Privacy Notes: If You Want to Be Safe, Encrypt It Yourself
January 17, 2008
Learn how to protect your e-mail and the files you want to keep private using Pretty Good Privacy (PGP) encryption.
Last fall, I promised to get back to the topic of enhancing your digital security and privacy with PGP or its Free Software derivative, GnuPG. Both use a kind of cryptography referred to as "public-key" or "asymmetric." With PGP or GnuPG, you gain the capability to encrypt or sign data in such a way that decrypting it is impractically difficult for any eavesdroppers, and altering data you've cryptographically signed without being detected is virtually impossible.
We're all used to dealing with some sort of encryption in our everyday net dealings. SSL, for instance, is used to secure Internet traffic between your computer's e-mail or Web client and a remote server. From our perspective as end users, this kind of encryption is a very passive process. We make sure to stick an "s" at the end of "http" when we type in a URL, or we point our e-mail client at port 993 or 995 of an IMAP or POP server when we're setting it up, and then we forget all about it. If the browser shows a little padlock icon somewhere, we decide our information is safe from eavesdroppers on the network.
Though it also uses public-key cryptography, SSL as we experience it in a Web browser is based on a model of authentication that relies heavily on third-parties, referred to as "certification authorities (CAs)," that effectively vouch for the authenticity of a Web site's cryptographic credentials. SSL browsing is transparent to us largely because browser programmers make a few assumptions on our behalf, including how much trust we should place in the CA that signed a Web site's certificate.
GnuPG Cryptography in a Nutshell
Before we jump into making keys and using them, it will help to offer a broad outline of how all the pieces relate to each other in GnuPG's public-key scheme. GnuPG and PGP both use the OpenPGP protocol, so if you become familiar with the GnuPG and later decide you need some of the more advanced features provided by a commercial PGP offering, the concepts you pick up here will still apply.
The math involved in OpenPGP is more than we want to deal with, but the mechanics of daily use are easy to understand, if a little more involved than most of us are used to. In short, here are the basics:
You first create a private key with a password only you know. You should keep this key safe, avoiding letting others have it. For maximum security, some people recommend storing the key on removable media, such as a USB thumbdrive. You should also assign a secure password to your key. Even if someone does get a copy of it, they can't use it without the password.
When you create your private key, GnuPG also generates a public key you distribute to others. Anyone can have a copy of this key without posing any risk to your privacy. Anyone who wants to send you encrypted messages needs to have a copy. It's not uncommon to see people distribute their public keys via their personal Web pages, or through a public key server. The most secure method, however, is to deliver a copy of the public key by hand so people know it definitely came from you and not an impostor who somehow gained control of your server or uploaded a bogus key in your name to a keyserver.
These two keys are called a "keypair." The keypair is used to perform three basic operations:
You can encrypt data with GnuPG that's meant only for you. Nobody can read it without having your private key and knowing the password for it. If you keep the file that represents your private key safe and use a strong password, it will be very hard practically impossible for anyone to decrypt your data.
You can encrypt data with GnuPG that's meant for someone else to decrypt. Each of you will use your individual private keys. If data between the two of you is intercepted, it's useless without access to the recipient's private key and knowledge of its password.
You can sign data. When you sign an e-mail message or a file, it becomes impossible for that file to be altered without GnuPG being able to detect the alteration. Software companies and projects often use GnuPG signing when they distribute updates so their customers and users can be absolutely sure that the software they're receiving is authentic ... not potentially malicious software uploaded to a compromised server.
MacGPG, which provides a GUI for GnuPG, is available as a no-cost download. Its and its underlying software, GNU Privacy Guard, are Free Software provided under the GNU General Public License (GPL), just like Linux and Samba.
We'll save an in-depth tutorial on using Mac GPG for e-mail for later, because covering both how GnuPG works and setting it up for mail would slow us down quite a bit, but you will need MacGPG to get through this week's column.
At the MacGPG site, you'll see a list of files. You should download the following:
- GNU Privacy Guard (make sure to download the version listed for your version of OS X, there are downloads for OS X 10.1, 10.2, 10.3, and 10.4+)
- GPG Keychain Access
You can optionally download these packages, but we won't be doing anything with them this week:
If you want to use GPG to secure e-mail you send using Apple's Mail.app, you'll also want to download GPGMail, but we won't use it until next time, and installing it now will just cause Mail.app to complain that GPG isn't set up yet, so save installation for later.
You can install MacGPG by running the installer found in the "GnuPG Mac OS X" disk image you downloaded. MacGPG itself provides program files that run from the terminal.
You can install the GPG Keychain Access program, which is what you'll be using to generate and manage cryptographic keys, by opening the "GPG Keychain Access" zip archive you downloaded and dragging the app file of the same name into your Applications folder.
Generating a Key with GPG Keychain Access
As I mentioned earlier, the root of GPG is the notion of a "key pair." To encrypt or sign data with GPG, you have to have a public key you share with others and a private key, which has a password only you know. If you want to ensure maximum security and privacy, you should choose that password with the same seriousness you'd choose a password for the administrative or root account on a production server: Avoid words you could find in the dictionary, avoid clever misspellings (like "m1ke" instead of "mike,") and use a mix of letters, numbers and symbols.
Before we can do anything with GPG, we have to have a key pair, and that's where GPG Keychain Access fits in.
|GPG Keychain Access prompts you to create a key if you don't already have one.|
(Click for a larger image)
Go ahead and launch GPG Keychain Access by doubleclicking on its icon once you have it moved into your Applications folder. It will immediately present a warning that you don't have "a private or secret key." It will offer the option to either "Import," "Quit," or "Generate." Click "Generate."
Unless you set it to do otherwise, GPG Keychain Access provides an assistant to generate your keys. When you click "Generate," that assistant will launch. Click "Continue."
Next, it will ask what kind of key you want to generate. The default is "DSA and ElGamal," which allows you to use your key to both encrypt and sign your data. Keep it set to the default and click "Continue."
Next, it asks how large the key should be (in bytes). The default is 1024, which is fine. Click "Continue."
Next, you'll be asked for an Expiration Date. This setting is optional ... though the key won't stop working for purposes of decrypting or verifying data, you won't be able to encrypt or sign with it once it has expired. In sensitive security settings, it's not uncommon for there to be short lifespans for assorted keys and passcodes. In some military units, for instance, radio network signs and countersigns are retired in a matter of days. In less sensitive applications, it may not be as much of an issue. The GNU Privacy Handbook says this:
"There are two reasons why you may choose an expiration date. First, you may intend for the key to have a limited lifetime. For example, it is being used for an event such as a political campaign and will no longer be useful after the campaign is over. Another reason is that if you lose control of the key and do not have a revocation certificate with which to revoke the key, having an expiration date on the master key ensures that the key will eventually fall into disuse."
Once you've decided on an expiration date (or decided to assign none at all,) click "Continue."
Next, you'll be presented with the personally identifying information to be embedded in your key. GPG Keychain Access pre-populates this form with information from your Mac address book:
- your name
- your e-mail address
- a comment
The comment can be used in a number of ways. Some people include a URL where more contact information may be found, or the username or i.d. they wish to associate with their key.
Finally, you need to pick a passphrase. As I noted earlier, it should be a fairly strong one using letters, numbers and symbols, avoiding dictionary words or even variations on dictionary words. If you're at a loss for a good passphrase, the Mac Password Generator is free and offers several ways to generate strong passphrases.
Once you pick the passphrase, you're given one last look at all the settings you picked for your key, and the keypair is generated. GPG Keychain Access will show a list of keys that will include the new key.
Now you've got a GnuPG keypair. You can use them to encrypt data, decrypt data others have sent to you, or sign data in such a way that the signed information can't be altered without detection when checked with GnuPG.
You also need to share your public key with others. The best way to do this using Mac GnuPG is to use the GPG Keychain Access program to export a text version of your public key so you can distribute it to others, either via a printed copy, over a Web page only you can edit, or in whatever way you and the people using your key feel is adequately verifiable.
To get that text version of your public key, click the key you just created in the GPG Keychain Access window, click the "Export" button in the GPG Keychain Access toolbar, and pick a filename to export the public key data to. Open the file it produces and you'll see the ASCII version of your public key. It'll look something like this:
-----BEGIN PGP PUBLIC KEY BLOCK----- Version: GnuPG v1.4.8 (Darwin) mQGiBEdrcboRBAC/LI6bqRQlDCH3k7/08^62GnuPG63^/JLg+16BjwFCBqkMrf ^66GnuPG67^3+hyIZ501^69CAs70^1Z1XrnW2P5tg4T9Ya17fjNVgCGsEks2LO1xF5 0^75GnuPG76GnuPG77^/D7WfUfYgZuTZwHo+IoGDzzhgAee9A3^80GPGFileTool81GnuPG's82^ YQ5B5Y4c6LLq84Oz3^85GnuPG86^/^87GnuPG88^+8vEbIna C/^90GnuPG9192CAs93GnuPG94^/u/RVmFJ+ G+Eg/U8ute/9tYI1T5/^99GnuPG100^++A7JfmVrU9X8b666VyprUdqTnQdwj ^103GnuPG104tg105GnuPG106^/^107GnuPG108GnuPG109GnuPG110GnuPG's111^ 9^112CAs113GnuPG114^/^115GnuPG116OpenPGP117GnuPG118fjNVgCGsEks119^ 3^120GnuPG121GnuPG122^4066FsL/^124GnuPG125GnuPG126^ ^127CAs128CAs129GnuPG130^3G6AhsjBgsJCAcD ^132GnuPG133GnuPG134GnuPG135^1e0MRxKctKQW t1^137GnuPG138GnuPG139GnuPG140GnuPG141GnuPG142GnuPG143CAs144^6 ^145GnuPG146CAs147GnuPG148^6M0uazbMytYackNRpiECeszFzG /w1^150yGxuaSnwCg151^+^152GnuPG153^/4PsWTvPFfCTME7F5B ^155GnuPG156GnuPG157GnuPG158^/XCkEmkTPoDD+/RRQUUfHJHJvsY3r +q8j4^161CAs162GnuPG163GnuPG164^3/VUXCoAxhd60K11^166OpenPGP167^ ^168keyserver169^+9I/N3D7gJQ8C+ODQVGK1QB9^172GnuPG173GnuPG174^4h5gnsx kx/J4q3^177CAs178CAs179GnuPG180GnuPG181^472 ^182GnuPG183GnuPG184^5+^185DgjD186^+m8QWI= =fMWD -----END PGP PUBLIC KEY BLOCK-----
That block of text can be imported into other GnuPG (or PGP) users' keychains so when they exchange data with you in the future, they can verify your identity and encrypt or decrypt data.
All we have now is a keypair. What we're missing is how to use this with e-mail, files whose contents we wish to keep private, or information we wish to distribute in such a way that its recipients can be assured of its authenticity. We also need to learn how to take steps to affirm the connection of our keypair to our identities so that other people who wish to exchange signed or encrypted data with us can be assured that they're really communicating with us and not an imposter. We'll cover all of that in the next installment.
Michael Hall has been using, maintaining, and writing about networks for nearly 15 years. He's the managing editor of Enterprise Networking Planet and he blogs about Internet privacy and security at Open Networks Today.