Archive

Key Signing

I'm not going to discuss here how to handle the simple mechanics of getting PGP (or GnuPG) to manage keys. Neither am I going to go through the basics of public key cryptography. I'll leave that for others to do, and assume here that you know about both of those. (If you want to know more about setting up GPG and how it works, try the mini-howto. Instead, I want to describe the steps that people normally go through to sign someone else's key, and why all of those steps should be done.

Key signing – a brief background

A cryptographic key pair is a statement of identity. Possession and use of the private key is related to who you are. Signing an email with your key is a statement that "the owner of this key has signed this email and (presumably) agrees with its content".

A signature on a key is a statement from the signer that the signer believes the statement of identity made by the key is true. So, everyone should have a self-signed key (since if you don't believe your key describes you, then you've got bigger problems that I can help you with…). If I sign your key, then I'm saying that I believe your key has accurate information describing your identity.

The problem

There are a number of things which a key ties together in its statement of identity:

  • The keypair itself
  • The person it claims to describe
  • Their name
  • Their email address

Now, if I haven't ever met someone (or I've only met them on-line), I can't sign their key, because I can't be sure that someone claiming online to be, say, AndyRansom actually is Andy Ransom. It might be someone attempting an identity fraud; it might be someone performing a man-in-the-middle attack on our email communications. Even if I meet them, I want to make sure that I've tied together all four bits of information above and verified that they are all talking about the same thing. To do this, we need to follow a protocol to ensure that it all ties together.

The protocol

If I'm going to sign your key, then the protocol to follow is this:

  • We meet in person.
  • You show me some form of identity which I can use to identify you (I'll accept a passport, or a long relationship in real life).
  • You give me your key fingerprint on a piece of paper, with the IDs on the key. Mine looks like this:
pub  1024D/1C335860 2001-03-23 Hugo Ranger Mills (For work-related emails) <hugo@soton.ac.uk>

     Key fingerprint = B997 A9F1 782D D1FD 9F87  5542 B2C2 7BC2 1C33 5860
uid                            Hugo Ranger Mills <hugo@carfax.nildram.co.uk>
uid                            Hugo Ranger Mills <hugo@lug.org.uk>
uid                            Hugo Ranger Mills <hugo@darksatanic.net>
uid                            Hugo Ranger Mills <hugo@carfax.org.uk>
sub  2048g/3C044DA8 2001-03-23

If you cannot remember how to get a key fingerprint the command is

gpg --fingerprint 'yourname' > filename

and then you can print as many copies of filename as you like.

  • I check your passport (photo) as well as I can against your appearance.
  • I check the name in your passport against the name in your fingerprint.
  • I initial the piece of paper to tell myself I've verified your identity, and keep the paper for later.

Then, when I get back home, we do the following:

  • I download your key from a public key server like this, and import it using:

$ gpg --import filename
  • or by using a line like the following to import it direct from the keyserver:
$ gpg --keyserver hkp://wwwkeys.eu.pgp.net --recv-keys UID
  • where UID is the UID of the key.
  • I check the fingerprint of the downloaded key against the fingerprint on the piece of paper. Do this using:
$ gpg --fingerprint UID
  • where UID is the UID of the key. If they're different, then someone's playing silly buggers, and we stop.
  • I generate, using /dev/random and hexdump, approximately 64 bytes of random data:

dd if=/dev/random count=64 bs=1 | hexdump
  • I keep a copy of that data, and send you a copy, encrypted (not just signed!) using the public key I've just downloaded.

  • You send back, signed (and encrypted, if you like) the same data.
  • I check the data you send back against the copy I kept.
  • If the data you returned to me is the same as the copy I kept, then I can sign your key and send you a copy (and upload it to a public key server, too). To sign the key from the CLI, use:
$ gpg --ask-cert-level --sign-key UID

You will be asked to state how carefully you have checked the identity: if you have followed the above steps, you can choose

(3) I have done very careful checking.
  • You must then confirm your actions and enter your passphrase.
  • To export the signed key to a public keyserver, use:
gpg --send-key UID

Job done.

I would urge you strongly to use this technique every time you sign someone's key. If you don't, then you're potentially making false statements about someone (although they may want you to make these false statements!).

Web of Trust

One problem with the above protocol is that it becomes very tedious to make any assertion, however weak, about the identity of a person with whom you intend to communicate. PGP/GnuPG allows you to maintain an owner trust database: a database of the extent to which you trust the owners of keys to follow the above procedure rigorously before they will certify someone's identity.

If you trust the owner of a key to do this, you are stating that you believe to some extent that you can trust any keys that they have certified.

Note that there are two different concepts of trust here. Key trust is the amount you trust that the owner of the key is who he/she claims to be. Owner trust is the amount you trust the owner of the key to make accurate assessments of identity. Key trust is computed from owner trust. You cannot modify key trust directly.

To modify owner trust levels from the CLI, use:

$ gpg --edit-key UID

Then enter

Command> trust

You will be asked to choose a level indicating how must you trust the owner of the key to correctly perform the above checks before signing a key:

  1 = I don't know or won't say
  2 = I do NOT trust
  3 = I trust marginally
  4 = I trust fully
  5 = I trust ultimately

Do not choose ultimate owner trust. This is for your own keys only.

Enter

Command> quit

to exit. You do not need to save the key (the trust database is updated immediately when you change the trust levels).

Leave a Reply