├── .gitignore ├── LICENSE.markdown ├── README.markdown └── gpg └── smartcard-keygen.md /.gitignore: -------------------------------------------------------------------------------- 1 | # Files generated by an editor 2 | *~ 3 | -------------------------------------------------------------------------------- /LICENSE.markdown: -------------------------------------------------------------------------------- 1 | # Attribution-ShareAlike 3.0 United States 2 | 3 | # License 4 | 5 | **THE WORK (AS DEFINED BELOW) IS PROVIDED UNDER THE TERMS OF THIS CREATIVE COMMONS PUBLIC LICENSE ("CCPL" OR "LICENSE"). THE WORK IS PROTECTED BY COPYRIGHT AND/OR OTHER APPLICABLE LAW. ANY USE OF THE WORK OTHER THAN AS AUTHORIZED UNDER THIS LICENSE OR COPYRIGHT LAW IS PROHIBITED.** 6 | 7 | **BY EXERCISING ANY RIGHTS TO THE WORK PROVIDED HERE, YOU ACCEPT AND AGREE TO BE BOUND BY THE TERMS OF THIS LICENSE. TO THE EXTENT THIS LICENSE MAY BE CONSIDERED TO BE A CONTRACT, THE LICENSOR GRANTS YOU THE RIGHTS CONTAINED HERE IN CONSIDERATION OF YOUR ACCEPTANCE OF SUCH TERMS AND CONDITIONS.** 8 | 9 | 10 | ## 1. Definitions 11 | 12 | 1. "**Collective Work**" means a work, such as a periodical issue, anthology or encyclopedia, in which the Work in its entirety in unmodified form, along with one or more other c.ontributions, constituting separate and independent works in themselves, are assembled into a collective whole. A work that constitutes a Collective Work will not be considered a Derivative Work (as defined below) for the purposes of this License. 13 | 2. "**Creative Commons Compatible License**" means a license that is listed at http://creativecommons.org/compatiblelicenses that has been approved by Creative Commons as being essentially equivalent to this License, including, at a minimum, because that license: 14 | 1. contains terms that have the same purpose, meaning and effect as the License Elements of this License; and, 15 | 2. explicitly permits the relicensing of derivatives of works made available under that license under this License or either a Creative Commons unported license or a Creative Commons jurisdiction license with the same License Elements as this License. 16 | 3. "**Derivative Work**" means a work based upon the Work or upon the Work and other pre-existing works, such as a translation, musical arrangement, dramatization, fictionalization, motion picture version, sound recording, art reproduction, abridgment, condensation, or any other form in which the Work may be recast, transformed, or adapted, except that a work that constitutes a Collective Work will not be considered a Derivative Work for the purpose of this License. For the avoidance of doubt, where the Work is a musical composition or sound recording, the synchronization of the Work in timed-relation with a moving image ("synching") will be considered a Derivative Work for the purpose of this License. 17 | 4. "**License Elements**" means the following high-level license attributes as selected by Licensor and indicated in the title of this License: Attribution, ShareAlike. 18 | 5. "**Licensor**" means the individual, individuals, entity or entities that offers the Work under the terms of this License. 19 | 6. "**Original Author**" means the individual, individuals, entity or entities who created the Work. 20 | 7. "**Work**" means the copyrightable work of authorship offered under the terms of this License. 21 | 8. "**You**" means an individual or entity exercising rights under this License who has not previously violated the terms of this License with respect to the Work, or who has received express permission from the Licensor to exercise rights under this License despite a previous violation. 22 | 23 | 24 | ## 2. Fair Use Rights. 25 | 26 | Nothing in this license is intended to reduce, limit, or restrict any rights arising from fair use, first sale or other limitations on the exclusive rights of the copyright owner under copyright law or other applicable laws. 27 | 28 | 29 | ## 3. License Grant. 30 | 31 | Subject to the terms and conditions of this License, Licensor hereby grants You a worldwide, royalty-free, non-exclusive, perpetual (for the duration of the applicable copyright) license to exercise the rights in the Work as stated below: 32 | 33 | 1. to reproduce the Work, to incorporate the Work into one or more Collective Works, and to reproduce the Work as incorporated in the Collective Works; 34 | 2. to create and reproduce Derivative Works provided that any such Derivative Work, including any translation in any medium, takes reasonable steps to clearly label, demarcate or otherwise identify that changes were made to the original Work. For example, a translation could be marked "The original work was translated from English to Spanish," or a modification could indicate "The original work has been modified."; 35 | 3. to distribute copies or phonorecords of, display publicly, perform publicly, and perform publicly by means of a digital audio transmission the Work including as incorporated in Collective Works; 36 | 4. to distribute copies or phonorecords of, display publicly, perform publicly, and perform publicly by means of a digital audio transmission Derivative Works. 37 | 5. For the avoidance of doubt, where the Work is a musical composition: 38 | 1. **Performance Royalties Under Blanket Licenses.** Licensor waives the exclusive right to collect, whether individually or, in the event that Licensor is a member of a performance rights society (e.g. ASCAP, BMI, SESAC), via that society, royalties for the public performance or public digital performance (e.g. webcast) of the Work. 39 | 2. **Mechanical Rights and Statutory Royalties.** Licensor waives the exclusive right to collect, whether individually or via a music rights agency or designated agent (e.g. Harry Fox Agency), royalties for any phonorecord You create from the Work ("cover version") and distribute, subject to the compulsory license created by 17 USC Section 115 of the US Copyright Act (or the equivalent in other jurisdictions). 40 | 6. **Webcasting Rights and Statutory Royalties.** For the avoidance of doubt, where the Work is a sound recording, Licensor waives the exclusive right to collect, whether individually or via a performance-rights society (e.g. SoundExchange), royalties for the public digital performance (e.g. webcast) of the Work, subject to the compulsory license created by 17 USC Section 114 of the US Copyright Act (or the equivalent in other jurisdictions). 41 | 42 | The above rights may be exercised in all media and formats whether now known or hereafter devised. The above rights include the right to make such modifications as are technically necessary to exercise the rights in other media and formats. All rights not expressly granted by Licensor are hereby reserved. 43 | 44 | 45 | ## 4. Restrictions. 46 | 47 | The license granted in Section 3 above is expressly made subject to and limited by the following restrictions: 48 | 49 | 1. You may distribute, publicly display, publicly perform, or publicly digitally perform the Work only under the terms of this License, and You must include a copy of, or the Uniform Resource Identifier for, this License with every copy or phonorecord of the Work You distribute, publicly display, publicly perform, or publicly digitally perform. You may not offer or impose any terms on the Work that restrict the terms of this License or the ability of a recipient of the Work to exercise of the rights granted to that recipient under the terms of the License. You may not sublicense the Work. You must keep intact all notices that refer to this License and to the disclaimer of warranties. When You distribute, publicly display, publicly perform, or publicly digitally perform the Work, You may not impose any technological measures on the Work that restrict the ability of a recipient of the Work from You to exercise of the rights granted to that recipient under the terms of the License. This Section 4.1 applies to the Work as incorporated in a Collective Work, but this does not require the Collective Work apart from the Work itself to be made subject to the terms of this License. If You create a Collective Work, upon notice from any Licensor You must, to the extent practicable, remove from the Collective Work any credit as required by Section 4.3, as requested. If You create a Derivative Work, upon notice from any Licensor You must, to the extent practicable, remove from the Derivative Work any credit as required by Section 4.3, as requested. 50 | 2. You may distribute, publicly display, publicly perform, or publicly digitally perform a Derivative Work only under: 51 | 1. the terms of this License; 52 | 2. a later version of this License with the same License Elements as this License; 53 | 3. either the Creative Commons (Unported) license or a Creative Commons jurisdiction license (either this or a later license version) that contains the same License Elements as this License (e.g. Attribution-ShareAlike 3.0 (Unported)); 54 | 4. a Creative Commons Compatible License. If you license the Derivative Work under one of the licenses mentioned in 4., you must comply with the terms of that license. If you license the Derivative Work under the terms of any of the licenses mentioned in 1., 2. or 3. (the "Applicable License"), you must comply with the terms of the Applicable License generally and with the following provisions: 55 | 1. You must include a copy of, or the Uniform Resource Identifier for, the Applicable License with every copy or phonorecord of each Derivative Work You distribute, publicly display, publicly perform, or publicly digitally perform; 56 | 2. You may not offer or impose any terms on the Derivative Works that restrict the terms of the Applicable License or the ability of a recipient of the Work to exercise the rights granted to that recipient under the terms of the Applicable License; 57 | 3. You must keep intact all notices that refer to the Applicable License and to the disclaimer of warranties; and, 58 | 4. when You distribute, publicly display, publicly perform, or publicly digitally perform the Work, You may not impose any technological measures on the Derivative Work that restrict the ability of a recipient of the Derivative Work from You to exercise the rights granted to that recipient under the terms of the Applicable License. 59 | 5. This Section 4.2 applies to the Derivative Work as incorporated in a Collective Work, but this does not require the Collective Work apart from the Derivative Work itself to be made subject to the terms of the Applicable License. 60 | 3. If You distribute, publicly display, publicly perform, or publicly digitally perform the Work (as defined in Section 1 above) or any Derivative Works (as defined in Section 1 above) or Collective Works (as defined in Section 1 above), You must, unless a request has been made pursuant to Section 4.1, keep intact all copyright notices for the Work and provide, reasonable to the medium or means You are utilizing: 61 | 1. the name of the Original Author (or pseudonym, if applicable) if supplied, and/or 62 | 2. if the Original Author and/or Licensor designate another party or parties (e.g. a sponsor institute, publishing entity, journal) for attribution ("Attribution Parties") in Licensor's copyright notice, terms of service or by other reasonable means, the name of such party or parties; the title of the Work if supplied; to the extent reasonably practicable, the Uniform Resource Identifier, if any, that Licensor specifies to be associated with the Work, unless such URI does not refer to the copyright notice or licensing information for the Work; and, consistent with Section 3.2 in the case of a Derivative Work, a credit identifying the use of the Work in the Derivative Work (e.g., "French translation of the Work by Original Author," or "Screenplay based on original Work by Original Author"). 63 | 4. The credit required by Section 4.4 may be implemented in any reasonable manner; provided, however, that in the case of a Derivative Work or Collective Work, at a minimum such credit will appear, if a credit for all contributing authors of the Derivative Work or Collective Work appears, then as part of these credits and in a manner at least as prominent as the credits for the other contributing authors. For the avoidance of doubt, You may only use the credit required by this Section for the purpose of attribution in the manner set out above and, by exercising Your rights under this License, You may not implicitly or explicitly assert or imply any connection with, sponsorship or endorsement by the Original Author, Licensor and/or Attribution Parties, as appropriate, of You or Your use of the Work, without the separate, express prior written permission of the Original Author, Licensor and/or Attribution Parties. 64 | 65 | 66 | ## 5. Representations, Warranties and Disclaimer 67 | 68 | **UNLESS OTHERWISE MUTUALLY AGREED TO BY THE PARTIES IN WRITING, LICENSOR OFFERS THE WORK AS-IS AND ONLY TO THE EXTENT OF ANY RIGHTS HELD IN THE LICENSED WORK BY THE LICENSOR. THE LICENSOR MAKES NO REPRESENTATIONS OR WARRANTIES OF ANY KIND CONCERNING THE WORK, EXPRESS, IMPLIED, STATUTORY OR OTHERWISE, INCLUDING, WITHOUT LIMITATION, WARRANTIES OF TITLE, MARKETABILITY, MERCHANTIBILITY, FITNESS FOR A PARTICULAR PURPOSE, NONINFRINGEMENT, OR THE ABSENCE OF LATENT OR OTHER DEFECTS, ACCURACY, OR THE PRESENCE OF ABSENCE OF ERRORS, WHETHER OR NOT DISCOVERABLE. SOME JURISDICTIONS DO NOT ALLOW THE EXCLUSION OF IMPLIED WARRANTIES, SO SUCH EXCLUSION MAY NOT APPLY TO YOU.** 69 | 70 | 71 | ## 6. Limitation on Liability. 72 | 73 | **EXCEPT TO THE EXTENT REQUIRED BY APPLICABLE LAW, IN NO EVENT WILL LICENSOR BE LIABLE TO YOU ON ANY LEGAL THEORY FOR ANY SPECIAL, INCIDENTAL, CONSEQUENTIAL, PUNITIVE OR EXEMPLARY DAMAGES ARISING OUT OF THIS LICENSE OR THE USE OF THE WORK, EVEN IF LICENSOR HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.** 74 | 75 | 76 | ## 7. Termination 77 | 78 | This License and the rights granted hereunder will terminate automatically upon any breach by You of the terms of this License. Individuals or entities who have received Derivative Works or Collective Works from You under this License, however, will not have their licenses terminated provided such individuals or entities remain in full compliance with those licenses. Sections 1, 2, 5, 6, 7, and 8 will survive any termination of this License. 79 | 80 | Subject to the above terms and conditions, the license granted here is perpetual (for the duration of the applicable copyright in the Work). Notwithstanding the above, Licensor reserves the right to release the Work under different license terms or to stop distributing the Work at any time; provided, however that any such election will not serve to withdraw this License (or any other license that has been, or is required to be, granted under the terms of this License), and this License will continue in full force and effect unless terminated as stated above. 81 | 82 | ## 8. Miscellaneous 83 | 84 | Each time You distribute or publicly digitally perform the Work (as defined in Section 1 above) or a Collective Work (as defined in Section 1 above), the Licensor offers to the recipient a license to the Work on the same terms and conditions as the license granted to You under this License. 85 | 86 | Each time You distribute or publicly digitally perform a Derivative Work, Licensor offers to the recipient a license to the original Work on the same terms and conditions as the license granted to You under this License. 87 | 88 | If any provision of this License is invalid or unenforceable under applicable law, it shall not affect the validity or enforceability of the remainder of the terms of this License, and without further action by the parties to this agreement, such provision shall be reformed to the minimum extent necessary to make such provision valid and enforceable. 89 | 90 | No term or provision of this License shall be deemed waived and no breach consented to unless such waiver or consent shall be in writing and signed by the party to be charged with such waiver or consent. 91 | 92 | This License constitutes the entire agreement between the parties with respect to the Work licensed here. There are no understandings, agreements or representations with respect to the Work not specified here. Licensor shall not be bound by any additional provisions that may appear in any communication from You. This License may not be modified without the mutual written agreement of the Licensor and You. 93 | -------------------------------------------------------------------------------- /README.markdown: -------------------------------------------------------------------------------- 1 | This documentation is a decade out of date. You definitely not follow these instructions and should should probably not use `gpg` at all. Look at [`age`](https://github.com/FiloSottile/age) and [`minisign`](https://github.com/jedisct1/minisign) instead. 2 | -------------------------------------------------------------------------------- /gpg/smartcard-keygen.md: -------------------------------------------------------------------------------- 1 | Introduction 2 | ============ 3 | 4 | This guide is intended to enable an experienced technical user to securely generate GPG keys, back them up, and put them on smartcards. 5 | 6 | The version of GPG used in this guide is `1.4.12-7` from Debian's wheezy/main repository. 7 | 8 | 9 | Caveats 10 | ------- 11 | 12 | As with many things, this guide has limitations. 13 | 14 | The author is a Debian user, so all the specific instructions are based on Debian 7.x. If you use a different version of Debian or Debian-like OS such as Ubuntu or Mint, things might just work for you unchanged. If you’re an OSX user you might need to change something here or there. Unfortunately, the author is not able to provide advice for Windows. 15 | 16 | This guide is targeted at a technically experienced user. It focuses on use of the terminal, not on graphical applications. Sadly, this makes it inaccessible to a lot of people. At the time of writing, GPG is not a very user-friendly piece of software, and there aren't many graphical frontends which both work well and support the advanced usage scenario described in this guide. If you find an application which works and is compatible with this guide, please get in touch: the author would love to hear from you! 17 | 18 | If you try this guide and it doesn’t work for you, please email the author and tell them what broke! If you use OSX or Windows, you are invited to port this guide for your OS, and to let the author know what the right instructions are for you. 19 | 20 | 21 | License 22 | ------- 23 | 24 | The license for this work is [Creative Commons Attributuion-ShareAlike-3.0 USA]( 25 | https://creativecommons.org/licenses/by-sa/3.0/us). You are welcome to re-use it under that license, but the author requests that you send changes upstream by email or pull request rather than forking outright. 26 | 27 | 28 | Target Setup 29 | ------------ 30 | 31 | This is a guide for setting up a master key with three specific subkeys, backed up, and stored on smartcards. If you follow this guide through, you should end up with: 32 | 33 | * backups of your GPG master key & subkeys on removable storage, 34 | * a smartcard with your GPG master key, to use when certifying other people's keys, 35 | * a smartcard with your everyday keys, 36 | * your main computer set up and ready to use GPG, but without any private keys, 37 | * revocation certificates stored in a safe place. 38 | 39 | 40 | Before you Start 41 | ================ 42 | 43 | Materials 44 | --------- 45 | 46 | You may want to get some things ready before following this guide. To follow all the steps, you'll need: 47 | 48 | 1. Your main computer: the one that you use everyday and want to use GPG on. 49 | 2. A "secure" computer, whatever that means. 50 | 3. Two smartcard(s) and readers for them. 51 | 4. Some storage for your master key and backups: a handful of flash drive(s), and perhaps a printer. 52 | 5. A hardware random number generator, if you have one. 53 | 54 | 55 | Environment/Preparation 56 | ----------------------- 57 | 58 | Cryptography is only a secure as the computer that's running it. If your private keys are stored on a computer which is compromised, the attacker can decrypt your messages, make valid signatures, or impersonate you. One of the goals of the setup described here is that you never end up showing your private keys to your everyday computer. Even if your everyday computer is compromised, an attacker won't get your private keys. 59 | 60 | However, you do need to use *a* computer to generate your keys and you might need to use a computer to recover if something goes wrong. For these higher-stakes operations, it's worthwhile to use a computer which is as secure as possible, even if that means that your more-secure computer is a little harder to use. 61 | 62 | Securing a computer is *really* difficult. The more secure you want a computer to be, the more work it'll be to set that up, and -- probably -- the fewer features that computer will have and the harder it'll be to use. The amount of work you want to spend securing a computer depends on who you think might be trying to get at your keys, and how capable, organized, and powerful they are. 63 | 64 | Threat modeling is the process of thinking about what attacks you might expect and how much work you want to spend mitigating those attacks. Once you've thought about your threat model, you can pick the right secure computer for you. From now on, this guide just talks about your "*secure computer*", whatever that means to you. 65 | 66 | Getting Started 67 | --------------- 68 | 69 | Boot up your *secure computer*. Turn off any network connections, unplug any non-vital peripherals and check that nobody is watching over your shoulder: it's time to make some keys. 70 | 71 | **A note on entropy.** Really good random numbers are needed to generate keys securely. We're not talking *kinda unpredictable*, we're talking about all-natural, organic, shade-grown, entropy. If you don't have good entropy, someone else might be able to guess your key, and that'd be *really bad*. If you have one, now is the time to set up your hardware random number generator. If not, you probably don't need to worry: key generation will just take a little longer while your computer gathers entropy. If you're using a virtual machine, or another prefab environment you should definitely worry about this 72 | 73 | Okay, grab yourself your favorite terminal. Let's get started. 74 | 75 | 76 | Master Key Generation 77 | ===================== 78 | 79 | Initial Configuration 80 | --------------------- 81 | 82 | Some of the options in GPG's config file influence the parameters used when generating keys. Edit your `~/.gnupg/gpg.conf` to add the following lines. Make sure to remove any similar directives which are already there. If you like, back up your current config file and decide which parameters to choose later when we discuss [`gpg.conf`](#config) in more depth. For now, you can safely just cargo cult this: 83 | 84 | ~~~~ 85 | no-greeting 86 | personal-digest-preferences SHA512 87 | personal-cipher-preferences AES256 AES 88 | cert-digest-algo SHA512 89 | default-preference-list SHA512 SHA384 SHA256 SHA224 AES256 AES192 AES CAST5 ZLIB BZIP2 ZIP Uncompressed 90 | s2k-cipher-algo AES256 91 | s2k-digest-algo SHA512 92 | s2k-mode 3 93 | s2k-count 65011712 94 | ~~~~ 95 | 96 | Key Type and Capabilities 97 | ------------------------- 98 | 99 | `amnesia@amnesia:~$ gpg --expert --gen-key` 100 | 101 | The `expert` flag tells GPG that you might want to do something complex, and gives you more options (some of which you can get wrong). Don't worry though: you're following this guide, so you're an expert. The `gen-key` command tells GPG that we want to generate a new set of keys. GPG should reply with something like this: 102 | 103 | ~~~~~ 104 | Please select what kind of key you want: 105 | (1) RSA and RSA (default) 106 | (2) DSA and Elgamal 107 | (3) DSA (sign only) 108 | (4) RSA (sign only) 109 | (7) DSA (set your own capabilities) 110 | (8) RSA (set your own capabilities) 111 | Your selection? 112 | ~~~~~ 113 | 114 | That's a lot of options. Those last two are only there because we're in `expert` mode. There are two things that GPG is asking right now: 115 | 116 | 1. What asymmetric-key algorithm do yo want to use? Your options are *RSA*, *DSA*, or *Elgamal*. 117 | 2. What *capabilities* do you want your key to have? Wait, what's a capability? 118 | 119 | Capabilities are *things that a key can do*. GPG thinks of four capabilities, four different cryptographic applications of the same type of key: 120 | 121 | * **Certify**. This is where you "sign" someone else's key: promising that you know that a key really belongs to the person it says it does. 122 | * **Sign**. This is where you make an unforgeable "signature" on a file, document, or so on. Anyone can verify that only you could have signed it. 123 | * **Encrypt**. Other people can encrypt messages to this key, and only you can decrypt them. Should probably be called "decrypt" instead. 124 | * **Authenticate**. You can use this key to prove that you are who you claim. particularly useful when logging on to remote servers. 125 | 126 | For various reasons related to the perceived strength of the ciphers, and the ways that they break when they fail, we're going to pick RSA keys. All RSA, all the time. 127 | 128 | We're going to define our capabilities manually for the master key and some subkeys, so let's pick the last option. 129 | 130 | `Your selection? 8` 131 | 132 | GPG will now ask you to pick capabilities for your master key, asking something like this: 133 | 134 | ~~~~~ 135 | Possible actions for a RSA key: Sign Certify Encrypt Authenticate 136 | Current allowed actions: Sign Certify Encrypt 137 | 138 | (S) Toggle the sign capability 139 | (E) Toggle the encrypt capability 140 | (A) Toggle the authenticate capability 141 | (Q) Finished 142 | 143 | Your selection? 144 | ~~~~~ 145 | 146 | We're going to keep our master key in cold storage most of the time, probably on a USB drive or two stored in safe places. Our master key will be the "glue" that sticks our other keys together, binds them to our identity/ies, but won't be used for everyday tasks. It's always a good idea to pick the minimal set of capabilities. 147 | 148 | Sadly the OpenPGP standard and GPG in particular requires that a master key has the `Certify` capability, and simply doesn't allow subkeys to have that capability. There's no way around this, so we have to leave the `Certify` capability in place, and we'll use this master key every time we want to certify other people's keys. Many smartcards won't accept a key which doesn't have one of the sign/authenticate/encrypt capabilities. Since we want to put the master key on a smartcard, let's leave the `Sign` capability too. 149 | 150 | ~~~~~ 151 | Your selection? E 152 | 153 | Possible actions for a RSA key: Sign Certify Encrypt Authenticate 154 | Current allowed actions: Sign Certify 155 | 156 | (S) Toggle the sign capability 157 | (E) Toggle the encrypt capability 158 | (A) Toggle the authenticate capability 159 | (Q) Finished 160 | 161 | Your selection? Q 162 | ~~~~~ 163 | 164 | Key Size 165 | -------- 166 | 167 | Now GPG will ask you how big a key you would like: 168 | 169 | ~~~~~ 170 | RSA keys may be between 1024 and 4096 bits long. 171 | What keysize do you want? (2048) 172 | ~~~~~ 173 | 174 | GPG's suggested default is 2048 bits. With crypto keys, bigger is always more secure, so your gut reaction should be to pick 4096 bits. Unfortunately, may smartcards don't support keys larger than 3072 bits, so let's pick that size. There's no very good reason for that particular limit, but that's definitely what it is. 175 | 176 | You may be wondering why we're going to all this trouble to generate this key on a computer rather than on the smartcard itself. If we generate the key on a computer first, then we can keep a backup on removable media. If your smart card later gets left on a bus or run over by one, you have a backup. You can copy it to a new smartcard and pick up where you left off. 177 | 178 | `What keysize do you want? (2048) 3072` 179 | 180 | 181 | Expiration Date 182 | --------------- 183 | 184 | We need to decide when this key should expire. 185 | 186 | ~~~~~ 187 | Requested keysize is 3072 bits 188 | Please specify how long the key should be valid. 189 | 0 = key does not expire 190 | = key expires in n days 191 | w = key expires in n weeks 192 | m = key expires in n months 193 | y = key expires in n years 194 | Key is valid for? (0) 195 | ~~~~~ 196 | 197 | "Author," -- you might be thinking -- "this is a pretty involved process, and I don't want to do it very often. Why would I want my key to expire." Good question, hypothetical straw-person reader. You're quite right: it really would be better if this key never expires. But even as we hope for the best, we should prepare for the worst. 198 | 199 | Imagine some hypothetical future you. You use your key all the time, and loads of folks rely on it. Then: disaster strikes! You are attacked by a ninja clan, who (mistakenly?) think that you're a pirate sympathizer. They destroy all your computers, all your backups, everything. For good measure, they thwack you on the head and make you forget all your passwords and other secret plans. Now you have a problem: you've lost you key, but it's still valid. Other people might even send you encrypted messages or expect you to sign or authenticate things with it. Even if you create a new key, there's nothing to stop some poor confused soul from using your old, destroyed key by accident. Oh dear. 200 | 201 | We're going to use expiration in an attempt to stave off this dire scenario, sort of like a dead-person's switch. When you set an expiry date on you key, in the event of scenario NINJA OBLIVION OMEGA, eventually the lost key will expire and people will stop trying to use it. However, in the RAINBOWS BUTTERFLIES UNICORNS situation, you're fine. If you still control the key, then you can always postpone the expiry date, even if it's already passed. Eerie, perhaps but useful. 202 | 203 | With all that in mind, pick a time. The longer the time is, the longer someone might accidentally use a lost key. The shorter the time, the more frequently you'll have to get out your master-key smartcard and and push back the clock. Remember your threat model? Let it guide you. 204 | 205 | **Keyserverless usage note.** If you don't want to use keyservers, remember that you still have to distribute your key after you change its expiry date. If that's going to be especially difficult for you, consider that when picking a time. 206 | 207 | For most folks, a six months is a perfectly reasonable period. 208 | 209 | ~~~~~ 210 | Key is valid for? (0) 6m 211 | Key expires at 06 Apr 2064 07:22:28 PM CST 212 | Is this correct? (y/N) y 213 | ~~~~~ 214 | 215 | 216 | User IDs 217 | -------- 218 | 219 | Now you need to tell GPG who you think you are: 220 | 221 | ~~~~~ 222 | You need a user ID to identify your key; the software constructs the user ID 223 | from the Real Name, Comment and Email Address in this form: 224 | "Heinrich Heine (Der Dichter) " 225 | 226 | Real name: 227 | ~~~~~ 228 | 229 | Oh my. Gentle reader, you may ask: "What is this madness?! Why does GPG want to know who I am; is it part of *The System*?". This is probably a good time to talk about identities, and what on earth they mean. 230 | 231 | When you use GPG, you're probably trying to communicate with *people*. Fundamentally, you don't really care whether you're encrypting to a particular key. What you want is to know that you're encrypting to a particular *person*'s key. You want that person to be able to read the message, and nobody else. This is what user IDs (UIDs) are all about. A UID is an identifier which indicates a particular person by name and address. In theory, an address could be any way to reach someone, like "subspace channel 23571, towards relay station twelve". In practice, OpenPGP and GPG only understand email addresses and things that look like email addresses. 232 | 233 | Think of the name that everyone knows you by, and the address that you tell people when you actually want them to email you. Those are probably the best options to put here. Don't enter a comment, you will only ever regret it. Again, nyms are a complicated topic. 234 | 235 | ~~~~~ 236 | Real name: Ada Lovelace 237 | Email address: ada@enchantressofnumbers.net 238 | Comment: 239 | You selected this USER-ID: 240 | "Ada Lovelace " 241 | 242 | Change (N)ame, (C)omment, (E)mail or (O)kay/(Q)uit? O 243 | ~~~~~ 244 | 245 | 246 | Passphrase 247 | ---------- 248 | 249 | ~~~~~ 250 | You need a Passphrase to protect your secret key. 251 | 252 | Enter passphrase: 253 | ~~~~~ 254 | 255 | Your passphrase is used to encrypt your key when it's stored on disk. This prevents someone who gets access to your secret keyring from using your key. You want to pick a passphrase so incredibly complex that a nobody will ever guess it, even if they use a computer to try guessing words and combinations of words, and so on. You also want a passphrase so simple and memorable that you'll never forget it. That sounds pretty tough. This isn't a guide to passphrases. What's your threat model again? GPG won't echo your passphrase back as you type it. 256 | 257 | 258 | Wait for Entropy 259 | ---------------- 260 | 261 | Now that you've filled out GPG's standard application form (in triplicate), your computer is actually going to generate some keys. About time. 262 | 263 | ~~~~~ 264 | We need to generate a lot of random bytes. It is a good idea to perform 265 | some other action (type on the keyboard, move the mouse, utilize the 266 | disks) during the prime generation; this gives the random number 267 | generator a better chance to gain enough entropy. 268 | ~~~~~ 269 | 270 | What is this? Well, this could take a little while. Perhaps go get some tea? 271 | 272 | ~~~~~ 273 | Not enough random bytes available. Please do some other work to give 274 | the OS a chance to collect more entropy! (Need 281 more bytes) 275 | ...+++++ 276 | 277 | Not enough random bytes available. Please do some other work to give 278 | the OS a chance to collect more entropy! (Need 195 more bytes) 279 | ~~~~~ 280 | 281 | Ugh, a few more minutes. If we had a random number generator, this would be a lot easier. 282 | 283 | ~~~~~ 284 | ...+++++ 285 | pub 3072R/CDCD72AF 2063-04-06 [expires: 2064-10-06] 286 | Key fingerprint = DDC6 93BF 8FC1 3036 36D2 CCFB 4771 324A CDCD 72AF 287 | uid Ada Lovelace 288 | 289 | Note that this key cannot be used for encryption. You may want to use 290 | the command "--edit-key" to generate a subkey for this purpose. 291 | ~~~~~ 292 | 293 | 294 | Backup and back off 295 | =================== 296 | 297 | Back up 298 | ------- 299 | 300 | Now your master key is available. You want to export it up to some secure media and then never speak of it again. Every time a computer has access to your master key, that's a chance for everything to go wrong. We're going to export it to cold storage, and then test to make sure that we actually did that right. 301 | 302 | ~~~~ 303 | amnesia@amnesia:~$ gpg --armor --output /media/cold-storage/ada-master_private.gpg --export-secret-keys CDCD72AF 304 | amnesia@amnesia:~$ gpg --armor --output /media/cold-storage/ada-master_public.gpg --export CDCD72AF 305 | ~~~~ 306 | 307 | That string of eight letters and numbers at the end is the *key ID*, a short way to refer to this master key, all it's UIDs, signatures, any subkeys, or other stuff it might pick up over time. It's the last eight character of the key's fingerprint, which GPG just told you when it completed generating your key. Key IDs aren't securely unique, but that doesn't matter right now. 308 | 309 | The `armor` signal tells GPG to write an "ASCII-armored" text file, rather than a binary one. The `output` parameter specifies the filename to save the keys to. The `export-secret-keys` command does just what it sounds like: it exports secret keys, but not the public parts. The regular `export` command only exports public keys, for your safety and convenience. Note that the GPG command always comes last, after all its flags and parameters. Just for safe keeping, let's make some backups. 310 | 311 | ~~~~~ 312 | amnesia@amnesia:~$ gpg --armor --output /media/key-backup-alpha/ada-master_private.gpg --export-secret-keys CDCD72AF 313 | amnesia@amnesia:~$ gpg --armor --output /media/key-backup-alpha/ada-master_public.gpg --export CDCD72AF 314 | amnesia@amnesia:~$ gpg --armor --output /media/key-backup-omega/ada-master_private.gpg --export-secret-keys CDCD72AF 315 | amnesia@amnesia:~$ gpg --armor --output /media/key-backup-omega/ada-master_public.gpg --export CDCD72AF 316 | ~~~~~ 317 | 318 | If you want to make a paper backup, you could print one of those "ASCII-armored" export files. If you ever have to use it, you'll have a fun job typing all that back in. There's probably a good way to use a 2D barcode. Paper backups are left as an exercise to the reader. 319 | 320 | The key is only as secure as the least safe place that you have it backed up. If you export it to an unencrypted removable drive and someone else gets their hands on that drive, only the complexity of your passphrase is standing between them and total control of your key. 321 | 322 | Back off 323 | -------- 324 | 325 | Okay, now you've probably exported your key to some safe cold-storage. I say *probably* because let's just make sure, eh? Delete your secret keyring and make sure you can get your keys back from the backups you just made 326 | 327 | `rm ~/.gnupg/secring.gpg` 328 | 329 | If you're using something like TAILS, rebooting is a great idea, but remember to edit your `gpg.conf` again after you boot back up. Once you've rebooted, try to re-import the master key from that backup you just made. 330 | 331 | ~~~~ 332 | amnesia@amnesia:~$ gpg --import /media/cold-storage/ada-master_public.gpg 333 | gpg: key CDCD72AF: public key "Ada Lovelace " imported 334 | gpg: Total number processed: 1 335 | gpg: imported: 1 (RSA: 1) 336 | ~~~~ 337 | 338 | ~~~~ 339 | amnesia@amnesia:~$ gpg --import /media/cold-storage/ada-master_private.gpg 340 | gpg: key CDCD72AF: secret key imported 341 | gpg: key CDCD72AF: public key "Ada Lovelace " not changed 342 | gpg: Total number processed: 1 343 | gpg: unchanged: 1 344 | gpg: secret keys read: 1 345 | gpg: secret keys imported: 1 346 | ~~~~ 347 | 348 | All that stuff about `secret keys imported`: that's GPG telling us that it managed to retrieve the files. To be on the safe side, delete your keyring/reboot, and test the other two backups just the same way. 349 | 350 | Okay, great! We have a master key. You can drink that cup of tea now, you've earned it! Maybe even a biscuit too. While you're waiting for it to brew, go put your cold storage and your backups somewhere safe. If all goes well, you'll never need to touch them again. 351 | 352 | 353 | Smartcards 354 | ========== 355 | 356 | This next section is all about smartcards. Smartcards are designed to securely store cryptographic keys without ever revealing them. When you use a smartcard, all the crypto happens *on the card itself*. Your computer sends the smartcard a message like "Please decrypt this file." and the smartcard does the decryption and sends back the plaintext without ever revealing the secret key. 357 | 358 | Unfortunately, most smartcards and readers are proprietary. That means that it's really hard to audit them to ensure that they're truly secure and don't have any backdoors. It's totally plausible that some smarcards might have bugs that allow timing attacks, and perhaps some even have backdoors which *will* allow them to divulge the secret key. 359 | 360 | For safety's sake, you might want to *assume* that your smartcard has a backdoor or vulnerability and treat it like a (less-secure) USB thumb drive. On the bright side, your card might actually be secure and give you an extra layer of insualtion against attackers! 361 | 362 | You can think long and hard about which smartcard you want, and who you trust to make them safely. For now, let's assume that you've picked a smartcard and reader, and have them ready to go. The GPG manual has [some instructions](http://www.gnupg.org/howtos/card-howto/en/smartcard-howto-single.html) for setting up your computer to use a smartcard and reader. 363 | 364 | 365 | Smartcard Setup 366 | --------------- 367 | 368 | First, let's take a look at your smartcard, and check that it works. 369 | 370 | `amnesia@amnesia:~$ gpg --card-edit` 371 | 372 | You should see something like this: 373 | 374 | ~~~~~ 375 | gpg: detected reader `Generic CCID Reader 00 00' 376 | Application ID ...: D2760001240101010001000000490000 377 | Version ..........: 2.0 378 | Manufacturer .....: ZeitControl 379 | Serial number ....: 00000101 380 | Name of cardholder: [not set] 381 | Language prefs ...: de 382 | Sex ..............: unspecified 383 | URL of public key : [not set] 384 | Login data .......: [not set] 385 | Private DO 1 .....: [not set] 386 | Private DO 2 .....: [not set] 387 | Signature PIN ....: forced 388 | Max. PIN lengths .: 32 32 32 389 | PIN retry counter : 3 3 3 390 | Signature counter : 0 391 | Signature key ....: [not set] 392 | Encryption key....: [not set] 393 | Authentication key: [not set] 394 | General key info..: [none] 395 | ~~~~~ 396 | 397 | If you don't, make sure that GPG is set up to use your smartcard. Perhaps check the [GPG manual pages on the topic](http://www.gnupg.org/howtos/card-howto/en/smartcard-howto-single.html). If you find another guide which is better for your smart card, please send it over. 398 | 399 | If GPG can see your card, you can set it up. Let's turn on admin mode so that we can make changes. 400 | 401 | ~~~~~ 402 | gpg/card> admin 403 | Admin commands are allowed 404 | ~~~~~ 405 | 406 | 407 | Authorization PINs 408 | ------------------ 409 | 410 | Before setting up the PINs for your smartcard, it is important to have a safe place to store them. A password manager may help you generate, store _(and label)_ each of the three PINs (admin PIN, user PIN, and reset code) we'll be setting up. Some of the commands we'll be using may "time out" abruptly and force you to start over in entering a new PIN if you take slightly too long to type it, so it is recommended that you choose what these three PINs will be ahead of time. A password manager will help you do that. 411 | 412 | The default user PIN is `123456` and the default admin PIN is `12345678`. Let's start by changing these. 413 | 414 | ~~~~~ 415 | gpg/card> passwd 416 | gpg: OpenPGP card no. D276000124010200000500001A640000 detected 417 | 418 | 1 - change PIN 419 | 2 - unblock PIN 420 | 3 - change Admin PIN 421 | 4 - set the Reset Code 422 | Q - quit 423 | 424 | Your selection? 425 | ~~~~~ 426 | 427 | The admin PIN is used to make changes to the card, while the user PIN actually lets the card decrypt or sign things using the onboard keys. If you (or some malicious outsider) enters the user PIN wrong three times, the card is locked, and the Admin PIN is needed to unlock it. If you use a GSM cellphone, this is somewhat like your SIM card's PIN and PUK codes. Entering an incorrect admin PIN three times destroys the card. You probably want to avoid that. 428 | 429 | The admin PIN isn't used every day, and you only need it to reconfigure the card or fix it if you mess up your PIN. It doesn't need to be something you can remember, just find when all else fails. It's probably a good idea to use the longest admin PIN your card accepts (in this example, 32 digits long). You should probably write the admin PIN down a text file on your master key cold storage and backup disks. 430 | 431 | ~~~~~ 432 | Your selection? 3 433 | gpg: 3 Admin PIN attempts remaining before card is permanently locked 434 | 435 | Please enter the Admin PIN 436 | 437 | New Admin PIN 438 | 439 | New Admin PIN 440 | PIN changed. 441 | ~~~~~ 442 | 443 | Now change the user PIN. This is the PIN that you'll enter every time you use the card. This first card is just for your master key which you'll only use for certification. That doesn't happen very often, so feel free to pick a long user PIN, as long as you record it somewhere safe or don't forget it. 444 | 445 | ~~~~~ 446 | Your selection? 1 447 | 448 | Please enter the PIN 449 | 450 | New PIN 451 | 452 | New PIN 453 | PIN changed. 454 | ~~~~~ 455 | 456 | You should also set a reset code. The reset code is useful in case you have forgotten both the admin and user PINs. It tells the card to completely reset itself, deleting all the keys, and returning to the factory configuration. Since you have backups of everything, this helps avoid turning your fancy smartcard into a useless piece of plastic. 457 | 458 | ~~~~~ 459 | Your selection? 4 460 | 461 | Please enter the PIN 462 | 463 | New Reset Code 464 | 465 | New Reset Code 466 | Reset Code set. 467 | ~~~~~ 468 | 469 | All done here. 470 | 471 | ~~~~~ 472 | Your selection? Q 473 | 474 | gpg/card> 475 | ~~~~~ 476 | 477 | 478 | Personal Attributes 479 | ------------------- 480 | 481 | You can also set some personal attributes. Many of them do very little in practice, though `login` can have a use. 482 | 483 | ~~~~~ 484 | gpg/card> name 485 | Cardholder's surname: Lovelace 486 | Cardholder's given name: Ada 487 | gpg: 3 Admin PIN attempts remaining before card is permanently locked 488 | 489 | Please enter the Admin PIN 490 | 491 | gpg/card> lang 492 | Language preferences: en 493 | 494 | gpg/card> sex 495 | Sex ((M)ale, (F)emale or space): F 496 | ~~~~~ 497 | 498 | The `login` attribute specifies your typical username on servers where you might authenticate yourself using a key. The `url` attribute specifies a place where someone could find your public key online. There's no need to put it there right now, but you can pick the URL with the intent to put it there later. 499 | 500 | ~~~~~ 501 | gpg/card> login 502 | Login data (account name): ada 503 | 504 | gpg/card> url 505 | URL to retrieve public key: https://enchantressofnumbers.net/key.asc 506 | ~~~~~ 507 | 508 | You don't need to set these, but if you do, you might end up with something a little like this. 509 | 510 | ~~~~~ 511 | gpg: detected reader `Generic CCID Reader 00 00' 512 | Application ID ...: D2760001240101010001000000490000 513 | Version ..........: 2.0 514 | Manufacturer .....: ZeitControl 515 | Serial number ....: 00000101 516 | Name of cardholder: Ada Lovelace 517 | Language prefs ...: en 518 | Sex ..............: unspecified 519 | URL of public key : https://enchantressofnumbers.net/key.asc 520 | Login data .......: ada 521 | Private DO 1 .....: [not set] 522 | Private DO 2 .....: [not set] 523 | Signature PIN ....: forced 524 | Max. PIN lengths .: 32 32 32 525 | PIN retry counter : 3 3 3 526 | Signature counter : 0 527 | Signature key ....: [not set] 528 | Encryption key....: [not set] 529 | Authentication key: [not set] 530 | General key info..: [none] 531 | ~~~~~ 532 | 533 | When you're done: 534 | 535 | `gpg/card> quit` 536 | 537 | The Key Editor 538 | -------------- 539 | 540 | ~~~~~ 541 | amnesia@amnesia:~$ gpg --edit-key CDCD72AF 542 | Secret key is available. 543 | 544 | pub 3072R/CDCD72AF created: 2063-04-06 expires: 2063-04-06 usage: SC 545 | trust: unknown validity: unknown 546 | [ unknown] (1). Ada Lovelace 547 | ~~~~~ 548 | 549 | This is GPG's key-editing setup, and there are lots of things you can do from here. There are loads of commands, and you can see them all if you ask for some `help`. Let's walk through what you're being shown here then put your master key on a smartcard. 550 | 551 | "Secret key is available." means exactly what it says on the tin. It's possible to use the `edit-key` command when you *don't* have the secret key available, but anything that requires the secret key won't work, obviously. 552 | 553 | The next line tells us that this is a 3072-bit RSA key, and that the key ID (last eight characters of the fingerprint) are `CDCD72AF`. Your key ID (and fingerprint) will be different. The creation time and expiry time should just be today's date and that plus a bit (six months, in this case). Ada is a well-known time-traveler. Usage tells us that this key has the `Sign` and `Certify` capabilities. 554 | 555 | Trust and validity are concepts related to the web of trust, and GPG's work to determine if a key *really belongs* to the person it says it does. 556 | 557 | The next line is the key's UID. There's just one, but it has a little `(1)` beside it anyway, just in case some others show up. 558 | 559 | Smartcard Export 560 | ---------------- 561 | 562 | Your smartcard is ready for use and it's time to move your master key over. When you move a key to a smartcard, GPG deletes that private key from your keyring, and replaces it with a a stub noting that the key is actually on a particular smartcard. That's how GPG knows to prompt you for a card rather than just assuming that the key is unusable without its private parts. 563 | 564 | First we need to toggle to the secret key listing. 565 | 566 | ~~~~~ 567 | gpg> toggle 568 | 569 | sec 4096R/CDCD72AF created: 2063-04-06 expires: 2063-10-06 570 | (1) Ada Lovelace 571 | ~~~~~ 572 | 573 | Then we send it to the card. This can't be undone! Make sure that you've already made your backups, because there's no way to get the secret key back once you've sent it to the card. It sure would be a pity to go to all this trouble only to break the card in a freak balooning accident. 574 | 575 | ~~~~~ 576 | gpg> keytocard 577 | Really move the primary key? (y/N) 578 | ~~~~~ 579 | 580 | GPG is skeptical, but this is really what you want to do. 581 | 582 | ~~~~~ 583 | Really move the primary key? (y/N) y 584 | gpg: detected reader `Generic CCID Reader 00 00' 585 | Signature key ....: [none] 586 | Encryption key....: [none] 587 | Authentication key: [none] 588 | 589 | Please select where to store the key: 590 | (1) Signature key 591 | (3) Authentication key 592 | Your selection? 1 593 | ~~~~~ 594 | 595 | GPG will prompt you for your passphrase then the card's admin PIN. Do try to enter them correctly. If you do, you should see something like this: 596 | 597 | ~~~~~ 598 | sec 4096R/CDCD72AF created: 2063-04-06 expires: 2063-10-06 599 | card-no: 0005 00000101 600 | (1) Ada Lovelace 601 | ~~~~~ 602 | 603 | That little note with the card number means that GPG knows that the key is stores on the smartcard. Success! Save your changes and quit. 604 | 605 | `gpg> save` 606 | 607 | 608 | Customizing your Key 609 | ==================== 610 | 611 | We have a master key on a smartcard. Fantastic. Now it's time to to generate some subkeys with the `Sign`, `Encrypt` (really decrypt), and `Authenticate` capabilities and put them on a *different* smartcard. Then we'll polish things up and make any other tweaks this key needs. 612 | 613 | `amnesia@amnesia:~$ gpg --expert --edit-key CDCD72AF` 614 | 615 | ~~~~~ 616 | Secret key is available. 617 | 618 | pub 4096R/CDCD72AF created: 2063-04-06 expires: 2063-10-06 usage: SC 619 | trust: unknown validity: unknown 620 | [ unknown] (1). Ada Lovelace 621 | 622 | gpg> 623 | ~~~~~ 624 | 625 | Additional UIDs 626 | --------------- 627 | 628 | There are some other changes or tweaks that require the master key's signature. We should make those now. 629 | 630 | Perhaps you want to include a work email address as another UID: 631 | 632 | ~~~~~ 633 | gpg> adduid 634 | Real name: Ada Lovelace 635 | Email address: ada@analyticalengine.com 636 | Comment: 637 | You selected this USER-ID: 638 | "Ada Lovelace " 639 | 640 | Change (N)ame, (C)omment, (E)mail or (O)kay/(Q)uit? O 641 | ~~~~~ 642 | 643 | Photo UIDs 644 | ---------- 645 | 646 | You could also add a photo: 647 | 648 | ~~~~~ 649 | gpg> addphoto 650 | 651 | Pick an image to use for your photo ID. The image must be a JPEG file. 652 | Remember that the image is stored within your public key. If you use a 653 | very large picture, your key will become very large as well! 654 | Keeping the image close to 240x288 is a good size to use. 655 | 656 | Enter JPEG filename for photo ID: /home/ada/.face.jpg 657 | This JPEG is really large (27348 bytes) ! 658 | Are you sure you want to use it? (y/N) y 659 | Is this photo correct (y/N/q)? y 660 | ~~~~~ 661 | 662 | After you've made the changes you want, you should be left with something like this: 663 | 664 | ~~~~~ 665 | pub 3072R/CDCD72AF created: 2063-04-06 expires: 2063-10-06 usage: SC 666 | trust: unknown validity: unknown 667 | [ unknown] (1) Ada Lovelace 668 | [ unknown] (2). Ada Lovelace 669 | [ unknown] (3) [jpeg image of size 27348] 670 | ~~~~~ 671 | 672 | 673 | Subkey Generation 674 | ================= 675 | 676 | Now it's time to make some subkeys. These are the keys you'll be using every day. We're going use a smartcard to store your everyday keys so that you don't actually need to tell your everyday computer what their secret parts are. 677 | 678 | 679 | Subkey Type, Capabilities, & Size 680 | --------------------------------- 681 | 682 | `gpg> addkey` 683 | 684 | Once you type in your passprase, GPG gives us the full list of options since we're in `expert` mode again. 685 | 686 | ~~~~~ 687 | Please select what kind of key you want: 688 | (3) DSA (sign only) 689 | (4) RSA (sign only) 690 | (5) Elgamal (encrypt only) 691 | (6) RSA (encrypt only) 692 | (7) DSA (set your own capabilities) 693 | (8) RSA (set your own capabilities) 694 | Your selection? 695 | ~~~~~ 696 | 697 | We're all RSA all the time. We're going to assign capabilities manually, so pick the final option just like last time. 698 | 699 | `Your selection? 8` 700 | 701 | We're going to use a different key for each capability. GPG defaults to `Sign Encrypt` for RSA subkeys: 702 | 703 | ~~~~~ 704 | Possible actions for a RSA key: Sign Encrypt Authenticate 705 | Current allowed actions: Sign Encrypt 706 | 707 | (S) Toggle the sign capability 708 | (E) Toggle the encrypt capability 709 | (A) Toggle the authenticate capability 710 | (Q) Finished 711 | 712 | Your selection? 713 | ~~~~~ 714 | 715 | Disable the `Encrypt` capability, and continue: 716 | 717 | ~~~~~ 718 | Your selection? E 719 | 720 | Possible actions for a RSA key: Sign Encrypt Authenticate 721 | Current allowed actions: Sign 722 | 723 | (S) Toggle the sign capability 724 | (E) Toggle the encrypt capability 725 | (A) Toggle the authenticate capability 726 | (Q) Finished 727 | 728 | Your selection? Q 729 | ~~~~~ 730 | 731 | Again, we need to pick the size for this key: 732 | 733 | ~~~~~ 734 | RSA keys may be between 1024 and 4096 bits long. 735 | What keysize do you want? (2048) 736 | ~~~~~ 737 | 738 | Since smartcards only go up to 3072 bits, that's our maximum. 739 | 740 | 741 | Subkey Expiry 742 | ------------- 743 | 744 | ~~~~~ 745 | Please specify how long the key should be valid. 746 | 0 = key does not expire 747 | = key expires in n days 748 | w = key expires in n weeks 749 | m = key expires in n months 750 | y = key expires in n years 751 | Key is valid for? (0) 752 | ~~~~~ 753 | 754 | Unlike a master key which is rather a hassle to replace, you can rotate subkeys relatively regularly by generating new ones and revoking the old ones. Other folks who update your key from a keyserver should be able to switch over to the new one without even noticing that they did. This is more difficult if you choose not to use keyservers. 755 | 756 | Since you're using a smartcard, you might not want your subkeys to expire: you can just keep using them until something goes wrong, and generate new ones then. If you're not using a smartcard, you might want to pick a reasonable expiry period. You have use your master key to change subkeys, so you might want to make it a large fraction of your master key expiry period, and take that opportunity to rotate subkeys and postpone your master key's expiration at the same time. 757 | 758 | ~~~~~ 759 | Key is valid for? (0) 760 | Key does not expire at all 761 | Is this correct? (y/N) y 762 | Really create? (y/N) y 763 | ~~~~~ 764 | 765 | While you're waiting for GPG to gather entropy for this subkey, perhaps you might want to browse . A UK company called Simtek Electronics makes a USB device which they claim generates truly random quantum entropy. Both the firmware and hardware are closed, so it's hard to verify that claim. Still, the open source MIT-licensed software is available from the site, and included in Debian and Ubuntu. 766 | 767 | Repeat 768 | ------ 769 | 770 | Now we've got a subkey that can `Sign`. Repeat these steps two more times to generate an `Encrypt` and an `Authenticate` subkey, and you should get something that looks like this. 771 | 772 | ~~~~~ 773 | pub 4096R/CDCD72AF created: 2063-04-06 expires: 2063-10-06 usage: SC 774 | trust: unknown validity: unknown 775 | sub 3072R/FACBBB45 created: 2063-04-06 expires: never usage: S 776 | sub 3072R/8FE97F11 created: 2063-04-06 expires: never usage: E 777 | sub 3072R/94C86525 created: 2063-04-06 expires: never usage: A 778 | [ unknown] (1). Ada Lovelace 779 | 780 | gpg> 781 | ~~~~~ 782 | 783 | 784 | Finish Up 785 | --------- 786 | 787 | We have our keys all set. They're the right lengths, there are the right number of them, they do the right things, they have the right UIDs. Everything looks great. 788 | 789 | ~~~~~ 790 | pub 3072R/CDCD72AF created: 2063-04-06 expires: 2063-10-06 usage: SC 791 | trust: unknown validity: unknown 792 | sub 3072R/FACBBB45 created: 2063-04-06 expires: never usage: S 793 | sub 3072R/8FE97F11 created: 2063-04-06 expires: never usage: E 794 | sub 3072R/94C86525 created: 2063-04-06 expires: never usage: A 795 | [ unknown] (1) Ada Lovelace 796 | [ unknown] (2). Ada Lovelace 797 | [ unknown] (3) [jpeg image of size 27348] 798 | ~~~~~ 799 | 800 | If you're happy with the way things look, you can save your changes and quit: 801 | 802 | `gpg> save` 803 | 804 | If you quit without saving, all your changes in this session will be discarded. 805 | 806 | 807 | Subkey Backup 808 | ------------- 809 | 810 | Our subkeys are ready, so let's back them up. Just like the master key, if we ever break or loose the smartcard they're stored on, it'd be nice to be able to restore them so we can still decrypt older messages. We also might one day want to change subkeys, and this backup allows us to re-use their smartcard, rather than having to keep it forever because it's the only copy of the subkeys. 811 | 812 | When we export our secret-keys now, GPG will export the sub of our master key (with a note that it's on a smartcard), and the full private parts of our subkeys. 813 | 814 | ~~~~ 815 | amnesia@amnesia:~$ gpg --armor --output /media/cold-storage/ada-master_stub+secret-subkeys.gpg --export-secret-keys CDCD72AF 816 | amnesia@amnesia:~$ gpg --armor --output /media/cold-storage/ada-master_public+subkeys.gpg --export CDCD72AF 817 | amnesia@amnesia:~$ gpg --armor --output /media/key-backup-alpha/ada-master_stub+secret-subkeys.gpg --export-secret-keys CDCD72AF 818 | amnesia@amnesia:~$ gpg --armor --output /media/key-backup-alpha/ada-master_public+subkeys.gpg --export CDCD72AF 819 | amnesia@amnesia:~$ gpg --armor --output /media/key-backup-omega/ada-master_stub+secret-subkeys.gpg --export-secret-keys CDCD72AF 820 | amnesia@amnesia:~$ gpg --armor --output /media/key-backup-omega/ada-master_public+subkeys.gpg --export CDCD72AF 821 | ~~~~ 822 | 823 | We just made a backup so make sure to test it. Delete your keyrings or reboot, then re-import before continuing. If you reboot, remember to edit your `gpg.conf` again. 824 | 825 | 826 | Subkeys on a Smartcard 827 | ====================== 828 | 829 | We've backed up the subkeys, so now it's time to put them on their own smartcard. Smartcards have three slots: one for each capability, so they can all fit on the same card. make sure not to mix up the card for your master key and the one for your subkeys! 830 | 831 | You just set up a smartcard, so do the same with this one: change the PINs and add whatever personal info you want. Once you're ready, we can copy the subkeys over. 832 | 833 | ~~~~~ 834 | amnesia@amnesia:~$ gpg --edit-key CDCD72AF 835 | Secret key is available. 836 | 837 | pub 3072R/CDCD72AF created: 2063-04-06 expires: 2063-10-06 usage: SC 838 | trust: unknown validity: unknown 839 | sub 3072R/FACBBB45 created: 2063-04-06 expires: never usage: S 840 | sub 3072R/8FE97F11 created: 2063-04-06 expires: never usage: E 841 | sub 3072R/94C86525 created: 2063-04-06 expires: never usage: A 842 | [ unknown] (1) Ada Lovelace 843 | [ unknown] (2). Ada Lovelace 844 | [ unknown] (3) [jpeg image of size 27348] 845 | ~~~~~ 846 | 847 | We need to export keys to a card one at a time. Let's start with the signing key. First we need to toggle to the secret key listing. 848 | 849 | ~~~~~ 850 | gpg> toggle 851 | 852 | sec 3072R/CDCD72AF created: 2063-04-06 expires: 2063-10-06 853 | card-no: 0005 00000101 854 | ssb 3072R/FACBBB45 created: 2063-04-06 expires: never 855 | ssb 3072R/8FE97F11 created: 2063-04-06 expires: never 856 | ssb 3072R/94C86525 created: 2063-04-06 expires: never 857 | (1) Ada Lovelace 858 | (2) Ada Lovelace 859 | (3) [jpeg image of size 27348] 860 | ~~~~~ 861 | 862 | Now select the signing subkey. The key editor uses `key #` to select a subkey. Unlike UIDs, subkeys don't have helpful number hints by them, so you just need to count. How hard could it be? 863 | 864 | ~~~~~ 865 | gpg> key 1 866 | 867 | sec 3072R/CDCD72AF created: 2063-04-06 expires: 2063-10-06 868 | card-no: 0005 00000101 869 | ssb* 3072R/FACBBB45 created: 2063-04-06 expires: never 870 | ssb 3072R/8FE97F11 created: 2063-04-06 expires: never 871 | ssb 3072R/94C86525 created: 2063-04-06 expires: never 872 | (1) Ada Lovelace 873 | (2) Ada Lovelace 874 | (3) [jpeg image of size 27348] 875 | ~~~~~ 876 | 877 | Notice how the signing subkey key now has a little star beside it? That's means it's selected. 878 | 879 | ~~~~~ 880 | gpg> keytocard 881 | gpg: detected reader `Generic CCID Reader 00 00' 882 | Signature key ....: [not set] 883 | Encryption key....: [not set] 884 | Authentication key: [not set] 885 | 886 | Please select where to store the key: 887 | (1) Signature key 888 | (3) Authentication key 889 | Your selection? 1 890 | ~~~~~ 891 | 892 | Now repeat this for the other two subkeys. Make sure to put them in the right slots on the card. When you're done, the secret key view should look like this. 893 | 894 | ~~~~~ 895 | sec 4096R/CDCD72AF created: 2063-04-06 expires: 2063-04-06 896 | card-no: 0005 00000101 897 | ssb 3072R/FACBBB45 created: 2063-04-06 expires: never 898 | card-no: 0005 00000102 899 | ssb 3072R/8FE97F11 created: 2063-04-06 expires: never 900 | card-no: 0005 00000102 901 | ssb 3072R/94C86525 created: 2063-04-06 expires: never 902 | card-no: 0005 00000102 903 | (1) Ada Lovelace 904 | (2) Ada Lovelace 905 | (3) [jpeg image of size 27348] 906 | ~~~~~ 907 | 908 | The smartcard is ready to go. Save your changes and quit. 909 | 910 | `gpg> save` 911 | 912 | 913 | Everyday Export 914 | =============== 915 | 916 | At this point, we've generated four keys (one master key and three subkeys) and exported each of them to a smartcard. This means that the "private" keys in this keyring are actually *all* just pointers to smartcards. Now we can export the stubs for use on our everyday machine. Even though we're using the `export-secret-keys` command, this output will actually contain *no* secret keys at all! 917 | 918 | Backup 919 | ------ 920 | 921 | As always, let's back up our work before proceeding: 922 | 923 | ~~~~ 924 | amnesia@amnesia:~$ gpg --armor --output /media/cold-storage/ada-master_stub-complete.gpg --export-secret-keys CDCD72AF 925 | amnesia@amnesia:~$ gpg --armor --output /media/key-backup-alpha/ada-master_stub-complete.gpg --export-secret-keys CDCD72AF 926 | amnesia@amnesia:~$ gpg --armor --output /media/key-backup-omega/ada-master_stub-complete.gpg --export-secret-keys CDCD72AF 927 | ~~~~ 928 | 929 | After a backup, delete your keyrings or reboot, then make sure you can import from any of those files. 930 | 931 | "Keys" 932 | ------ 933 | 934 | Now export the key files for your everyday machine. 935 | 936 | ~~~~ 937 | amnesia@amnesia:~$ gpg --armor --output /media/everyday-usb/ada-everyday_stub.gpg --export-secret-keys CDCD72AF 938 | amnesia@amnesia:~$ gpg --armor --output /media/everyday-usb/ada-everyday_pub.gpg --export CDCD72AF 939 | ~~~~ 940 | 941 | Revocation Certificates 942 | ----------------------- 943 | 944 | Now's a perfectly good time to generate a revocation certificate. You might want to put this on your everyday machine, or you might want to print it out. A revocation certificate allows you to cancel your key without needing to have the secret part on hand (you used the secret part to create the certificate). 945 | 946 | A jerk who got a hold of a revocation certificate for your key could also cancel your key (which would probably make a lot of work for you), but they couldn't sign things on your behalf, or decrypt secret messages meant only for you. 947 | 948 | This probably means that you should store your revocation certificate somewhere other than where you store your master key backus, and just a little more accessible, so that even if you loose those backups, you can still revoke the key. 949 | 950 | Here's how to make one. 951 | 952 | ~~~~ 953 | amnesia@amnesia:~$ gpg --armor --output /media/print-share/ada-revoke_misc.gpg --gen-revoke CDCD72AF 954 | 955 | sec 3072R/CDCD72AF 2063-04-06 Ada Lovelace 956 | 957 | Create a revocation certificate for this key? (y/N) y 958 | Please select the reason for the revocation: 959 | 0 = No reason specified 960 | 1 = Key has been compromised 961 | 2 = Key is superseded 962 | 3 = Key is no longer used 963 | Q = Cancel 964 | (Probably you want to select 1 here) 965 | Your decision? 0 966 | Enter an optional description; end it with an empty line: 967 | > 968 | Reason for revocation: No reason specified 969 | (No description given) 970 | Is this okay? (y/N) y 971 | ~~~~ 972 | 973 | Then you'll have to enter your user PIN. Make sure you're using the right smartcard, and you've got the right user PIN for it. 974 | 975 | If you want, you can generate certificates for other scenarios too, but there's probably no need. 976 | 977 | 978 | Finishing 979 | ========= 980 | 981 | We're done with key generation now. If you've been following through all the steps, you probably have two smartcards/readers and five USB thumb drives: 982 | 983 | * cold storage 984 | * key backup alpha 985 | * key backup omega 986 | * everyday usb 987 | * print share 988 | 989 | The cold storage and key-bakup disks should have a full copy of the public and private parts of your master key and all your subkeys. Put these in your home safe or your piggy bank, or wherever you keep things safely. They should contain five files: 990 | 991 | * `keyid_private.gpg`: the private part of your master key 992 | * `keyid_public.gpg`: the public part of your master key 993 | * `keyid_public+subkeys.gpg`: the public part of your master key and your subkeys 994 | * `keyid_stub-complete.gpg`: the "private" pointers to smartcards for your master key and your subkeys 995 | * `keyid_stub+private-subkeys`: the "private" pointer to your master key, and the actual private parts of your subkeys 996 | 997 | The thumb drive destined for your everyday computer should have two files: 998 | 999 | * `keyid_pub.gpg`: the public parts of all your keys 1000 | * `keyid_stub.gpg`: the "private" pointers to smartcards for all your keys 1001 | 1002 | The print/share thumb-drive should have as many revocation certificates as you decided to make. Perhaps you should print them, or leave them with a trustworthy friend? 1003 | 1004 | If you've got all that, you're ready to go. You can shut down your *secure computer* now. Next, we'll walk through setting up your everyday computer. 1005 | 1006 | 1007 | Everyday Setup & Usage 1008 | ======================= 1009 | 1010 | `gpg.conf` {#config} 1011 | ---------- 1012 | 1013 | First, let's get GPG all snazzy-like. Here's a sample `gpg.conf` for you. 1014 | 1015 | ~~~~ 1016 | #default-key 1017 | #trusted-key 1018 | #hidden-encrypt-to 1019 | default-recipient-self 1020 | 1021 | ask-cert-level 1022 | auto-check-trustdb 1023 | no-greeting 1024 | no-expert 1025 | 1026 | #cert-policy-url http://yoursite.net/id.txt (you can make this later) 1027 | 1028 | auto-key-locate keyserver cert pka 1029 | keyserver hkp://pool.sks-keyservers.net 1030 | 1031 | list-options no-show-photos show-uid-validity no-show-unusable-uids no-show-unusable-subkeys show-keyring show-policy-urls show-notations show-keyserver-urls show-sig-expire 1032 | verify-options show-uid-validity 1033 | fixed-list-mode 1034 | keyid-format 0xlong 1035 | 1036 | personal-digest-preferences SHA512 1037 | personal-cipher-preferences AES256 AES192 AES 1038 | cert-digest-algo SHA512 1039 | default-preference-list SHA512 SHA384 SHA256 SHA224 AES256 AES192 AES CAST5 ZLIB BZIP2 ZIP Uncompressed 1040 | 1041 | s2k-cipher-algo AES256 1042 | s2k-digest-algo SHA512 1043 | s2k-mode 3 1044 | s2k-count 65011712 1045 | 1046 | completes-needed 2 1047 | marginals-needed 5 1048 | max-cert-depth 7 1049 | min-cert-level 2 1050 | ~~~~ 1051 | 1052 | 1053 | Key Import 1054 | ---------- 1055 | 1056 | Now Let's import those keys. 1057 | 1058 | ~~~~ 1059 | ada@thinkpad:~$ gpg --import /media/everyday-usb/ada-everyday_pub.gpg 1060 | gpg: key 0x4771324ACDCD72AF: public key "Ada Lovelace " imported 1061 | gpg: Total number processed: 1 1062 | gpg: imported: 1 (RSA: 1) 1063 | ~~~~ 1064 | 1065 | ~~~~ 1066 | ada@thinkpad:~$ gpg --import /media/everyday-usb/ada-everyday_stub.gpg 1067 | gpg: key 0x4771324ACDCD72AF: secret key imported 1068 | gpg: key 0x4771324ACDCD72AF: public key "Ada Lovelace " imported 1069 | gpg: Total number processed: 1 1070 | gpg: unchanged: 1 1071 | gpg: secret keys read: 1 1072 | gpg: secret keys imported: 1 1073 | ~~~~ 1074 | 1075 | Don't worry if you see a warning about time warps or clock problems. It probably means you were using a *secure computer* with a live OS like TAILS, and it didn't have an accurate clock. 1076 | 1077 | It's also notable that things look a little different here. Instead of that short 8-character keyID, we have a longer 16-character one. That's because the display options in `gpg.conf`. It's always better to use longer keyIDs, they're harder to spoof. You should copy and paste this long keyID into your `gpg.conf` where there's a space for it. 1078 | 1079 | If you want to, you gan `gpg --edit-key 4771324ACDCD72AF` and check that you can `toggle` to see that your everyday machine knows about the smartcards. 1080 | 1081 | Uploading to a keyserver 1082 | ------------------------ 1083 | 1084 | If everything still looks good, now you can upload your key to a keyserver. Keyservers never forget. Only do this once you're sure. 1085 | 1086 | ~~~~ 1087 | ada@thinkpad:~$ gpg --send-keys 4771324ACDCD72AF 1088 | gpg: sending key 0x4771324ACDCD72AF to hkp server pool.sks-keyservers.net 1089 | ~~~~ 1090 | 1091 | In a few minutes, your key should propagate to every keyserver out there. 1092 | 1093 | Printing Fingerprints 1094 | --------------------- 1095 | 1096 | If you want other folks to sign your key, you'll need to print some pieces of paper with your key's fingerprint. The easiest way is to take this output and just copy and paste it into a text file a bunch of times. 1097 | 1098 | ~~~~ 1099 | ada@thinkpad:~$ gpg --fingerprint 4771324ACDCD72AF 1100 | pub 3072R/0x4771324ACDCD72AF 2063-04-06 [expires: 2063-10-06] 1101 | Key fingerprint = DDC6 93BF 8FC1 3036 36D2 CCFB 4771 324A CDCD 72AF 1102 | uid [ultimate] Ada Lovelace 1103 | uid [ultimate] Ada Lovelace 1104 | uid [ultimate] [jpeg image of size 27348] 1105 | sub 3072R/0x8E550EC9FACBBB45 2014-02-13 1106 | sub 3072R/0xCA1659C68FE97F11 2014-02-13 1107 | sub 3072R/0xE9D0F1F494C86525 2014-02-13 1108 | --------------------------------------------------------------------------------