GNU Privacy Guard

GnuPG or GPG ( GNU Privacy Guard, English for GNU privacy guard ) is a free cryptographic system, that is, it is used to encrypt and decrypt data and for generating and verifying electronic signatures. The program implements the OpenPGP standard RFC 4880 and was developed as a replacement for PGP. Version 2.0 also implement the S / MIME standard. GnuPG uses by default only patent-free algorithms and is distributed under the GNU GPL. It can be run under GNU / Linux, Mac OS X and various other Unix-like systems and Microsoft Windows.

  • 2.1 Offline Master Key

Objectives

GnuPG has set itself the goal of enabling the largest possible group of users, the use of cryptographic methods for confidential transmission of electronic data.

GnuPG supports the following functions:

  • Encryption of data ( eg e- mails ) to transmit confidential information to one or more receivers that can only be decrypted by the recipient again.
  • Generating a signature on the data sent in order to ensure the authenticity and integrity.

Both functions can be combined. In general, the signature is first formed and attached to the data. This package is then encrypted and sent to the receiver. The combination of both in one call only supports GnuPG in that order. When sending e- mails (as PGP / MIME RFC 3156 ), although both variants are possible, but due to limitations of the mail client that is in practice the only possible order; the ability to encrypt an e -mail first and then sprayed with a clear text signature (which then could evaluate eg a virus scanner or spam filter that the actual message can not decrypt ) is not provided. However, one can encrypt files, regardless of the e -mails, attach it to an email and let the e-mail then sign as PGP / MIME.

Established using GnuPG

GnuPG is used by at least the majority of Linux distributions and related systems as part of their package manager to ensure the integrity of the distributed software packages and is therefore included in most installations already. Why is booting from an authentic installation media of such a system a way of GnuPG to start ( free of malware that is ) in a safe environment, for example for the production or use of keys with high security requirements.

Operation

CPC is a public key encryption method, that is, to encrypt messages no secret information is needed. Each GPG user creates a key pair consisting of two parts: the private key and the public key. On the private key, only the owner is allowed to access. Therefore, this is usually protected with a password. This data can be decrypted and signed. The public key is used to encrypt data and to verify signed data. He must each communication partner available who wants to perform these two actions. The data can be, not signed nor decrypted with the public key, so its distribution is also associated with any security risk. The public key can be exchanged with other users over a variety of channels, such as Internet key server. You (or the combination of public key and user ID) should definitely be checked reliably before use to prevent identity manipulations, as registered in public key identity information (usually name and e-mail, possibly even a comment ) forged trivial can be. CPC may only determine whether the data has been signed or encrypted with a particular key. Whether the key itself is trusted, the user has to decide, finally anyone can create a key with the data of other users and upload it to a keyserver. A from an uncertain source ( eg the Internet) loaded key should not be trusted so first. To test, worried of the fingerprint ( hash value ) of the key over a secure channel (eg telephone ) and compares it with the downloaded key locally generated. This is safe because it is not possible to generate a matching key for a given fingerprint. This security depends (and the set of possible keys ) on the strength of the hash function. In version 4 of the OpenPGP key format for the use of the hash function SHA -1 is enshrined, for the present ( 2012) indeed, but not crucial for the imitation of keys second- pre-image attacks are collision attacks possible. Due to the recent determination of the SHA -3 hash function is to be expected with the early start of the development of the next OpenPGP key format.

To encrypt the data, or to sign, are different degrees of keys. Are common currently (2012) 1024 bis 4096 bit strong key, 2048 bit recommended length. GPG currently only used non- patented algorithms to encrypt data with those keys, such as RSA, ElGamal, CAST5, Triple -DES ( 3DES), AES ( Rijndael) and Blowfish.

Offline Master Key

GnuPG supports a security feature of immense importance ( for normal, high-security key ) that goes on, however, the OpenPGP standard, that does not work reliably when such secret key to be imported into another OpenPGP application. For signing and decrypting said master key is generally not required. Its primary task is to manage the own key Component (User IDs and subkeys) and the certification of other keys. These actions fall on comparatively rare, so that you can detach the primary key from the normal system. You can save separately or completely remove it from the system it either with a cryptographically secure passphrase (from about 18 characters [az ] [AZ ] [ 0-9] ( without diacritics ) ) provided and the labor system. The master key is used then only in a safe environment, which makes it largely unassailable. You can then either out of specific incidents or replace regularly every few years the subkey. The advantages of this approach are:

The technical approach is to export the secret key without the master key ( after a backup of the master key! ), Then delete all secret key and then import only the subkey. Unfortunately, these GnuPG function is not yet supported by the GUI, so you have to perform the necessary steps itself in the console. Comfortable, but linked to the problem, check the software or to trust her, is the bash script of a training project.

Web of Trust

Using a Web of Trust ( Web of Trust ) tries PGP / GnuPG to address the problem that one person usually can not assure the authenticity of the keys to all communication partners. Users can sign other keys with their own key and confirm third parties so that they have verified the authenticity of the key. In addition, you can determine how much you trust the signings of the person. This creates the trust network described. If Alice has, for example, confirms with their signature, the authenticity of the key of Bob, Cloey can even trust the authenticity of the key of Bob, even if they could not convince them directly, because it has moved him, for example, from the Internet. Prerequisite for this course is that it knows the key of Alice and her familiar. There are several certification authorities (English certification authority, CA), which determine the authenticity of keys, for example, by personal contact with verifying the identity cards. Free this is offered, for example, by the magazine c't and by CAcert. These organizations interested can personally identifies, for example, computer fairs such as CeBIT and to have their public key.

The web of trust of PGP has been extensively studied by scientists and visualized in detail. It was found that a large part of the users belonging to a subset that is connected by mutual acknowledgments completely with each other, the so-called Strong Set the Web of Trust. Studies have also shown that the c't crypto campaign has made a significant contribution to strengthening the links between the participants.

Another important contribution to the web of trust makes the Debian project that requires digital signatures for the recording of contributions.

Gpg-agent

As the ssh -agent ( OpenSSH ) is used to gpg -agent, which has been an integral part gpg2, among other things, to keep the pass phrase for a configurable period of time in memory, thus eliminating the need to re-enter. Unlike OpenSSH is the gpg-agent but since Version 2 of GnuPG mandatory part of operations include the private key. gpg-agent not only stores the passphrase, but takes all the operations on and with private keys before. The contact to an instance of gpg-agent that does not use the standard socket (several running at once, but that does not usually makes sense ), is made possible by an environment variable. An example: Using the command gpg-agent - daemon thunderbird mail client of Thunderbird is started, with the environment variable GPG_AGENT_INFO. This contains a string like / tmp/gpg-xY9Q7R/S.gpg-agent: 2244:1. This allows the mail program to contact the relevant gpg -agent and his access to the private keys (and their passphrase ) left.

On most Unix-like desktop environments the gpg-agent is equal to at startup. The fact that the startup script from the desktop environment exported this environment variable, all programs have access to it. If gpg-agent is not running ( or not found ), it is gpg, gpgsm and gpgconf start automatically. Access to a running gpg-agent you can get into the console on the program gpg -connect -agent. The server can then communicate through the text-based Aswan protocol.

A major motivation in addition to the convenience and access to SSH was the security of the key. Faulty clients have neither the key nor the passphrase access; the potential damage is limited by.

Test of the E- mail application

To verify that the application works correctly, you can use the Mailbot Adele ( [email protected] ) of GNU Privacy Project. For this one sends an e -mail with your own public key as an attachment to Adele and receives an encrypted using this key mail that contains the public key of Adele as text block in the mail. Now you can import this key in the key management and therefore Own encrypted mail to Adele. Adele's response contains the contents of the currently encrypted message and that the message could be decrypted.

Support by the BMWA

The porting of GnuPG on Windows, the Federal Ministry of Economics and Labour (BMWA ) and the Federal Ministry of the Interior ( BMI) in the framework of the " Internet security" supported (see GNU Privacy Project ), a freely available encryption software available for everyone to provide. Meanwhile, the support has been discontinued.

Frontends

To use GnuPG in different application contexts, many frontends have been created. Here, the following front - types can be distinguished:

  • Frontends that provide the functions of the command-line based program through a graphical interface available, such as the Gnu Privacy Assistant (GPA ), which is provided by the Free Software Foundation as default frontend, Seahorse and KGpg for integration into the desktop environments GNOME or KDE, or WinPT Gpg4win for working under Windows, as well GPGTools for Apple OS X.
  • Mail programs that GnuPG either directly ( such as Evolution, KMail or mutt ) or via a plug-in ( Enigmail for Mozilla's e- mail programs, EudoraGPG for Eudora, gpg4o and GPGol (part of Gpg4win ) for Microsoft Outlook or can integrate GPGMail for Apple Mail ).
  • Chat programs like Gabber, Miranda IM, licq, Kopete, Psi or Gajim, thus partially enable even cross-platform encrypted chats over networks such as ICQ.
  • Server -based front-ends such as GNU Anubis, freenigma or GPGrelay that allow as an SMTP relay server or MTA as a centralized and transparent e -mail encryption.
  • For the web browser Mozilla Firefox, there was an add- on called FireGPG that recognizes and processes on any website GPG blocks, but it is since June 2010, no longer developed or version 0.8.

In addition, there are other interfaces for the use of GnuPG from various scripting languages ​​such as Perl, PHP or Python.

Problem cases

Due to an error in the optimization of the process of digital signature in GPG in 2003 opened up a security hole. This only affected the method for digitally signing messages in the GPG versions 1.02 to 1.2.3. Supposedly to have been listed on the key servers less than 1000 such keys. The use of this procedure was discouraged and only a few people put it on. About damage was not publicly reported. This method is no longer offered as of version 1.2.4. Two other vulnerabilities were discovered in early 2006 - the first had GPG scripts when verifying signatures error of the second kind (false negative ) may result in the second non- MIME messages were vulnerable to the supply of data from as the on rails covered digital signature, but does not actually were. Both vulnerabilities have already been fixed at the time of announcement by new GPG versions.

When generating the key pairs ( master key and a subkey ), the use of RSA is recommended since May 2009 standard and.

SSH support

In version 2 of GPG managing the private key has been swapped into a daemon process ( gpg-agent ). A similar structure ( ssh-agent ) is available from OpenSSH, there, however, optional. Since the RSA signature algorithm is used by both OpenPGP and SSH, the respective keys are in principle interchangeable. It can therefore be used gpg-agent for using a OpenPGP key (which must have the ability not normally used authentication ) establish an SSH connection. This fact opens up two useful options:

270298
de