O)kay\/(Q)uit? o\nYou need a Passphrase to protect your secret key.\n\nPassphrase:\nRepeat passphrase:\n\nWe need to generate a lot of random bytes. It is a good idea to perform\nsome other action (type on the keyboard, move the mouse, utilize the\ndisks) during the prime generation; this gives the random number\ngenerator a better chance to gain enough entropy.\n\nNot enough random bytes available. Please do some other work to give\nthe OS a chance to collect more entropy! (Need 284 more bytes)\n........+++++\n.+++++\nWe need to generate a lot of random bytes. It is a good idea to perform\nsome other action (type on the keyboard, move the mouse, utilize the\ndisks) during the prime generation; this gives the random number\ngenerator a better chance to gain enough entropy.\n.....+++++\n\nNot enough random bytes available. Please do some other work to give\nthe OS a chance to collect more entropy! (Need 55 more bytes)\n.+++++\ngpg: \/home\/user\/.gnupg\/trustdb.gpg: trustdb created\ngpg: key 933F6E71 marked as ultimately trusted\npublic and secret key created and signed.\n\ngpg: checking the trustdb\ngpg: 3 marginal(s) needed, 1 complete(s) needed, PGP trust model\ngpg: depth: 0 valid: 1 signed: 0 trust: 0-, 0q, 0n, 0m, 0f, 1u\npub 2048R\/933F6E71 2011-02-25\n Key fingerprint = 4742 1D26 31FF CB96 891B 9113 41A1 C94B 933F 6E71\nuid Samuel Pepys <samuelpepys@example.com>\nsub 2048R\/1A6FB468 2011-02-25\n<\/code><\/pre>\nIn addition to creating a key pair, GnuPG has also created a secret keyring, a public keyring and a trust database (we\u00e2\u20ac\u2122ll come to this later). Let\u00e2\u20ac\u2122s have a look at them:<\/p>\n
$ gpg --list-keys\n\/home\/user\/.gnupg\/pubring.gpg\n-------------------------------------------------------\npub 2048R\/933F6E71 2011-02-25\nuid Samuel Pepys <samuelpepys@example.com>\nsub 2048R\/1A6FB468 2011-02-25\n\n$ gpg --list-secret-keys\n\/home\/user\/.gnupg\/secring.gpg\n-------------------------------------------------------\nsec 2048R\/933F6E71 2011-02-25\nuid Samuel Pepys <samuelpepys@example.com>\nssb 2048R\/1A6FB468 2011-02-25\n<\/code><\/pre>\nThe \u00e2\u20ac\u0153pub\u00e2\u20ac\u009d and \u00e2\u20ac\u0153sec\u00e2\u20ac\u009d lines are the important ones for us, the \u00e2\u20ac\u0153sub\u00e2\u20ac\u009d and \u00e2\u20ac\u0153ssb\u00e2\u20ac\u009d lines you can forget about. They are subkeys, and their use doesn\u00e2\u20ac\u2122t matter to us. You may add more \u00e2\u20ac\u0153uid\u00e2\u20ac\u009ds in the future if you have more than one email address.<\/p>\n
Initial Configuration<\/h3>\n
Let\u00e2\u20ac\u2122s set some useful defaults and define ourselves as the default encryption key by editing the configuration file `~\/.gnupg\/gpg.conf<\/p>\n
armor\nno-greeting\ndefault-recipient-self\nhidden-encrypt-to 933F6E71\n<\/code><\/pre>\nThe last two lines set yourself as the default recipient if none is given; and add you to any recipient list that is<\/em> given (replace the key ID with your own instead of mine). That means you\u00e2\u20ac\u2122ll always be able to decrypt messages you encrypted (in spite of what I said in the opening section of this document).<\/p>\nInitial Encryption<\/h3>\n
That\u00e2\u20ac\u2122s it \u00e2\u20ac\u201d you can now encrypt a message to yourself.<\/p>\n
$ echo "This text gets encrypted then decrypted" | gpg -e\ngpg: skipped: public key already set as default recipient\n-----BEGIN PGP MESSAGE-----\nVersion: GnuPG v1.4.10 (GNU\/Linux)\n\nhQEMAwAAAAAAAAAAAQgArOdJgISjdkiJ12ypZe3YTqPYgPZssosQkbPmCBRq\/tS4\nbbuL6UI8AtQLLF1zKYWzpdgz2I\/dGiKLuNUYYy+66B0659WD\/NY5dKJUtGaGE1Co\nMV27t7+tXS7gb93rciOGJuNCddRT6zFilQGVjuChXv\/W9Xri5NMLytpbLSyYiss9\nK\/66y3aID0N0haVt3PYwH0zu5aQCrBWznBfegwfEDDx4nfA55LuNREVyg51rFthk\n23cSPWglfmGf\/iDe5wG+s8rBBZdWRHdomWTfWc6rgjboC3OlDUJc47lCkxMOLWLZ\nofaHtnWK4mhRr4oloZyZ7mMbbPbytazkC+SixdHDi9JeAe5v8r+JSYTj7dGwmlSM\nsFsVdtdcyPysoFgoFebA5wiHUIwH+08KiDfuIyTIvWJgLUYofkj6lj\/gk5qGxmNs\ny+xzp\/MSksFq7L8vAi22IkXs4qQBmfcf+kAbJmhLxQ==\n=n0pU\n-----END PGP MESSAGE-----\n<\/code><\/pre>\nThis has come out as printable ASCII because we specified the ASCII \u00e2\u20ac\u0153armor\u00e2\u20ac\u009d option in the configuration file. If we hadn\u00e2\u20ac\u2122t, then this would have been a stream of random binary bytes, that I couldn\u00e2\u20ac\u2122t have shown you in a blog entry. ASCII armor is usually what you want though, hence why we\u00e2\u20ac\u2122ve put it in the config file.<\/p>\n
Now lets decrypt the message as well.<\/p>\n
$ echo "This text gets encrypted then decrypted" | gpg -e | gpg\ngpg: skipped: public key already set as default recipient\ngpg: anonymous recipient; trying secret key 933F6E71 ...\nEnter passphrase: \ngpg: anonymous recipient; trying secret key 1A6FB468 ...\ngpg: okay, we are the anonymous recipient.\ngpg: encrypted with RSA key, ID 00000000\nThis text gets encrypted then decrypted\n<\/code><\/pre>\nThe last line is our plaintext back again just as we would expect.<\/p>\n
Digital Signature<\/h3>\n
Let\u00e2\u20ac\u2122s create a digitally signed message using our new key. I\u00e2\u20ac\u2122ll use the --clearsign<\/code> option so that the message is readable without the use of GnuPG.<\/p>\n$ echo "This is a signed message" | gpg --clearsign\n\nYou need a passphrase to unlock the secret key for\nuser: "Samuel Pepys <samuelpepys@example.com>"\n2048-bit RSA key, ID 933F6E71, created 2011-02-25\n\nEnter passphrase: \n-----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\nThis is a signed message\n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1.4.10 (GNU\/Linux)\n\niQEcBAEBAgAGBQJNZ9sWAAoJEEGhyUuTP25xDBQH\/1eyfcHqBZjf6pdqxhnrv5FU\noM8BQTY5QGq1sDj7jjrOYDlKDgQZofXCPwhlqCRYSWUOe4yA1vfhOq83MiVhyVH5\nSQC10cgbtYCrlTxw6aPBOBjv4qeXZHVrhmd0fooPzv+Lzgo+b7I3cIJ+jsDMk1ow\nvSdqZHhWOwts4HHsHOyqUYXIZvTC30tRWBtJrvJb2YPa42zGwGyMP6T2L5eMz7H1\nJblpgU1efHOZ\/Evvz7aR7E8HPEZmx2bNzmAveN4kiNTmKaM9tQhH2YK3SKoeIgaI\nbEbEfdqiCgqy1nI+a6FYbEGkqH6z+uhh8O21yJNzpU9XMrstGkqvSekH1DlMJps=\n=T6Qp\n-----END PGP SIGNATURE-----\n<\/code><\/pre>\nIgnoring the passphrase request (which is necessary because it is your secret key that is used to create a signature, and so it needs unlocking), you can see a two part message: the plain text of the message followed by a signature block. These together are unfakeably from you. If anyone alters a single byte of this message then the signature will not verify. I\u00e2\u20ac\u2122ll make two copies of this message, then edit one to have an extra full stop at the end of the text.<\/p>\n
$ gpg < good.sig \nThis is a signed message\ngpg: Signature made Fri 25 Feb 2011 16:43:09 GMT using RSA key ID 933F6E71\ngpg: Good signature from "Samuel Pepys <samuelpepys@example.com>"\n$ gpg < bad.sig \nThis is a signed message.\ngpg: Signature made Fri 25 Feb 2011 16:43:09 GMT using RSA key ID 933F6E71\ngpg: BAD signature from "Samuel Pepys <samuelpepys@example.com>"\n<\/code><\/pre>\nA signature leaves the message readable by anyone \u00e2\u20ac\u201d it is not encrypted; but it cannot be tampered with without being noticed. Further, it cannot be made to appear to be from anyone but you. Notice that GnuPG verified the signature like this:<\/p>\n
gpg: Good signature from "Samuel Pepys <samuelpepys@example.com>"\n<\/code><\/pre>\nA message with a good signature is a guarantee (as far as is humanly possible, assuming no coercion) that the owner of the private key really did write that message. Verification relies on you having a trusted copy of the signer\u00e2\u20ac\u2122s public key.<\/p>\n
Public Key Exchange<\/h3>\n
For others to be able to send you encrypted messages, they need a copy of your public key; and only<\/em> your public key. Your secret key should never be given to anyone and your passphrase should remain secret at all times. You get a copy of your public key like this:<\/p>\n$ gpg --export "Samuel Pepys"\n-----BEGIN PGP PUBLIC KEY BLOCK-----\nVersion: GnuPG v1.4.10 (GNU\/Linux)\n\nmQENBE1nzzYBCAC6UwplnYd3DsDNtFSkZPkEqDXqhGvtyq+LfWis5j4yztSOhbn6\nrCbf3THHzACAbFfb8Y5yfoqEGbDGxDcXJSc74H+iUQmFs7V97KdBpYNhWvo0n\/wn\n9\/1vGu1wJGJYQoUWI3w0VyfOqvCKJ\/192p4H2pdZOI0bDfjQOjqqbXb4IjV5ZFeT\nxQld2MGvznI\/vofuYUt3I7tqIo\/FT11oH2NF+ohe9GJINFqHCuIJJLN9OPUdJaqf\nWV8YAgyLWCuiWVh31x80fqLlcLs9dAp9QHYV6xJlkcKiuCWlHzrbT8VBxrSvysYB\nK5mEpN9vUxYZ6WkFWt1PohHAV7Fz\/2ILj\/azABEBAAG0I09udXMgUHJvYmFuZHkg\nPG9wcm9iYW5keUBnbWFpbC5jb20+iQE4BBMBAgAiBQJNZ882AhsDBgsJCAcDAgYV\nCAIJCgsEFgIDAQIeAQIXgAAKCRBBoclLkz9ucbPVCACxG\/jVG6z5DzBk3ui4l8Fi\n1AshxqKoQ9RaubF1EKdRlbjmOgVGNppmv8yQA4RpDMAtF90a54nwlxL7LzNGWPdJ\n3rZ7BMDiaT9qYbEUBzHJppsjpXF9f+WgUFBpSGJOeYAW2osem2GWaf1iZdBIKOaE\nhpLxZBcSdD\/Qd67j+VjNBh8De6wJ3cTdvQvZwhf8tlPjKab68BQNTBgw\/4QW80Ua\nu2WS+lbPbY5evQ8cbTiGgjuVP9WWDwOTAMDHc638hcuQnRo6Y\/5lY+AQGgYkabwG\n5jzAFfyHx0AvksTAHiGu8TUmrlixYhi5YNHP768Xt7L4KoDl8cjyohKuSbx5O1Lk\nuQENBE1nzzYBCADe6HFXStaFd4dlPWsqTEgd4VPLydrmkEksuCUH26rUZP0pvgzv\nVvSSCAmCrud933CIb48BuLdGnpm0BJrOx15OJ3OSqQAh5DrCST1enpskNbH+Z3mQ\nsszNBNEHh6fBIIvr9LUj5+3ciGQxG6W1uTahcarp8Ck\/sA58u0QekuT8Gc1C70Oz\nkxtQ4xJ5FikrtMDRDWiqF9wrMmSNMUe3nr6H2P+ipseIrDSYHPQfejVFKZX5U+rp\nVh9eaa5V0Lhm60kcD8AlOMOIxpzfSd0xeVmCOxnfbh0TPNksPM7NE1Z5\/5OFIelp\n4Kv44+wZVZLDuho4nTzBIBtXItWob10zDYDbABEBAAGJAR8EGAECAAkFAk1nzzYC\nGwwACgkQQaHJS5M\/bnG1kAf+KMM6LN4IwCW2yDEKAV5nVIT99rOLGnr6j\/bzHMI3\n5Xpijrme9y10etIxydDg3ml3m1SyICnw6Qw5EWgYlKKPz\/iewQQP97D2EQqiaTLo\nDJyRxSZsWZTqK7soKXxvRuiGOf3VmhhYLI3o7uoxZUT8edpGafc2mu2YY09ZUxpQ\nIgCP6BiqHrHbX2BK4HBvvJzET9crJIK0xwkM+hLX+9EobfXdDekDxCSdWcopftG6\nkhua\/NVlUWMaGaKE0vzEnAq9BQOovl79Q7X79RVt46zMDviiUWgApIb7KMfiT3EP\nr6PFmjrcgj1e3xGRtQY6Fecb0kvtdHYUIkd0BHPcukY3oQ==\n=73Rn\n-----END PGP PUBLIC KEY BLOCK-----\n<\/code><\/pre>\nHere\u00e2\u20ac\u2122s where our paranoia starts to kick in. We need a way of getting this to our confidant in a way that guarantees it is not tampered with. An attacker could (in theory) intercept this key in transit and replace it with their own. Then when encrypted messages are sent to you, they can be decrypted by the attacker, and reencrypted for you. You might argue that that is highly unlikely, and you are probably right. You should be aware that its possible though.<\/p>\n
Once your confidant has a reliable copy of your public key, things would seem to get easier. He can encrypt his public key and send it to you. I\u00e2\u20ac\u2122m afraid not. Since your public key is just that: public, an attacker can encrypt their public key and pretend it\u00e2\u20ac\u2122s your confidant\u00e2\u20ac\u2122s and pull the same man-in-the-middle attack described in the previous paragraph. So: the same paranoid precautions are necessary to perform a public key swap. Again: you can say that it\u00e2\u20ac\u2122s unlikely this level of paranoia is justified. No problem. That\u00e2\u20ac\u2122s up to you. A good method of doing a key swap is in person, perhaps on USB drives.<\/p>\n
Personally, I was never that<\/em> paranoid, and so emailed it to the people I wanted to have it. That was eight years ago, so I\u00e2\u20ac\u2122m fairly confident everyone has trustworthy keys.<\/p>\nSo; what do you do with your confidant\u00e2\u20ac\u2122s public key once you have it? You add it to your keyring. I\u00e2\u20ac\u2122ll use Eric Raymond\u00e2\u20ac\u2122s<\/a> public key as an example.<\/p>\n$ wget --output-document=esr-public-key.asc http:\/\/www.catb.org\/~esr\/gpg-public-key.asc\n--2011-02-25 16:28:03-- http:\/\/www.catb.org\/~esr\/gpg-public-key.asc\nResolving www.catb.org... 152.46.7.81\nConnecting to www.catb.org|152.46.7.81|:80... connected.\nHTTP request sent, awaiting response... 200 OK\nLength: 2346 (2.3K) [text\/plain]\nSaving to: `esr-public-key.asc'\n\n100%[==============================================================>] 2,346 --.-K\/s in 0.1s \n\n2011-02-25 16:28:04 (20.1 KB\/s) - `esr-public-key.asc' saved [2346\/2346]\n<\/code><\/pre>\nHowever you got it, you should have a small ASCII file containing a public key you want to add to your keyring. It\u00e2\u20ac\u2122s easy to do so:<\/p>\n
$ gpg --import esr-public-key.asc \ngpg: key 8421F11C: public key "Eric S. Raymond <esr@thyrsus.com>" imported\ngpg: Total number processed: 1\ngpg: imported: 1\ngpg: 3 marginal(s) needed, 1 complete(s) needed, PGP trust model\ngpg: depth: 0 valid: 1 signed: 0 trust: 0-, 0q, 0n, 0m, 0f, 1u\n<\/code><\/pre>\nAnd let\u00e2\u20ac\u2122s look at our updated keyring:<\/p>\n
$ gpg --list-keys\n\/home\/user\/.gnupg\/pubring.gpg\n-------------------------------------------------------\npub 2048R\/933F6E71 2011-02-25\nuid Samuel Pepys <samuelpepys@example.com>\nsub 2048R\/1A6FB468 2011-02-25\n\npub 1024D\/8421F11C 1997-10-05\nuid Eric S. Raymond <esr@thyrsus.com>\nsub 2048g\/5E995ED4 1997-10-05\n<\/code><\/pre>\nOur own key, and now an additional key. Note that our secret keyring will be completely untouched; we would anticipate only ever having a single secret key (other than advanced users) \u00e2\u20ac\u201d our own.<\/p>\n
Trust<\/h3>\n
Our keyring is now sufficient to encrypt to our confidant now, and to verify a digital signature from them. Going through the process of physically meeting everyone whose key you need is inconvenient and time-consuming. There is a better way. We make use of what is called, the Web of Trust<\/em>.<\/p>\nGnuPG can sign an arbitrary message, as we saw earlier. It can also sign a public key. Let\u00e2\u20ac\u2122s say that I trust that the key I have for Eric Raymond is really his \u00e2\u20ac\u201d that we physically met, and he showed me a copy of his passport; or perhaps we have been friends since childhood. I have faith that he owns the key he says he owns, and that the matching public key I have came directly from him. Now, say that you don\u00e2\u20ac\u2122t know Eric Raymond, but you do know me \u00e2\u20ac\u201d you trust me as much as I trust him. You trust me enough to vouch for his key. GnuPG can let you apply some of the trust you have in me to him.<\/p>\n
Firstly, I must tell GnuPG that I trust Eric Raymond\u00e2\u20ac\u2122s public key.<\/p>\n
$ gpg --edit Eric\n\npub 1024D\/8421F11C created: 1997-10-05 expires: never usage: SCA \n trust: unknown validity: unknown\nsub 2048g\/5E995ED4 created: 1997-10-05 expires: never usage: E \n[ unknown] (1). Eric S. Raymond <esr@thyrsus.com>\n\ngpg> sign\n\npub 1024D\/8421F11C created: 1997-10-05 expires: never usage: SCA \n trust: unknown validity: unknown\n Primary key fingerprint: 3CE7 64D4 FAFF 5FA8 10B2 03BF ADF5 16D3 8421 F11C\n\n Eric S. Raymond <esr@thyrsus.com>\n\nAre you sure that you want to sign this key with your\nkey "Samuel Pepys <samuelpepys@example.com>" (933F6E71)\n\nReally sign? (y\/N) \n\nYou need a passphrase to unlock the secret key for\nuser: "Samuel Pepys <samuelpepys@example.com>"\n2048-bit RSA key, ID 933F6E71, created 2011-02-25\n\nEnter passphrase: \ngpg> quit\nSave changes? (y\/N) y\n<\/code><\/pre>\nLet\u00e2\u20ac\u2122s look at the signatures on Eric\u00e2\u20ac\u2122s key:<\/p>\n
$ gpg --list-sigs Eric\npub 1024D\/8421F11C 1997-10-05\nuid Eric S. Raymond <esr@thyrsus.com>\nsig 8421F11C 1997-10-05 Eric S. Raymond <esr@thyrsus.com>\nsig B5AF5867 1999-03-09 [User ID not found]\nsig 9EDDB31F 1999-03-10 [User ID not found]\nsig 7DF1849C 1998-08-21 [User ID not found]\nsig E43C5FC3 1998-07-07 [User ID not found]\nsig 0FD14ACD 1998-09-30 [User ID not found]\nsig 087CD151 1998-12-27 [User ID not found]\nsig FF9189D4 1998-09-03 [User ID not found]\nsig 933F6E71 2011-02-25 Samuel Pepys <samuelpepys@example.com>\nsub 2048g\/5E995ED4 1997-10-05\nsig 8421F11C 1997-10-05 Eric S. Raymond <esr@thyrsus.com>\n<\/code><\/pre>\nYou can see that it has been signed by a number of keys that we don\u00e2\u20ac\u2122t have copies of \u00e2\u20ac\u201d only the key IDs are shown; but it is also now signed by me. Remember: that signature from me is unfakeable, and you have a copy of my public key which you trust. If Eric were to send you a copy of this public key (with my unfakeable signature on it), you could safely trust that copy is the same as my copy; and that it is exactly the key that I signed.<\/p>\n
In this way only one of us needs to trust that any given public key hasn\u00e2\u20ac\u2122t been tampered with in order for us both to be able to trust that it hasn\u00e2\u20ac\u2122t been tampered with. Note: this is not saying we extend our personal trust (it doesn\u00e2\u20ac\u2122t mean you will hand over your children), we are saying that we trust that the owner of the key is who the key says it is.<\/p>\n
This question of trust and signatures is a key one to understand: I\u00e2\u20ac\u2122m anonymous, \u00e2\u20ac\u0153Samuel Pepys\u00e2\u20ac\u009d is not my real name. However, you might decide that the method by which I transferred my public key from me to you was secure \u00e2\u20ac\u201d that my key could not have been tampered with on its journey. That might lead you to sign my key. That doesn\u00e2\u20ac\u2122t mean you are saying you trust me personally (how can you, I am anonymous) you are saying that you believe that that key is owned by that identity \u00e2\u20ac\u201d samuelpepys@example.com<\/code>.<\/p>\nExtending Trust<\/h3>\n
Once we can rely on Eric\u00e2\u20ac\u2122s key, we can further rely on his signature to verify other keys. Making it easier again to gain trusted copies of public keys.<\/p>\n
However, what if we don\u00e2\u20ac\u2122t trust Eric? What if you trust me to verify that he owns that particular key, but we think he\u00e2\u20ac\u2122s an incompetent buffoon who will sign any public key sent to him from an any old account, from people he\u00e2\u20ac\u2122s never heard of before?<\/p>\n
$ gpg --update-trustdb\ngpg: 3 marginal(s) needed, 1 complete(s) needed, PGP trust model\ngpg: depth: 0 valid: 1 signed: 1 trust: 0-, 0q, 0n, 0m, 0f, 1u\nNo trust value assigned to:\n1024D\/8421F11C 1997-10-05\n "Eric S. Raymond <esr@thyrsus.com>"\n Primary key fingerprint: 3CE7 64D4 FAFF 5FA8 10B2 03BF ADF5 16D3 8421 F11C\n\nPlease decide how far you trust this user to correctly verify other users' keys\n(by looking at passports, checking fingerprints from different sources, etc.)\n\n 1 = I don't know or won't say\n 2 = I do NOT trust\n 3 = I trust marginally\n 4 = I trust fully\n s = skip this key\n q = quit\n\nYour decision? 2\ngpg: depth: 1 valid: 1 signed: 0 trust: 0-, 0q, 1n, 0m, 0f, 0u\n<\/code><\/pre>\nHaving told GnuPG that I don\u00e2\u20ac\u2122t trust Eric to verify keys, it will never use the presence of his signature on another key to extend trust to that key.<\/p>\n
Extending the question of trusting an anonymous identity like my own that we raised above: you would sign my key (if you believed it was my key) but you would tell GnuPG that you did not trust me to sign other keys. Your web of trust would always stop at me.<\/p>\n
In summary: sign any key you really<\/em>, really<\/em> believe is owned by the identity that claims to own it. By ownership we mean that the same identity has access to the private key. Then use your own judgement to say how much you trust that identity to vouch for other identities.<\/p>\nYou can occasionally run<\/p>\n
$ gpg --update-trustdb\n<\/code><\/pre>\nAnd gpg will ask you to supply levels of trust for any that you haven\u00e2\u20ac\u2122t already specified. Again: this is not<\/em> the level of personal trust, or even trusting that identity it is whether you trust them to acceptably verify another identity. For example: you might create a key pair for your non-techie wife, and trust entirely that the public key you hold is hers. That does not mean that you trust her to be able to use gpg<\/code> to successfully sign another key, so you would set her trust to \u00e2\u20ac\u02dcdo not trust\u00e2\u20ac\u2122. I know it seems rude, but that\u00e2\u20ac\u2122s what the \u00e2\u20ac\u02dcownertrust\u00e2\u20ac\u2122 field means to gpg<\/code>.<\/p>\nMisconceptions<\/h3>\n
It\u00e2\u20ac\u2122s common for people talking about signing other people\u00e2\u20ac\u2122s keys to tell you that what you are signing is that that person is a real person; that you should check passports and drivers licenses, bank statements before signing \u00e2\u20ac\u201d in other words they want it to be a verified way of connecting cyberspace and \u00e2\u20ac\u0153meatspace\u00e2\u20ac\u009d. They are missing the point of keysigning. It\u00e2\u20ac\u2122s job is to show that you are convinced they own<\/em> the identity, not that they are<\/em> the identity.<\/p>\nIt\u00e2\u20ac\u2122s subtle distinction, but important to understand. The thing is: you can\u00e2\u20ac\u2122t trust a passport or a drivers license to prove identity. You are (presumably), like most people, not an expert in spotting forged identity papers. Therefore they prove nothing to you. Let\u00e2\u20ac\u2122s remember the purpose of all this key signing is to provide you with a secure, encrypted path to a particular person. It is not an identity system; it is a proof-of-ownership system.<\/p>\n
Once that ability to communicate in a secure way using encryption, and the ability to ensure messages aren\u00e2\u20ac\u2122t faked; you can build up whatever level of trust you want in the identity you are communicating with, just as you do with every other personal relationship<\/em>.<\/p>\nIn summary then: sign keys if you believe (and remember that your trustworthiness in this adds to the trustworthiness of your key) that that public key\u00e2\u20ac\u2122s private key really is owned by the identity it claims to be owned by.<\/p>\n
Here\u00e2\u20ac\u2122s how it might work in practice:<\/p>\n
\n- Samuel Pepys asks you to sign his public key,
933F6E71<\/code>. You want Samuel Pepys to sign your public key too.<\/li>\n- You both exchange public keys. You can do this using whatever method you wish (including insecure methods, that can leave the copies of the keys compromised).<\/li>\n
- Here\u00e2\u20ac\u2122s the important part: so far all that has been exchanged has been publicly available information. You should now each pick a secret one-time-use phrase (any long sequence of random characters will be fine). Each of you should encrypt your secret for the other and send it. This leaves you each with knowledge of two secrets \u00e2\u20ac\u201d your own, and the other. These are secrets that can only be decrypted by the owner of the key pair.<\/li>\n
- You each generate and print out copies of the public key fingerprints (
gpg --fingerprint<\/code>). Note that the eight digit key ID is actually the last eight digits of the key fingerprint.<\/li>\n- Now you meet. Each of you knows what your own key fingerprint really is, and what you expect the other\u00e2\u20ac\u2122s key fingerprint to be. You simply compare those fingerprints and confirm that they all match. i.e.\u00c2\u00a0Samuel Pepys shows you what he knows his public key fingerprint is, and you check that it matches what you think it is. And vice versa. Similarly, you then verify that the other really does know the one-time-use secret you made up. You can then be sure that they are the genuine owner of the private key.<\/li>\n
- It is important that this is done in person (or, I suppose any other channel you know can\u00e2\u20ac\u2122t be tampered with en route), as you are each verifying that the public key you have for the other is the real public key, rather than a substitute one created by a man-in-the-middle attacker.<\/li>\n
- Assuming everything matches, you can each return home and sign the other\u00e2\u20ac\u2122s public key.<\/li>\n<\/ul>\n
This works because you have been given a fingerprint and email address, in person. The fingerprint verifies that you are both speaking of the same key; and the knowledge of the shared secrets means that the person you meet really is the owner of the private key that matches that public key \u00e2\u20ac\u201d otherwise how would they have decrypted it when you sent it them?<\/p>\n
See the Signing Role Keys and Pseudononymous Keys<\/a> section in the keysigning party howto document for more information.<\/p>\n","protected":false},"excerpt":{"rendered":"GnuPG is the premier open source public key encryption software. It\u00e2\u20ac\u2122s compatible with Pretty Good Privacy, but has mostly supplanted PGP\u00e2\u20ac\u2122s use by those who care about encryption. It includes key management, encryption and digital signature facilities. For those of us with a healthy distrust of government \u00e2\u20ac\u201d you need all of these things. Introduction\u2026 Read More »<\/a><\/span><\/p>\n","protected":false},"author":2,"featured_media":0,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":[],"categories":[1],"tags":[14,6],"_links":{"self":[{"href":"https:\/\/www.fussylogic.co.uk\/blog\/index.php?rest_route=\/wp\/v2\/posts\/275"}],"collection":[{"href":"https:\/\/www.fussylogic.co.uk\/blog\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.fussylogic.co.uk\/blog\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.fussylogic.co.uk\/blog\/index.php?rest_route=\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/www.fussylogic.co.uk\/blog\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=275"}],"version-history":[{"count":4,"href":"https:\/\/www.fussylogic.co.uk\/blog\/index.php?rest_route=\/wp\/v2\/posts\/275\/revisions"}],"predecessor-version":[{"id":594,"href":"https:\/\/www.fussylogic.co.uk\/blog\/index.php?rest_route=\/wp\/v2\/posts\/275\/revisions\/594"}],"wp:attachment":[{"href":"https:\/\/www.fussylogic.co.uk\/blog\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=275"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.fussylogic.co.uk\/blog\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=275"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.fussylogic.co.uk\/blog\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=275"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}