#+date: <2022-07-14 Thu 00:00:00> #+title: GNU Privacy Guard (GPG): Encryption Techniques and Usage Instructions #+description: Technical manual covering the architecture, cryptographic algorithms, vulnerability considerations, key management, and typical applications of GNU Privacy Guard for secure data and email encryption. #+slug: gnupg #+filetags: :gnupg:gpg:encryption: * The History of GPG [[https://gnupg.org/][GNU Privacy Guard]], also known as GnuPG and GPG, is a free ("free" as in both speech and beer) software that fully implements the OpenPGP Message Format documented in [[https://www.rfc-editor.org/rfc/rfc4880][RFC 4880]]. I won't go in-depth on the full history of the software in this post, but it is important to understand that GPG is not the same as PGP (Pretty Good Privacy), which is a different implementation of RFC 4880. However, GPG was designed to interoperate with PGP. GPG was originally developed in the late 1990s by [[https://en.wikipedia.org/wiki/Werner_Koch][Werner Koch]] and has historically been funded generously by the German government. Now that we have all the high-level info out of the way, let's dive into the different aspects of GPG and its uses. * Encryption Algorithms GPG supports a wide range of different encryption algorithms, including public-key, cipher, hash, and compression algorithms. The support for these algorithms has grown since the adoption of the Libgcrypt library in the 2.x versions of GPG. As you will be able to see below in an example of a full key generation with the GPG command line tool, GPG recommends the following algorithms to new users: #+begin_src sh Please select what kind of key you want: (1) RSA and RSA (2) DSA and Elgamal (3) DSA (sign only) (4) RSA (sign only) (9) ECC (sign and encrypt) *default* (10) ECC (sign only) #+end_src I am not doing an in-depth explanation here in order to keep the focus on GPG and not encryption algorithms. If you want a deep dive into cryptography or encryption algorithms, please read my other posts: - [[../aes-encryption/][AES Encryption]] (2018) - [[../cryptography-basics/][Cryptography Basics]] (2020) ** Vulnerabilities As of 2022-07-14, there are a few different vulnerabilities associated with GPG or the libraries it uses: - GPG versions 1.0.2--1.2.3 contains a bug where "as soon as one (GPG-generated) ElGamal signature of an arbitrary message is released, one can recover the signer's private key in less than a second on a PC." ([[https://www.di.ens.fr/~pnguyen/pub_Ng04.htm][Source]]) - GPG versions prior to 1.4.2.1 contain a false positive signature verification bug. ([[https://lists.gnupg.org/pipermail/gnupg-announce/2006q1/000211.html][Source]]) - GPG versions prior to 1.4.2.2 cannot detect injection of unsigned data. ( [[https://lists.gnupg.org/pipermail/gnupg-announce/2006q1/000218.html][Source]]) - Libgcrypt, a library used by GPG, contained a bug which enabled full key recovery for RSA-1024 and some RSA-2048 keys. This was resolved in a GPG update in 2017. ([[https://lwn.net/Articles/727179/][Source]]) - The [[https://en.wikipedia.org/wiki/ROCA_vulnerability][ROCA Vulnerability]] affects RSA keys generated by YubiKey 4 tokens. ([[https://crocs.fi.muni.cz/_media/public/papers/nemec_roca_ccs17_preprint.pdf][Source]]) - The [[https://en.wikipedia.org/wiki/SigSpoof][SigSpoof Attack]] allows an attacker to spoof digital signatures. ([[https://arstechnica.com/information-technology/2018/06/decades-old-pgp-bug-allowed-hackers-to-spoof-just-about-anyones-signature/][Source]]) - Libgcrypt 1.9.0 contains a severe flaw related to a heap buffer overflow, fixed in Libgcrypt 1.9.1 ([[https://web.archive.org/web/20210221012505/https://www.theregister.com/2021/01/29/severe_libgcrypt_bug/][Source]]) *** Platforms Originally developed as a command-line program for *nix systems, GPG now has a wealth of front-end applications and libraries available for end-users. However, the most recommended programs remain the same: - [[https://gnupg.org][GnuPG]] for Linux (depending on distro) - [[https://gpg4win.org][Gpg4win]] for Windows - [[https://gpgtools.org][GPGTools]] for macOS * Creating a Key Pair In order to create a GPG key pair, a user would first need to install GPG on their system. If we're assuming that the user is on Fedora Linux, they would execute the following: #+begin_src sh sudo dnf install gpg #+end_src Once installed, a user can create a new key pair with the following command(s): #+begin_src sh gpg --full-generate-key #+end_src GPG will walk the user through an interactive setup that asks for an algorithm preference, expiration date, name, and email to associate with this key. See the following example key set-up for a default key generation using the GnuPG command-line interface: #+begin_src sh gpg (GnuPG) 2.3.6; Copyright (C) 2021 Free Software Foundation, Inc. This is free software: you are free to change and redistribute it. There is NO WARRANTY, to the extent permitted by law. Please select what kind of key you want: (1) RSA and RSA (2) DSA and Elgamal (3) DSA (sign only) (4) RSA (sign only) (9) ECC (sign and encrypt) *default* (10) ECC (sign only) (14) Existing key from card Your selection? 9 Please select which elliptic curve you want: (1) Curve 25519 *default* (4) NIST P-384 Your selection? 1 Please specify how long the key should be valid. 0 = key does not expire = key expires in n days w = key expires in n weeks m = key expires in n months y = key expires in n years Key is valid for? (0) 0 Key does not expire at all Is this correct? (y/N) y GnuPG needs to construct a user ID to identify your key. Real name: John Doe Email address: johndoe@example.com Comment: test key You selected this USER-ID: "John Doe (test key) " Change (N)ame, (C)omment, (E)mail or (O)kay/(Q)uit? O We need to generate a lot of random bytes. It is a good idea to perform some other action (type on the keyboard, move the mouse, utilize the disks) during the prime generation; this gives the random number generator a better chance to gain enough entropy. We need to generate a lot of random bytes. It is a good idea to perform some other action (type on the keyboard, move the mouse, utilize the disks) during the prime generation; this gives the random number generator a better chance to gain enough entropy. gpg: revocation certificate stored as 'example.rev' public and secret key created and signed. pub ed25519 2022-07-14 [SC] E955B7700FFC11EF51C2BA1FE096AACDD4C32E9C uid John Doe (test key) sub cv25519 2022-07-14 [E] #+end_src Please note that GUI apps may differ slightly from the GPG command-line interface. * Common Usage As noted in RFC 4880, the general functions of OpenPGP are as follows: - digital signatures - encryption - compression - Radix-64 conversion - key management and certificate services From this, you can probably gather that the main use of GPG is for encrypting data and/or signing the data with a key. The purpose of encrypting data with GPG is to ensure that no one except the intended recipient(s) can access the data. Let's explore some specific GPG use-cases. ** Email One of the more popular uses of GPG is to sign and/or encrypt emails. With the use of a GPG keypair, you can encrypt a message, its subject, and even the attachments within. The first process, regarding the signing of a message without any encryption, is generally used to provide assurance that an email is truly coming from the sender that the message claims. When I send an email, and it's signed with my public key, the recipient(s) of the message can verify that the message was signed with my personal key. The second process, regarding the actual encryption of the message and its contents, works by using a combination of the sender's keys and the recipient's keys. This process may vary slightly by implementation, but it most commonly uses asymmetric cryptography, also known as public-key cryptography. In this version of encryption, the sender's private key to sign the message and a combination of the sender's keys and the recipient's public key to encrypt the message. If two people each have their own private keys and exchange their public keys, they can send encrypted messages back and forth with GPG. This is also possible with symmetric cryptography, but the process differs since there are no key pairs. Implementation of email encryption varies greatly between email clients, so you will need to reference your email client's documentation to ensure you are setting it up correctly for that specific client. ** File Encryption As noted in the section above regarding emails, GPG enables users to be able to send a message to each other if they are both set-up with GPG keys. In this example, I am going to show how a user could send a file called =example_file.txt= to another user via the recipient's email. The sender would find the file they want to send and execute the following command: #+begin_src sh gpg --encrypt --output example_file.txt.gpg --recipient \ recipient@example.com example_file.txt #+end_src Once received, the recipient can decrypt the file with the following command: #+begin_src sh gpg --decrypt --output example_file.txt example_file.txt.gpg #+end_src ** Ownership Signatures One important aspect of GPG, especially for developers, is the ability to sign data without encrypting it. For example, developers often sign code changes when they commit the changes back to a central repository, in order to display ownership of who made the changes. This allows other users to look at a code change and determine that the change was valid. In order to do this using [[https://git-scm.com][Git]], the developer simply needs to alter the =git commit= command to include the =-S= flag. Here's an example: #+begin_src sh git commit -S -m "my commit message" #+end_src As an expansion of the example above, Git users can configure their environment with a default key to use by adding their GPG signature: #+begin_src sh git config --global user.signingkey XXXXXXXXXXXXXXXX #+end_src If you're not sure what your signature is, you can find it titled =sig= in the output of this command: #+begin_src sh gpg --list-signatures #+end_src ** File Integrity When a person generates a signature for data, they are allowing users the ability to verify the signature on that data in the future to ensure the data has not been corrupted. This is most common with software applications hosted on the internet - developers provide signatures so that users can verify a website was not hijacked and download links replaced with dangerous software. In order to verify signed data, a user needs to have: 1. The signed data 2. A signature file 3. The public GPG key of the signer Once the signer's public key is imported on the user's system, and they have the data and signature, they can verify the data with the following commands: #+begin_src sh # If the signature is attached to the data gpg --verify [signature-file] # If the signature is detached as a separate file from the data gpg --verify [signature-file] [original-file] #+end_src *** Finding Public Keys In order to use GPG with others, a user needs to know the other user(s) keys. This is easy to do if the user knows the other user(s) in person, but may be hard if the relationship is strictly digital. Luckily, there are a few options. The first option is to look at a user's web page or social pages if they have them. Otherwise, the best option is to use a keyserver, such as: - [[https://pgp.mit.edu][pgp.mit.edu]] - [[https://keys.openpgp.org][keys.openpgp.org]]