In our last post, we discussed why we built a new PGP key generation. In today’s article, we’ll share a step-by-step guide on how to generate, use and store the PGP keys in a manner which is as secure and resilient as possible.
This guide is inspired by the Glacier Protocol [1], which offers an extensive guideline on how to generate Bitcoin keys from your own source of entropy. The cryptocurrency community developed a suite of technologies and ideas to improve handling cryptographic keys. Our aim is to offer the same functionality and workflow for users of PGP. Though most developers can use this guide stand-alone, we refer to many external sources for further reading for those who are interested.
This guide and the code referred to in it are all open source. The code is straightforward and well-commented to facilitate easy review for flaws or vulnerabilities:
Whilst this guide makes extensive use of GnuPG [2] to showcase the possibilities of the PGP packet library, it can be used in conjunction with any piece of software which works with the OpenPGP spec. We only make use of a small selection of GnuPG’s functionality. If you want to learn more about how to use it, there are a variety of easy [3] and more extensive [4] guides to find online.
Background
Let’s start by assessing whether this guide is right for you. There is no such thing as perfect security. There are only degrees of security, and those degrees come at a cost (in time, money, convenience, etc.) So the first question is: How much security are you willing to invest in? The Glacier protocol offers a comprehensive overview of assumptions of our security model. [5] Even if you don’t follow all of their recommendations for the highly paranoid, you can still have secure keys. And even if you do follow all of their instructions, some attacker might still find a loophole.
This guide was made to overcome two major imperfections when it comes to PGP keys:
-
You need to trust both software and hardware to generate modern keys
-
Creating a secure backup of your keys is still hard.
Important concepts
Cryptographic keys
When using PGP, you can link a key pair to an existing identity (for example, your company or yourself). This key pair consists of a secret key and a public key. The public key may be disseminated to anyone who wishes to validate your identity, whilst the secret key should, well, remain secret and should only be known by its owner.
PGP makes a distinction between “main keys” and “subkeys”. The main key is usually only used for revoking, validating, or extending the validity of subkeys. This gives users a better level of security, as they don’t have to use their main key for day-to-day operations. Our library additionally makes use of a “master key”, from which users can derive main keys and subkeys.
There are many different types of keys (RSA, elliptic curve), and the reason you may want to use one or the other are complex and require an understanding of both their history and the math behind it. Diving into these different key protocols falls outside of the scope of this document, for now it suffices to say this guide uses “ed25519” and “curve25519” keys. [6]
Properties of keys
PGP keys have a number of properties which are useful to understand [7]:
-
Keys can either be a main key or a sub key. A main key is typically only used for validating new sub keys or revoking invalid sub keys. Sub keys are typically used for daily usage when signing or encrypting data.
-
Keys can have four capabilities. Very briefly explained, you can allow a key to be used to:
-
Certify or revoke other keys
-
Sign data
-
Encrypt data
-
Authenticate an identity
-
-
Creation unix timestamp, e.g.: 1511740800 (2017-11-27 23:59:59)
-
Expiry unix timestamp, e.g.: 1511740800 (2017-11-27 23:59:59). This expiry is optional, but will ensure that the key will automatically be inactivated after the expiry date. Expiry of a key can only be adjusted by a main key. [8]
-
User ID, e.g. John Doe <johndoe@summitto.com>
-
Fingerprint, e.g.: 2C90B4D2DA3A98226C0740F3424974E59EC5ABF0
-
Trust value, these are used to indicate the trust and validity of keys and user IDs.
Smart cards
Smart cards are devices which can store your cryptographic keys. This provides an extra level of security, as keys will never leave the smart card, and as you can always carry the smartcard around with you. Although attacks on your privacy are still possible, malware on your laptop won’t easily leak your private key. [9]
Equipment required
You may want to acquire the following equipment in order to generate, use, and store your secure PGP keys, again this also depends on your paranoia level: are you protecting your keys from state actors or just from your average hacker? In the following list, we exclude mentioning auxiliary equipment such as power supplies [10], as they are often sold in conjunction with the following items:
-
A computer (your main device) with an operating system of your choice. Note that this software has only been tested on the latest macOS and Ubuntu. [11]
-
A factory-sealed USB drive.
-
A separate computer which is only used for creating your PGP keys. In this guide we use a Raspberry Pi and sd card with sufficient requirements. [12]
-
A monitor to which you can connect the Raspberry Pi.
-
A smartcard. [13]
-
Casino-grade six-sided dice. Regular dice are insufficient.
Photo by Jonathan Petersson from Unsplash
-
Cryptosteel. There are many variants available, depending on your preferred price and style. [14] You can also build your own!
-
You can also buy various equipment to help you protect against side-channel attacks, which will be further explained in section 4. This includes:
-
Faraday bag. Used to prevent smartphone malware from stealing sensitive data using radio frequencies. [15]
-
Table fan (it’s cheap, a hair dryer works too!). White noise can prevent malware on nearby devices from stealing sensitive data using sound. [16]
-
Preparation
You will need to use the computer to:
-
Change the default security pincodes of your new smartcard.
-
Setup the Raspberry Pi. This is the most vulnerable moment during the setup, as a malicious party could theoretically try to inject malicious code onto the Raspberry Pi. You can follow the steps in this repository: https://github.com/summitto/raspbian_setup.
-
Install software on your main device to use PGP and your smartcard. For example, for usage of a Nitrokey Start on Ubuntu 18.04.4 LTS you’ll need GnuPG, and the utility scdaemon.
You should also take some time to block against side channels:
-
Side-channel attacks are a form of electronic threat based on the physical nature of computing hardware (as opposed to algorithms or their software implementations). Side channel attacks are rare, but many exist [17] and it is prudent to take the time to protect against them. Here are just a couple of examples:
1. Visual side channel
-
Ensure that no humans or cameras (e.g. home security cameras, which can be hacked) have visual line-of-sight to your devices.
-
Close doors and window shades.
2. Acoustic side channel
-
Choose a room where sound will not travel easily outside.
-
Shut down nearby devices with microphones (e.g. smartphones and other laptops).
-
Plug in and turn on a table fan to generate white noise.[18]
3. Power side channel
-
Unplug your main device from the wall.
-
Run it only on battery power throughout this protocol.
-
Make sure it is fully charged first! If you run out of battery, you’ll need to start over.
4. Radio [19] and other side channels including seismic [20], thermal [21], and magnetic [22].
-
Turn off all other computers and smartphones in the room.
-
Put portable computing devices in the Faraday bag and seal the bag.
-
Unplug desktop computers.
-
Next, you can start generating your PGP keys! Follow the instructions on: https://github.com/summitto/pgp-key-generation
Sources
[1] https://glacierprotocol.org/
[3] https://theprivacyguide.org/tutorials/gpg.html
[4] https://www.gnupg.org/documentation/guides.html
[5] https://glacierprotocol.org/docs/overview/attack-surface/
[6] Not all software supports these modern keys
[7] For more information, see the spec: https://tools.ietf.org/html/rfc4880
[8] To read more about the limits of expiry, please read: https://security.stackexchange.com/questions/14718/does-openpgp-key-expiration-add-to-security
[9] For a more detailed analysis of the security and risks of smart cards, see: https://www.schneier.com/academic/paperfiles/paper-smart-card-threats.pdf
[10] https://arxiv.org/abs/2005.00395 POWER-SUPPLaY: Leaking Data from Air-Gapped Systems by Turning the Power-Supplies Into Speakers
[11] see https://github.com/summitto/pgp-key-generation/blob/master/.github/workflows/ci.yml
[12] https://www.raspberrypi.org/documentation/installation/sd-cards.md
[13] For example: https://www.yubico.com/products/yubikey-hardware/ - [https://shop.nitrokey.com/shop][]
[14] http://bulletproofbitcoin.com/
[15] https://www.usenix.org/legacy/event/sec09/tech/full_papers/vuagnoux.pdf
[16] https://www.wired.com/2016/06/clever-attack-uses-sound-computers-fan-steal-data/
[17] A non-exhaustive list can be found here: https://diyhpl.us/~bryan/papers2/security/sidechannels.txt
[18] Even used by Julian Assange to prevent high-powered microphones from listening in. We’re sure he has been creating a PGP key or two as well under similar conditions. https://www.wsj.com/articles/julian-assanges-trajectory-from-internet-warrior-to-embassy-exile-to-jailed-suspect-11555017287
[20] https://www.cc.gatech.edu/fac/traynor/papers/traynor-ccs11.pdf