Notice:
This post is older than 5 years – the content might be outdated.
The second part of the OpenPGP blog series explains the Web of Trust and how to participate in a key signing party to extend it.
Public key servers
Public key servers are used to collect and distribute public keys easily. Basically anyone can upload any key and keys once uploaded cannot be deleted.
Web of Trust
An important concept in OpenPGP is the Web of Trust. It consists of trust relationships between a group of keys. A key signature is used to establish the authenticity of the link between a public key and its owner. In other words: the signature ensures that the name in the user IDs of the key matches the name on the identification of the person presented during the key signing process. You can think of the web of trust as the sum of all links between the group of keys.
Interacting with public key servers
Upload your own key
|
1 2 3 |
$ gpg --send-keys 0x5A24FA122E623651 gpg: sending key 0x5A24FA122E623651 to hkps://hkps.pool.sks-keyservers.net |
You have to re-upload your key when it has changed (e.g. in case of added/revoked user IDs, extended expiration dates, added/revoked subkeys or if you have imported someone else’s signature).
Do not upload test or demo keys and never upload someone else’s key without permission.
Search for Keys on Public Key Servers
You can search for long key IDs, user IDs or email addresses on public key servers:
|
1 2 3 4 5 6 7 8 9 |
$ gpg --search "john.doe@example.com" gpg: data source: https://192.146.137.98:443 (1) John Doe <john.doe@example.com> 4096 bit RSA key 0x5A24FA122E623651, created: 2019-01-04, expires: 2021-01-03 Keys 1-1 of 1 for "john.doe@example.com". Enter number(s), N)ext, or Q)uit > |
Receive a Key
|
1 2 3 4 5 6 7 |
$ gpg --recv-keys 0x5A24FA122E623651 gpg: key 0x5A24FA122E623651: public key "John Doe <john.doe@example.com>" imported gpg: Total number processed: 1 gpg: imported: 1 |
Refresh all keys in your local keyring
It is important to update the public keys in your keyring regularly, so you receive extended expiration dates and revocations timely:
|
1 2 3 4 5 6 7 |
$ gpg --refresh-keys gpg: key 0x5A24FA122E623651: public key "John Doe <john.doe@example.com>" not changed gpg: Total number processed: 1 gpg: unchanged: 1 |
Note: gpg –refresh-keys discloses the whole set of keys in your keyring to the key server operators. An alternative is to use parcimonie (a daemon that fetches one key at a time using the Tor network).
Key Signing Parties
A key signing party is a come-together of at least two persons to sign each others‘ keys. Key signing parties serve to extend the web of trust.
There are several methods to structure a key signing party. The method described here is based on the Efficient Group Key Signing Method by Len Sassaman and Phil Zimmerman.
In general the key signing party organizer will announce an email address along with a due date, where and until when you have to send in your public key(s). Additionally the organizer will announce a publish date and a download location for the list of participants along with the hash value and the key file containing the public keys of all participants. Alternatively the organizer sends the files by mail to the participants.
Preparations
To participate, you need to send your key to the organizer. You can either create a new key pair or use an existing one. The process to create a new key is documented in the first part of the OpenPGP blog series.
The preparation steps are as follows:
- use gpg 2.1.18 or later
- revoke all non-reachable or no longer valid user IDs
- use a strong primary key (at least 2048 bits RSA key, with SHA512 hashing algorithm) with an expiration date
- use your first and last name in user IDs (so it can be matched against your identification)
- check your key and fix any problem with your key. You can use hokey from hopenpgp tools to check your key:
12345678910111213141516171819202122232425262728293031323334353637383940414243444546474849505152535455565758596061626364656667686970717273747576777879$ gpg --export --no-armor 0x5A24FA122E623651 | hokey linthokey (hopenpgp-tools) 0.21.2Copyright (C) 2012-2018 Clint Adamshokey comes with ABSOLUTELY NO WARRANTY. This is free software, and you are welcome to redistribute it under certain conditions.Key has potential validity: goodKey has fingerprint: F589 0F08 068C 5251 DEC5 CB91 5A24 FA12 2E62 3651Checking to see if key is OpenPGPv4: V4Checking to see if key is RSA or DSA (>= 2048-bit): RSA 4096Checking user-ID- and user-attribute-related items:John Doe <john.doe@example.com>:Self-sig hash algorithms: [SHA-512]Preferred hash algorithms: [SHA-512, SHA-384, SHA-256, SHA-224]Key expiration times: [1y11m29d81000s = Sun Jan 3 12:46:57 UTC 2021]Key usage flags: [[certify-keys]]Checking subkeys:one of the subkeys is encryption-capable: Truefpr: A1CB E880 0CF8 F067 7BE6 CCB7 5027 A7FB 918D F7CEversion: v4timestamp: 20190104-155226algo/size: RSA 3072binding sig hash algorithms: [SHA-512]usage flags: [[auth]]embedded cross-cert: Falsecross-cert hash algorithms: [SHA-512]fpr: 8131 307A 20AC 690D C549 8B36 8726 4AAE EB63 9812version: v4timestamp: 20190104-155201algo/size: RSA 3072binding sig hash algorithms: [SHA-512]usage flags: [[encrypt-storage, encrypt-communications]]embedded cross-cert: Falsecross-cert hash algorithms: [SHA-512]fpr: 1E32 42BD 012C 59F4 0204 4B97 2C0C C4A1 8423 4A5Aversion: v4timestamp: 20190104-154732algo/size: RSA 3072binding sig hash algorithms: [SHA-512]usage flags: [[sign-data]]embedded cross-cert: Truecross-cert hash algorithms: [SHA-512]
If some values are marked in red colour you can find instructions on how to fix the issues in the OpenPGP Best Practices. - update GnuPG to use SHA2 in preference to SHA1.Add the following lines at the end of the gpg.conf file:
12345personal-digest-preferences SHA512cert-digest-algo SHA512default-preference-list SHA512 SHA384 SHA256 SHA224 AES256 AES192 AES CAST5 ZLIB BZIP2 ZIP Uncompressed - upload your key to public key server (recommended, but not required)
1$ gpg --send-keys 0x0123456789ABCDEF - send the ascii armored, cleaned and minimized public key(s) to the organizerYou can export the key with the following command:
1$ gpg --armor --export-options export-clean,export-minimal --export 0x5A24FA122E623651 > 0x5A24FA122E623651.pub.asc
Before the Party
Get the List of Key Signing Party Participants
First you need to get the list of key signing party participants (e.g. ksp-example-event.txt). An example is shown below:
|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 |
Keysigning Party Example Event Prepared by John Doe (john.doe@example.com) Fri, 29 Aug 1997 09:14 +0200 List of participants (v1997-08-04) Here's what you have to do with this file: 1. Print this file to paper. 2. Compute this file's SHA256 checksum: sha256sum ksp-example-event.txt 3. fill in the hash values on the printout. 4. Bring the printout, a pen, and a government issued ID to the keysigning (and be on time!). For each participant: 1. Compare the hash you computed with the other participant. 2. Ask if the other participant's gpg fingerprint on the hardcopy is correct. 3. Verify each other's identity by matching user IDs against the government issued ID. 4. If you are satisfied with the identification, mark on your hardcopy that the other participant's gpg fingerprint is correct and has been identified. SHA256 Checksum: ____ ____ ____ ____ ____ ____ ____ ____ ____ ____ ____ ____ ____ ____ ____ ____ [ ] _______________________________________________________________________________ 001 [ ] Fingerprint OK [ ] ID OK pub rsa4096/0x5A24FA122E623651 2019-01-04 [C] [expires: 2021-01-03] Key fingerprint = F589 0F08 068C 5251 DEC5 CB91 5A24 FA12 2E62 3651 uid John Doe <john.doe@example.com> sub rsa3072/0x2C0CC4A184234A5A 2019-01-04 [S] [expires: 2021-01-03] sub rsa3072/0x87264AAEEB639812 2019-01-04 [E] [expires: 2021-01-03] sub rsa3072/0x5027A7FB918DF7CE 2019-01-04 [A] [expires: 2021-01-03] 002 [ ] Fingerprint OK [ ] ID OK ... |
Check your Key, the UIDs and the Fingerprint Listed in the File
Check if your keys are present and the UIDs and the fingerprint are listed correctly. If they are not, inform the signing organizer immediately. It is very important that you verify the fingerprints of your keys on the hardcopy at home.
Compute and Verify the Checksum of the File
Compute the SHA256 hash of ksp-example-event.txt:
|
1 |
$ sha256sum ksp-example-event.txt |
It is very important to compute the hash value before printing at home.
Print ksp-example-event.txt to Paper
Please ensure to use a mono space font for the printout. One way to do this is to use vim (see :help :hardcopy). Or you can use enscript and ps2pdf (ghostscript package) to generate a PDF file:
|
1 |
$ enscript --header='$n||$%/$=' ksp-example-event.txt -o - | ps2pdf - /tmp/output.pdf |
Fill in the Computed Hash on the Printout
Now fill in the hash value of the file to the fields on the printout:
|
1 2 3 |
SHA256 Checksum: ____ ____ ____ ____ ____ ____ ____ ____ ____ ____ ____ ____ ____ ____ ____ ____ [ ] |
Bring Printout, Pen and Government Issued ID to the Event
All you have to bring to the event is the printout, a pen and one form of government issued ID (e.g. Passport or ID card). Ensure that the government issued ID is still valid and you can be recognized on the photo.
Be on Time!
It is important that you are on time for the event as the verification is done simultaneously.
During the party
For each participant you have to follow these steps:
- Compare the hash you computed with the other participant.
- Ask if the other participant’s gpg fingerprint on the hardcopy is correct.
- Verify each other’s identity by matching user IDs against the government issued ID
- If you are satisfied with the identification, mark on your hardcopy that the other participant’s gpg fingerprint is correct and has been identified.
|
1 |
012 [ ] Fingerprint OK [ ] ID OK |
To speed up the first step, the hash sum is displayed or at least read out loudly by the organizer at the beginning, so each participant can compare it with the one filled out on the printout.
Depending on the number of participants it might be required to line up according to the number next to their key on the list.
After the Party
Try to make sure to sign the keys you verified within 4 weeks after the event. It is recommended to use caff to sign keys (one of the scripts of pgp-tools.
caff takes a list of keyids on the command line, fetches them from a keyserver and calls GnuPG so that you can sign it. It then mails each key to all its email addresses – only including the one UID that we send to in each mail, pruned from all but self sigs and sigs done by you. The mailed key is encrypted with itself as a means to verify that key belongs to the recipient.
Do not upload the signed public key to a public key server, so the owner of the key can decide what happens with your signature. If you don’t have an MTA (mail transfer agent) configured on your machine you can configure caff to use msmtp for mail transfer.
Configure msmtp
Please adjust the from, user, password, host, password and tls_trust_file (if needed) fields:
msmtp config:
|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 |
$ cat ~/.msmtprc defaults auth on tls on tls_trust_file /etc/ssl/certs/ca-certificates.crt logfile ~/.msmtp.log account default host <smtp-server> port 587 from john.doe@example.com user john.doe@example.com password <password> account default : default |
Note: To use msmtp with Google Mail you have to generate an app password.
Configure caff
Please adjust the owner, email, keyid, local-user and also-encrypt-to fields:
caff config:
|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 |
$ cat ~/.caffrc # .caffrc -- vim:ft=perl: # This file is in perl(1) format - see caff(1) for details. $CONFIG{'owner'} = 'John Doe'; $CONFIG{'email'} = 'john.doe@example.com'; $CONFIG{'keyid'} = [ qw{long-keyid} ]; $CONFIG{'local-user'} = [ qw{long-keyid} ]; $CONFIG{'also-encrypt-to'} = [ qw{long-keyid} ]; # only needed if you want to use msmtp for mail transfer $ENV{'PERL_MAILERS'} = 'sendmail:/usr/bin/msmtp'; |
Link your gpg.conf file to caff
|
1 2 3 |
$ mkdir -p ~/.caff/gnupghome $ ln -s ../../.gnupg/gpg.conf .caff/gnupghome/ |
Sign key with caff
|
1 |
$ caff 0x0123456789ABCDE |
Match the fingerprint of each key and the user ID with the ones provided on the printout before signing.
Happy key signing and stay tuned for the next part of the OpenPGP blog series!
