Types of Encryption 289 Caution: If you implement PGP improperly, it can provide little or no protection at all. You can also irrevocably lose your data if you are not careful with your decryption keys (see the sidebar "Don’t Lose Your Keys!!"). PGP is considered a hybrid cryptosystem , which means that it uses a combination of symmetric and asymmetric encryption to accomplish its function. Public key encryp- tion takes a lot more processing power than shared secret encryption because public key encryption typically uses complex math involving prime numbers. PGP uses only public key encryption to create a session key, which is then used to encrypt the whole message using traditional symmetric cryptography. Most public key cryptosystems use this method to improve performance. Rather than type in your whole private key each time you use PGP, which would take quite some time and be very prone to error, your private key is stored on your hard drive in encrypted form. To unlock your key, you type in a pass-phrase each time you use PGP. This is like a password, only generally it is longer and made up of several words, prefera- bly with numbers and letters. This pass-phrase is very important to remember, because if you ever lose or forget it, you won’t be able to recover the data you encrypted with PGP. Installing PGP and Generating Your Public/Private Key Pair 1. First, download the PGP program file from the Web site. 2. Click on this self-extracting zip file, and it will automatically begin the installation process. 3. You have the option of purchasing a full license or evaluating the product. Click on Purchase Now if you want to get a full version, authorized for commercial use. Otherwise click on Later to use the freeware version. 4. The install program then guides you through the process of generating your public/ private key pair. This process is very important as it is the heart of the protection that PGP provides. 5. The program prompts you for your name, organization, and e-mail address. You don’t have to enter an e-mail address, but if you don’t, your public key won’t be associated with your e-mail address on the key server, and it may be hard for someone who is trying to send you a PGP-encrypted message to find your public key if they don’t already have it. 6. Next, the program asks for your pass-phrase. This is what allows you to use the keys on your disk. Do not enter a normal pass- word here such as single word or set of letters. This will seriously degrade the security of your keys. Use a series of words, with a combination of letters and numbers. This will make it easier to remember, but make sure you use something complex. A good example of a complex pass-phrase with numbers, uppercase and lower case letters, and symbols is one+one=Two . Note: Do not use this example, and no…that is not my personal pass-phrase. After you enter your pass-phrase, the rest of the program will load, and the installation will be complete. Howlett_CH09.fm Page 289 Thursday, June 24, 2004 11:12 PM 290 Chapter 9 • Encryption Tools If you want to delete PGP from your computer, you must use the uninstaller function provided. Simply removing the files will not work properly as PGP makes significant changes to your registry and other core windows settings. Flamey the Tech Tip: Don’t Lose Your Keys!! Losing your keys for PGP is kind of like losing your house keys or car keys, except it’s a whole lot worse. Imagine if, when you lost your physical keys, your car or house was forever inaccessible. Well, that’s exactly what will happen to your encrypted data if you lose your private key. And because your private key is usually encrypted on your disk using your pass-phrase, losing your pass-phrase has the same effect. Make sure you back up the private key folder on your computer (you do regu- lar backups of your data, right?). If you have a problem remembering passwords, write down your pass-phrase and store it somewhere safe (this would not be on a sticky note taped to your monitor). Remember, if you lose one of these two items, your data will be gone forever; not even the NSA can recover it. Sound extreme? If it were easy to recover your data, then it would be easy for an outsider to do the same. So, mind your Ps (pass-phrases) and Ks (keys). Using PGP You access PGP from your Programs menu under Start. There are several available options, including PGPMail and the documentation. The PGP freeware version has great documentation, including a 70-plus page introduction to cryptography. It is a good primer for those new to cryptography. PGP also has a huge user’s guide. When you start PGPMail, a small tool bar displays on your screen. This can be mini- mized to a small icon on your system tray when you are not using it. This simple interface offers your several options: PGPKeys, Encrypt, Sign, Encrypt and Sign, Decrypt/Verify, Wipe, and FreeSpace wipe. The specific functions of each item are covered next. PGPKeys You use the PGPKeys section to manage both your own public and private keys and the public keys of others you wish to communicate with (see Figure 9.4). The PGP program creates two directories for keys on your disk. These directories are called key rings , as they contain all the keys that you need to use PGP, both public and private. The file pubring found in your main PGP directory contains your public key as well as others of people you want to send encrypted files to. The file secring contains your private key, usually in encrypted format. It normally contains only one private key, but you can maintain more than one private key. For example, you can have one for your business e-mail and another for your private correspondence. Just remember, items encrypted with Howlett_CH09.fm Page 290 Thursday, June 24, 2004 11:12 PM Types of Encryption 291 a specific public key are not decryptable with anything other than that specific matching private key. You can also create new key pairs here, and revoke pairs of keys you are no longer using. You can upload your public key to one of several public key servers. This allows someone who has never talked to you to find your key on a public key server and send you a PGP message. Many folks who use PGP are in the habit of putting their public key in the signature line on their e-mails so correspondents can easily send them a PGP-encrypted message. Another way to help to verify the legitimacy of a person’s key is have it signed by other people’s keys. This is a way of validating that someone’s public key is a match to that person. You should only sign public keys of people that you personally know well and have verified that the key is correct. You should also get your friends and associates to sign your keys. This circle of key signing creates a nonhierarchical trust model called a web of trust . The nice thing about this model is that it doesn’t require a central authority to make it work. For more details on how this web of trust works, see the GnuPG section later in this chapter. To add other users’ keys to your public key ring, you can either import them directly from a file or do a search of public key servers. By selecting Search on the Servers menu or clicking on the magnifying glass icon and typing in part of a name or some identifying text, you can see what keys on the public key servers match your request. Drag and drop the appropriate selection from the results to the main PGPKey screen and that person’s public key will be available for using in your PGP messages. You can also view the spe- cific properties of any key, including the signers of that key, size of the key (in bits), and the method (usually DH for Diffie-Hellman). Finally, you can import or export your key rings if you have moved computers or need to restore from a backup. Encrypt The Encrypt function is pretty straightforward. First, a dialog box lets you pick the file to encrypt. Once you select a file, PGP prompts you to select the recipient’s public key from your key ring. If you don’t have it yet, do a search on the public key Figure 9.4 PGPKeys Screen Howlett_CH09.fm Page 291 Thursday, June 24, 2004 11:12 PM 292 Chapter 9 • Encryption Tools servers for it as described above and add it to your list. Select the public key of your intended recipient and drag and drop the key from the box on top down to the recipient list. The check boxes on the lower left have several important options (see Figure 9.5). One of the most important is Wipe Original. Click on this if you are encrypting this file to keep on your hard disk. Otherwise, PGP will simply create a new encrypted file and leave the original in plain text in the same directory for viewing. Remember, though, if you do this and lose your keys, that file is gone forever. Another important option is Conventional Encryption. If you select this, public key encryption will not be used. Instead, standard shared secret encryption will be employed and you will have to pick a pass-phrase in order to encrypt the data. This pass-phrase will then have to be passed securely to your intended party on the other end. This method defeats the main benefit of PGP, but it may be necessary if you don’t have the recipient’s public key. If the recipient doesn’t have PGP software, select the Self-Decrypting Archive file option. This creates a file that will decrypt itself when the person receiving the file clicks on it. Of course, your recipient will still have to know the pass-phrase you used to create the file. Sign The Sign function lets you sign a file with your public key, thereby allowing some- one to verify that it hasn’t changed since you signed it. This uses a hash function to sum- marize the file in a digest format and then encrypt it with your private key. This is the reverse of normal public key encryption. The recipient can take the signature and attempt to decrypt it with your public key. If the hashes match, then he or she knows that the con- tents haven’t changed since you signed it. This is a useful function if you are more con- Figure 9.5 PGP Encrypt Option Screen Howlett_CH09.fm Page 292 Thursday, June 24, 2004 11:12 PM Types of Encryption 293 cerned about the integrity of the file than the confidentiality of the information. An example would be a lengthy contract that has been heavily edited. You could sign it digi- tally and be sure that no one could change it after you looked at it. Signing can also be used to provide what is known as nonrepudiation , that is, if you sign a document, it can be proven that you did it, unless someone got hold of your private keys. This is akin to the validity of your physical signature except the ability to forge a digital signature is signifi- cantly harder than a traditional signature. Encrypt and Sign This function performs both of the Encrypt and Sign functions above, providing strong confidentiality, integrity, and nonrepudiation. Decrypt/Verify You use the Decrypt/Verify function to reverse the PGP encryption process. After you select the file to decrypt, it prompts you for your pass-phrase to use your private key on your disk. If entered correctly, it asks you for a new file name to decrypt the file into. You can also use this function to verify that a signature is valid. Wipe The Wipe function permanently removes a file from your hard disk. This process is much more final that the Windows Delete function. The problem with Windows (and most operating systems) is that it doesn’t actually remove the data from your hard disk when you delete a file—it just removes the file’s listing in the file system index. The data is still sitting there on the disk platters. It can be viewed with a low-level disk editor or recovered using readily available utilities like Norton or DD (DD is demonstrated in Chap- ter 11). The Wipe function actually overwrites the data multiple times on the disk with random zeros and ones. The default for this activity is three times, which is fine for most uses. You may want to increase this to at least ten if you are using this for highly sensitive data, since specialists in data recovery can actually recover data even when it has been overwritten several times. You can increase the passes made, up to 28 times, at which point not even the NSA could get the file back. Note that if you are deleting large files with lots of passes your disk will turn for a quite a while. This is very disk-intensive activity. Freespace Wipe Freespace Wipe performs the same function as the Wipe function, but on the free space on your disk. You should do this occasionally because old files that you deleted but didn’t wipe may still exist. Also, programs regularly create temp files that may contain copies of sensitive data. They are deleted by the operating system when you close the program but they still exist on your disk. Freespace Wipe sanitizes your entire hard disk. You can also schedule this function to do automatic regular wipes of your hard drive. PGP Options There are a number of global options you can set in PGP. From the PGPKeys main menu, under File choose Edit to display the PGP Options dialog box (see Figure 9.6). Table 9.1 lists the tabs and gives an overview of each. Howlett_CH09.fm Page 293 Thursday, June 24, 2004 11:12 PM 294 Chapter 9 • Encryption Tools Figure 9.6 PGP Options Dialog Box Table 9.1 Tabs in the PGP Options Dialog Box Tabs Descriptions General You can set up PGP to remember your pass-phrase for a certain amount of time after using it so you don’t have to keep entering it every time you decrypt a file or sign a document. The default is two minutes. You can also increase the default number of passes for the Wipe function and make Windows automatically wipe a file when it is deleted. Use this setting with care if you want to be able to recover deleted files. Files You can change the default directory for your public and private key rings here. Email On this tab you can set various options for handling encrypted e-mail, including automatically decrypting PGP messages, always signing your outgoing e-mail, and so forth. HotKeys Here you can quickly access main PGP functions via hotkeys. Some are already preset for you. For example, you can purge your pass-phrase cache by pressing the F12 key. Howlett_CH09.fm Page 294 Thursday, June 24, 2004 11:12 PM Types of Encryption 295 This should give you enough information to start with PGP and protect your files and communications. Again, this is meant to be a quick overview of the PGP product. Please read the ample documentation if you intend to be a heavy PGP user. If you need additional functionality or commercial use, consider upgrading to the commercial version. If you don’t want to agree to all the limitations of the PGP freeware license but want to use PGP, there is another option, the GNU version of PGP, which is described next. Tabs Descriptions Servers This is where you set the servers to search for public keys. There are two main servers listed, one in the U.S. and one in Europe, but you can add others. CA If you want to use digital certificates, you set your certificate authority and various settings here. Advanced This tab contains options for the encryption process. You can select the algorithm you want to use for the asymmetric part of the encryption process (AES is the default). You can also set your options for backing up your key rings. The default is to always create a backup file of each key ring whenever you close the program. However, you should remove the backup file periodically to a secure storage, either burned onto a CD-ROM or to a floppy disk. This will protect your keys if the hard drive crashes or the computer is stolen. GNU Privacy Guard (GnuPG): A GPL Implementation of PG P GNU Privacy Guard (GnuPG) Author/Primary Contact: Matthew Skala, Michael Roth, Niklas Hernaeus, Rémi Guyomarch, Werner Koch, and others Web site: www.gnupg.org Platforms: Linux, Windows, BSD, and Mac License: GPL Version reviewed: 1.2.4 Other resources: www.pgpi.com Mailing lists: PGP Freeware help team IETF OpenPGP working group PGP users mailing list Table 9.1 Tabs in the PGP Options Dialog Box Howlett_CH09.fm Page 295 Thursday, June 24, 2004 11:12 PM 296 Chapter 9 • Encryption Tools GNU Privacy Guard (GnuPG) is based on the OpenPGP standard and is an answer to the commercial and restrictive freeware license versions of PGP. Of course, as with most things from GNU, the name is a play on words (it’s the inverse of PGP). The big upside of the GNU version is that you can use it for any application, personal or commercial. Also, since its license is GPL, you can extend it or graft it onto any application you like. The downside is that it is a command line tool, so it doesn’t come with some of the nice add- ons that the commercial version of PGP offers. If cost is an issue and you don’t mind learning to use the commands, then GnuPG is for you. A word of warning, though: GnuPG is probably not the best choice for nontechnical users, unless you add your own front end or some user-friendly scripts (there are several available on the Internet). Installing GnuPG Many current versions of Linux and BSD ship with GPG already installed, so you can check to see if you already have it by typing gpg version at the command line. If you get a listing of the program information, you can skip this section and start using GnuPG. Also, check your distribution disks to see if you have an RPM file to automatically install it. If you want the latest version, there are RPMs for many distributions on the Web site. If there is an RPM for your OS, download it and simply click on it to install the pro- gram. If you can’t find an RPM, you can download the .tar files from the book’s CD-ROM or from the official Web site and compile them manually with the following instructions. 1. Unpack it and then type the usual compile commands: ./configure make make install PGP/MIME working group PGPi developers mailing list PGPi translators mailing list Pgplib developers mailing list All these lists can be accessed and subscribed to at www.pgpi.org/links/mailinglists/en/. Newsgroups: Alt.security.pgp Comp.security.pgp.announce Comp.security.pgp.discuss Comp.security.pgp.resources Comp.security.pgp.tech GNU Privacy Guard (GnuPG): A GPL Implementation of PG P Howlett_CH09.fm Page 296 Thursday, June 24, 2004 11:12 PM Types of Encryption 297 The program creates a directory structure in your user directory under /.gnupg where your keys and other information will be stored. 2. (Optional) Type make clean after installing GnuPG to get rid of any binary files or temporary files created by the configure process. Creating Key Pairs Once you have the program installed, the first thing you need to do is to create your public-private key pair. If you already have a key and want to import it onto this system, use the command: gpg import path/filename where you replace path/filename with the path and file to your keys. You must do sep- arate statements for your public and private key rings. The file format of the key rings is generally pubring.pkr and secring.skr. Otherwise, follow this procedure. 1. Type gpg gen-key . This starts the process and prompts you for several items. 2. GnuPG asks you for the bit size of your keys. The default is 1,024, which is gener- ally considered sufficient for strong public key cryptography. You can increase it to as high as 2,048 for stronger security. 3. Generally, you never want your keys to expire, but if you have a special case where you will only be using this key for a limited time, you can set when it should expire. 4. GnuPG prompts for your name and e-mail address. This is important, because this is how your public key will be indexed on the public key servers. 5. Finally, GnuPG asks for a pass-phrase. Pass-phrases should be sufficiently long and complex, yet something you can easily remember. (See the description of pass- phrases earlier in this chapter in the PGP section.) Once you enter your pass-phrase twice, GnuPG will generate your keys. This may take a minute. During this pro- cess, you should move your mouse around a bit. GnuPG takes random signals from the keyboard and mouse to generate entropy for its random number generator. Note: Once again, just like with PGP or any strong encryption product, main- tain backup copies of your key pairs in a safe place and don’t lose them or your encrypted data will be lost forever. Creating a Revocation Certificate Once you’ve created your keys, you can also create a revocation certificate. This is used if you lose your keys or if someone gains access to your private key. You can then use this certificate to revoke your key from the public key servers. You can still decrypt messages you have received using the old public key (assuming you didn’t lose it) but no one will be able to encrypt messages anymore with the bad public keys. Howlett_CH09.fm Page 297 Thursday, June 24, 2004 11:12 PM 298 Chapter 9 • Encryption Tools To create your revocation certificate, type: gpg –output revoke.asc –gen-revoke user where you replace user with a unique phrase from that user on your secret key ring. This generates a file called revoke.asc. You should remove this from your hard drive and store it somewhere safe. You do not want to leave it in the same place as your private key, the the- ory being if someone has access to your private key material, they could also keep you from revoking it. Publishing Your Public Key You will want to place your public key on a key server so people can easily find your pub- lic key to send messages to you. To do this, use this command: gpg –keyserver server –send-key user where you replace server with the name of a public key server and user with the e-mail address of the key you want to publish. You can use any public PGP key server since they all sync up on a regular basis. You can choose any one of them and your public key will propagate across the servers. There are many public key servers, including: • certserver.pgp.com • pgp.mit.edu • usa.keyserver.net Encrypting Files with GnuPG To encrypt a file you use the encrypt command. The format is as follows: gpg output file.gpg encrypt recipient friend@example.com file.doc [All on one line] where you replace file.gpg with the resulting filename you want, friend@example.com with the e-mail address of the user you are sending it to, and file.doc with the file you want to encrypt. Note that you must have the recipient’s pub- lic key on your key ring in order to do this. You can also use GnuPG to encrypt files with simple symmetric cryptography. You might use this for local files you want to protect or for someone for whom you don’t have a public key. To do this, use the symmetric command in this format: gpg output file.gpg symmetric file.doc where you replace file.gpg with the output file you want and file.doc with the name of the file you want to encrypt. Howlett_CH09.fm Page 298 Thursday, June 24, 2004 11:12 PM . accessed and subscribed to at www.pgpi.org/links/mailinglists/en/. Newsgroups: Alt .security. pgp Comp .security. pgp.announce Comp .security. pgp.discuss Comp .security. pgp.resources Comp .security. pgp.tech GNU. periodically to a secure storage, either burned onto a CD-ROM or to a floppy disk. This will protect your keys if the hard drive crashes or the computer is stolen. GNU Privacy Guard (GnuPG ): A GPL. a 70-plus page introduction to cryptography. It is a good primer for those new to cryptography. PGP also has a huge user’s guide. When you start PGPMail, a small tool bar displays on your screen.