Lurking with PGP

Phil Zimmermann's PGP program was written primarily to allow people to be quite sure their private communications remain private. The messages are encrypted so that only the intended recipient is able to read them—as long as users have read the manual and paid heed to its security warnings. Pretty Good Privacy.
Verifying Keys

When people verify that their copy of someone else's key is correct, they don't laboriously check 1000-10000 characters of the ASCII representation of the key. Instead, they compare an abbreviated form called a fingerprint. Each key is verified by its fingerprint, which is represented by 32 hexadecimal characters. The possibility of two keys having the same fingerprint is so close to nil that you don't even have to consider it. So if the fingerprints match, the keys match.

Before checking fingerprints, it is best to quickly check the ID. The ID is even more abbreviated; it consists of only 8 hexadecimal characters. If, for instance, a user uses two different sets of PGP keys, the ID is used to differentiate between them.

Examples

Since we started with comp.os.linux.announce, let's show how you can easily retrieve the public key for verifying those messages. (I assume that you have PGP installed. If you don't, I'll explain later how to do that. I just want to keep things simple for now.)

PGP normally tries to do the right thing without being told. If you feed it a public key, it figures that you want to add it to your “public key ring”, available for inspection or use at any time. Normally, you call it with the name of a file, so try this:

finger wirzeniu@kruuna.helsinki.fi > /tmp/cola
pgp /tmp/cola

If PGP complains “Key ring file 'home/.pgp/pubring.pgp' cannot be created”, then you should create the directory ~/.pgp and try again:

mkdir ~/.pgp
pgp /tmp/cola
rm /tmp/cola

PGP will ask if you want to add the key to your public key ring; answer yes. When it asks whether you want to certify any keys yourself, answer no. You can't do that without having created your own public and private key. You will still be able to verify messages, but you can't use some of PGP's built-in features. This will look like Listing 2.

The comp.os.linux.announce key is now on your public key ring, and you can now use it to verify posts made to comp.os.linux.announce.

Checking Signed Messages

Now let's try checking the signature on a message posted to comp.os.linux.announce. Using your newsreader, save a message to a file, preferably with the extension “.asc” (short for ascii). Let's save it in the file cola.asc, and then call PGP to check the signature:

pgp cola.asc

PGP is verbose (as usual), and checks the signature. Part of what it says lets us know that the signature checks out Okay—but it warns that it can't be sure, because you don't have a key of your own:

File has signature.  Public key is required to
check signature.  Good signature from user
"Lars Wirzenius <wirzeniu@cs.helsinki.fi>".
Signature made 1996/05/01 11:36 GMT
WARNING: Because this public key is not certified
with a trusted signature, it is not known with
high confidence that this public key actually
belongs to:
"Lars Wirzenius <wirzeniu@cs.helsinki.fi>".

If you want to get rid of that warning, you will have to create your own keys, and before you do that, you ought to read the manual and understand it.

PGP also saves a copy of the message without the signature in a file called cola—it strips the .asc from the filename. If you had saved the original message in a file named “cola”, it would have asked you for a different filename to put the unsigned message in. Unfortunately, at the present time, the only way to check a signature without creating a new file containing the unsigned text is to press CTRL-C when PGP stops to ask you what to do.

Checking Fingerprints

In order to verify that your copy of a key is the right one, you need to put the key on your keyring, and then use PGP to print its fingerprint. Use the command:

pgp -kvvc user_id

where user_id is either part of the recipient's e-mail address or the actual 8-character key ID. Listing 3 shows part of the output of this command for the key used to sign Announcements of the Linux Emergency Response Team (ALERTs), which are used to announce security issues related to Linux. This (-kvvc) shows a lot of information for each key; you can get a more concise listing with the command:

pgp -kvc user_id

Now try to print the fingerprint for the key Lars uses to sign comp.os.linux.announce postings. You can check it below.

Once you have generated the fingerprint, you need to compare it to a trusted version. That might mean the fingerprints listed in this article, or it might mean calling the sender on the phone, or it might include a fingerprint listed in a book. There are many options—it's up to you to judge if the option you choose provides good enough verification for your purposes.

Here is a list of IDs and fingerprints for important and useful keys in the Linux world:

  • Lars Wirzenius's comp.os.linux.announce key:4CBA92D1 E7FA89856D9B781D F530EBFBD811CA3F

  • Linux Security FAQ Primary Key used to verify ALERTS:ADF3EE95 AB4FE7382C3627BC 6934EC2A2C05AB62

  • Ted Ts'o's signature key used to sign other people's keys (Ted organizes PGP-signing BOFs at conferences, and so has signed many other people's keys):466B4289 9C056649DF837EEF D8AC7542A2334B91

  • Your humble author, who will also be organizing PGP-signing BOFs at some conferences, and wants to show off:4536A8DD 2AEC88084064CED8 DDF8122B61438315

(Please note that in order to fit the fingerprints into the article, we have removed many of the spaces. The spaces are just there to help you read the fingerprint, and the fingerprint is the same with or without spaces.)

Linux developers are starting to talk about listing their PGP key IDs and fingerprints in the CREDITS file in the Linux kernel source code.

______________________

Webinar
One Click, Universal Protection: Implementing Centralized Security Policies on Linux Systems

As Linux continues to play an ever increasing role in corporate data centers and institutions, ensuring the integrity and protection of these systems must be a priority. With 60% of the world's websites and an increasing share of organization's mission-critical workloads running on Linux, failing to stop malware and other advanced threats on Linux can increasingly impact an organization's reputation and bottom line.

Learn More

Sponsored by Bit9

Webinar
Linux Backup and Recovery Webinar

Most companies incorporate backup procedures for critical data, which can be restored quickly if a loss occurs. However, fewer companies are prepared for catastrophic system failures, in which they lose all data, the entire operating system, applications, settings, patches and more, reducing their system(s) to “bare metal.” After all, before data can be restored to a system, there must be a system to restore it to.

In this one hour webinar, learn how to enhance your existing backup strategies for better disaster recovery preparedness using Storix System Backup Administrator (SBAdmin), a highly flexible bare-metal recovery solution for UNIX and Linux systems.

Learn More

Sponsored by Storix