path: root/content/blog/2022-07-14-gnupg.md

+++
date = 2022-07-14
title = "GNU Privacy Guard (GPG)"
description = ""
draft = false
+++

# The History of GPG

[GNU Privacy Guard](https://gnupg.org/), also known as GnuPG and GPG, is a free
("free" as in both speech and beer) software that fully implements the OpenPGP
Message Format documented in [RFC 4880](https://www.rfc-editor.org/rfc/rfc4880).

I won't go in-depth on the full history of the software in this post, but it is
important to understand that GPG is not the same as PGP (Pretty Good Privacy),
which is a different implementation of RFC 4880. However, GPG was designed to
interoperate with PGP.

GPG was originally developed in the late 1990s by [Werner
Koch](https://en.wikipedia.org/wiki/Werner_Koch) and has historically been
funded generously by the German government.

Now that we have all the high-level info out of the way, let's dive into the
different aspects of GPG and its uses.

# Encryption Algorithms

GPG supports a wide range of different encryption algorithms, including
public-key, cipher, hash, and compression algorithms. The support for these
algorithms has grown since the adoption of the Libgcrypt library in the 2.x
versions of GPG.

As you will be able to see below in an example of a full key generation with the
GPG command line tool, GPG recommends the following algorithms to new users:

```sh
Please select what kind of key you want:
   (1) RSA and RSA
   (2) DSA and Elgamal
   (3) DSA (sign only)
   (4) RSA (sign only)
   (9) ECC (sign and encrypt) *default*
  (10) ECC (sign only)
```

I am not doing an in-depth explanation here in order to keep the focus on GPG
and not encryption algorithms. If you want a deep dive into cryptography or
encryption algorithms, please read my other posts:

-   [AES Encryption](../aes-encryption/) (2018)
-   [Cryptography Basics](../cryptography-basics/) (2020)

## Vulnerabilities

As of 2022-07-14, there are a few different vulnerabilities associated with GPG
or the libraries it uses:

-   GPG versions 1.0.2--1.2.3 contains a bug where "as soon as one
    (GPG-generated) ElGamal signature of an arbitrary message is released, one
    can recover the signer's private key in less than a second on a PC."
    ([Source](https://www.di.ens.fr/~pnguyen/pub_Ng04.htm))
-   GPG versions prior to 1.4.2.1 contain a false positive signature
    verification bug.
    ([Source](https://lists.gnupg.%20org/pipermail/gnupg-announce/2006q1/000211.html))
-   GPG versions prior to 1.4.2.2 cannot detect injection of unsigned data. (
    [Source](https://lists.gnupg.org/pipermail/gnupg-announce/2006q1/000218.html))
-   Libgcrypt, a library used by GPG, contained a bug which enabled full key
    recovery for RSA-1024 and some RSA-2048 keys. This was resolved in a GPG
    update in 2017. ([Source](https://lwn.net/Articles/727179/))
-   The [ROCA Vulnerability](https://en.wikipedia.org/wiki/ROCA_vulnerability)
    affects RSA keys generated by YubiKey 4 tokens.
    ([Source](https://crocs.fi.%20muni.cz/_media/public/papers/nemec_roca_ccs17_preprint.pdf))
-   The [SigSpoof Attack](https://en.wikipedia.org/wiki/SigSpoof) allows an
    attacker to spoof digital signatures.
    ([Source](https://arstechnica.%20com/information-technology/2018/06/decades-old-pgp-bug-allowed-hackers-to-spoof-just-about-anyones-signature/))
-   Libgcrypt 1.9.0 contains a severe flaw related to a heap buffer overflow,
    fixed in Libgcrypt 1.9.1
    ([Source](https://web.archive.%20org/web/20210221012505/https://www.theregister.com/2021/01/29/severe_libgcrypt_bug/))

### Platforms

Originally developed as a command-line program for \*nix systems, GPG now has a
wealth of front-end applications and libraries available for end-users. However,
the most recommended programs remain the same:

-   [GnuPG](https://gnupg.org) for Linux (depending on distro)
-   [Gpg4win](https://gpg4win.org) for Windows
-   [GPGTools](https://gpgtools.org) for macOS

# Creating a Key Pair

In order to create a GPG key pair, a user would first need to install GPG on
their system. If we're assuming that the user is on Fedora Linux, they would
execute the following:

```sh
sudo dnf install gpg
```

Once installed, a user can create a new key pair with the following command(s):

```sh
gpg --full-generate-key
```

GPG will walk the user through an interactive setup that asks for an algorithm
preference, expiration date, name, and email to associate with this key.

See the following example key set-up for a default key generation using the
GnuPG command-line interface:

```sh
gpg (GnuPG) 2.3.6; Copyright (C) 2021 Free Software Foundation, Inc.
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.

Please select what kind of key you want:
   (1) RSA and RSA
   (2) DSA and Elgamal
   (3) DSA (sign only)
   (4) RSA (sign only)
   (9) ECC (sign and encrypt) *default*
  (10) ECC (sign only)
  (14) Existing key from card
Your selection? 9
Please select which elliptic curve you want:
   (1) Curve 25519 *default*
   (4) NIST P-384
Your selection? 1
Please specify how long the key should be valid.
         0 = key does not expire
      <n>  = key expires in n days
      <n>w = key expires in n weeks
      <n>m = key expires in n months
      <n>y = key expires in n years
Key is valid for? (0) 0
Key does not expire at all
Is this correct? (y/N) y

GnuPG needs to construct a user ID to identify your key.

Real name: John Doe
Email address: johndoe@example.com
Comment: test key
You selected this USER-ID:
    "John Doe (test key) <johndoe@example.com>"

Change (N)ame, (C)omment, (E)mail or (O)kay/(Q)uit? O
We need to generate a lot of random bytes. It is a good idea to perform
some other action (type on the keyboard, move the mouse, utilize the
disks) during the prime generation; this gives the random number
generator a better chance to gain enough entropy.
We need to generate a lot of random bytes. It is a good idea to perform
some other action (type on the keyboard, move the mouse, utilize the
disks) during the prime generation; this gives the random number
generator a better chance to gain enough entropy.
gpg: revocation certificate stored as 'example.rev'
public and secret key created and signed.

pub   ed25519 2022-07-14 [SC]
      E955B7700FFC11EF51C2BA1FE096AACDD4C32E9C
uid                      John Doe (test key) <johndoe@example.com>
sub   cv25519 2022-07-14 [E]
```

Please note that GUI apps may differ slightly from the GPG command-line
interface.

# Common Usage

As noted in RFC 4880, the general functions of OpenPGP are as follows:

-   digital signatures
-   encryption
-   compression
-   Radix-64 conversion
-   key management and certificate services

From this, you can probably gather that the main use of GPG is for encrypting
data and/or signing the data with a key. The purpose of encrypting data with GPG
is to ensure that no one except the intended recipient(s) can access the data.

Let's explore some specific GPG use-cases.

## Email

One of the more popular uses of GPG is to sign and/or encrypt emails. With the
use of a GPG keypair, you can encrypt a message, its subject, and even the
attachments within.

The first process, regarding the signing of a message without any encryption, is
generally used to provide assurance that an email is truly coming from the
sender that the message claims. When I send an email, and it's signed with my
public key, the recipient(s) of the message can verify that the message was
signed with my personal key.

The second process, regarding the actual encryption of the message and its
contents, works by using a combination of the sender's keys and the recipient's
keys. This process may vary slightly by implementation, but it most commonly
uses asymmetric cryptography, also known as public-key cryptography. In this
version of encryption, the sender's private key to sign the message and a
combination of the sender's keys and the recipient's public key to encrypt the
message.

If two people each have their own private keys and exchange their public keys,
they can send encrypted messages back and forth with GPG. This is also possible
with symmetric cryptography, but the process differs since there are no key
pairs.

Implementation of email encryption varies greatly between email clients, so you
will need to reference your email client's documentation to ensure you are
setting it up correctly for that specific client.

## File Encryption

As noted in the section above regarding emails, GPG enables users to be able to
send a message to each other if they are both set-up with GPG keys. In this
example, I am going to show how a user could send a file called
`example_file.txt` to another user via the recipient's email.

The sender would find the file they want to send and execute the following
command:

```sh
gpg --encrypt --output example_file.txt.gpg --recipient \
recipient@example.com example_file.txt
```

Once received, the recipient can decrypt the file with the following command:

```sh
gpg --decrypt --output example_file.txt example_file.txt.gpg
```

## Ownership Signatures

One important aspect of GPG, especially for developers, is the ability to sign
data without encrypting it. For example, developers often sign code changes when
they commit the changes back to a central repository, in order to display
ownership of who made the changes. This allows other users to look at a code
change and determine that the change was valid.

In order to do this using [Git](https://git-scm.com), the developer simply needs
to alter the `git commit` command to include the `-S` flag. Here's an example:

```sh
git commit -S -m "my commit message"
```

As an expansion of the example above, Git users can configure their environment
with a default key to use by adding their GPG signature:

```sh
git config --global user.signingkey XXXXXXXXXXXXXXXX
```

If you're not sure what your signature is, you can find it titled `sig` in the
output of this command:

```sh
gpg --list-signatures
```

## File Integrity

When a person generates a signature for data, they are allowing users the
ability to verify the signature on that data in the future to ensure the data
has not been corrupted. This is most common with software applications hosted on
the internet - developers provide signatures so that users can verify a website
was not hijacked and download links replaced with dangerous software.

In order to verify signed data, a user needs to have:

1.  The signed data
2.  A signature file
3.  The public GPG key of the signer

Once the signer's public key is imported on the user's system, and they have the
data and signature, they can verify the data with the following commands:

```sh
# If the signature is attached to the data
gpg --verify [signature-file]

# If the signature is detached as a separate file from the data
gpg --verify [signature-file] [original-file]
```

### Finding Public Keys

In order to use GPG with others, a user needs to know the other user(s) keys.
This is easy to do if the user knows the other user(s) in person, but may be
hard if the relationship is strictly digital. Luckily, there are a few options.
The first option is to look at a user's web page or social pages if they have
them.

Otherwise, the best option is to use a keyserver, such as:

-   [pgp.mit.edu](https://pgp.mit.edu)
-   [keys.openpgp.org](https://keys.openpgp.org)