Encrypting and signing

Transcription

1 Encrypting and signing V1.0 Developed by Gunnar Kreitz at CSC, KTH. V2.0 Developed by Pehr Söderman at ICT, KTH V3.0 Includes experiences from the 2009 course V3.1 Adaptation for DASAK, by Sonja Buchegger at CSC, KTH V3.2 Adaptation for CSC hosting, some clarifications, by Sonja Buchegger security is based on a set of cryptographic algorithms ensuring both that only the holder of a specific key can read a message (encryption) and prove the message has not been changed in transit (signing). The goal of this lab is to familiarize yourself with security using the well known tool GnuPGP ( also known as GPG. GPG is a free implementation of the OpenGPG ( standard, which is based on the commercial tool PGP ( Pretty Good Privacy. This lab can also be done completely remotely. All you need to do is to send 5 s, if you do everything correctly. If you need help with the lab, please come to the lab sessions. The lab shall be solved individually. You are not allowed to solve the lab for another student. Table of Contents Encrypting and signing Step 1: Getting GnuPG...3 Some common problems when solving this lab...4 GnuPG and usability...4 Step 2: Importing the course key...4 Step 3: Creating your keys...5 Step 4: Submit your key for signing...5 Step 5: Add an extra address to the key...6 Step 6: Signing of keys...6 Step 7: Submit your key (again)...6 Receiving Sending secure Step 8: Signed messages...7 Step 9: Encrypted messages...7 Step 10: Encrypted and signed messages...8 Step 11: The report...8 Common error messages and how to solve them...10 ERROR: Could not import user id's. Typically caused by UIDs created in the future (wrong system time)...10 ERROR: Did not find any keys to import/verifying signature failed/decrypting message failed/decryption and verification failed...11 Page 1/12

2 ERROR: Did not see any signatures not made by course key...11 ERROR: Found # User-ID:s in the file. The initial submission should be with one User-ID. Generate a new key and try again...11 ERROR: Found more than one key in your submission...11 ERROR: Incorrect. I read your answer as:...11 ERROR: Key cannot be used for encryption...11 ERROR: Secret key was imported, please generate a new keypair and be more careful next time.../the secret key for this key was already imported. Please generate a new keypair and be more careful next time...11 ERROR: Signature was invalid (status xxxxxxx)...12 ERROR: Submission was encrypted with # keys, should be encrypted to exactly two keys/submission was only encrypted with a single key, should be encrypted to two keys...12 ERROR: Subkey expires in more than 3 months/subkey never expires...12 ERROR: Submission was not signed...12 ERROR: The User-ID found is "Foo Bar <Foo@Bar.com>". It should have an address in domain...12 ERROR: Tried to import something but failed. This can be caused by broken data, revocation certificates or broken UIDs (such as UIDs created in the future)...12 ERROR: Validation of your result failed. Key correctly signed by course key? I read your answer as:...12 Page 2/12

3 Step 1: Getting GnuPG If you do the exercise on the CSC Linux computers, the command is gpg. If you use CSC Solaris computers, just "module add gnupg" - depending on the version, the command for gpg can be gpg2. For working on other platforms: You can download GPG from or use a package manager. Typically the command in linux is something like aptitude install gnupg, yum install gnupg, apt-get install gnupg or similar. If the package is not found in your package system you can always do an install from the tarball on the GnuPG homepage. Under windows you use the installer from the homepage. It is very helpful to add the directory where the GPG application is located to your path, so you do not need to look it up to use it from the console. It is also possible to install it under MinGW ( Under MacOS X you can install it using GnuPorts or from the homepage. GPG itself is a command line application and you can test if it works correctly by typing gpg --version at the command line. The format of the output should look something like this: netsec:/# gpg --version gpg (GnuPG) Copyright (C) 2008 Free Software Foundation, Inc. License GPLv3+: GNU GPL version 3 or later < This is free software: you are free to change and redistribute it. There is NO WARRANTY, to the extent permitted by law. Home: ~/.gnupg Supported algorithms: Pubkey: RSA, ELG, DSA Cipher: 3DES, CAST5, BLOWFISH, AES, AES192, AES256, TWOFISH Hash: MD5, SHA1, RIPEMD160, SHA256, SHA384, SHA512, SHA224 Compression: Uncompressed, ZIP, ZLIB, BZIP2 Used libraries: gcrypt(1.4.1) Many prefer to use front-ends such as EnigMail ( for Thunderbird, GPGMail ( for Mail.app or GPGpine for pine. You are welcome to try them, but they are not needed to solve the lab. If you decide to continue using GPG they are very helpful. While you are free to choose any software or front-end you wish, please note that you will need the commands for the report and that the lab has only been tested with the basic GnuPG tool, Thunderbird and KTH webmail. Many of the tools and front-ends found on the web are broken in various interesting ways, including giving you limited, conflicting, or even completely wrong output. We are aware of some front-ends not reporting all keys used in signing/encryption, automatically importing keys and other bad stuff. Many clients also mess up the formating of s, preventing correct decoding of the data. This will prevent you from successfully completing the lab. therefore the course administration will not help you with software issues you might encounter, except for usage of modern versions of GnuPG. Page 3/12

4 For the final report include: How to install GPG on your system How to install the front-ends (if any) you used Some common problems when solving this lab Note that every single mail you send MUST come from your No other source addresses will be accepted by the system. All s must have the answers in the body of the mail as plain text. Word, openoffice, rtf, ps, dvi, pdf, html or other formats will fail. It is very common for program to send HTML or RTF by default. You will have to turn this functionality off. The system doesn't decode attachments. The system currently doesn't handle attachments, PGP/MIME, SMIME or similar, so if you use a front-end make sure it can do traditional in-lining instead. If you don't see something like ----BEGING GPG <TYPE>----- in the start of the body you should verify how you send encrypted mails. A common problem is to not ask GnuPG for all information and few front-ends prints all the information you need. The -vv (very verbose) switch is very helpful, as it prints extended information about what gpg is doing. The deadline for the lab can be found on the course website. Please note that the deadline is both for the upload of the final report and the work against the corrector system. Do not save the lab to the last day. GnuPG and usability GnuPG is not the easiest tool to use and combined with the complexity of the cryptography involved it can take some time to get used to. The documentation for gpg can be found at and is a good start. Obviously you can use google and man-pages to get additional help. Part of the task in this lab is to create your own manual for GPG. This will be in the form of a report, covering what you have done in the lab and how to use GPG correctly. For the final report, include: References Any other student that helped you with the lab Step 2: Importing the course key To verify signatures you will need the course key from the course website. Once you have imported and verified the key, give it an appropriate trust level. Page 4/12

5 For the final report The commands used to import keys The commands used to verify you get keys with the correct fingerprints The commands used to verify the signatures on keys The commands used to set trust levels for keys The interpretation of the output Step 3: Creating your keys To use public key cryptography you need to generate your keys. GnuPG lets you tune the cryptographic security of the keys, depending on how slow you want key generation (and encryption, decryption, signing and verification...) to be. is one place that offers concrete recommendations for which keylengths are suitable depending on the security required. Key generation can take a few minutes, if you get the message to generate more randomness, type, click around, or open other terminals and run commands like ping kth.se, or du -h / Password protect your key when you generate it. This password prevents somebody with access to your computer from easily stealing your keys. When you generate the key make sure the name of the key matches your name, the is and you state the course code DD2395 in the comment field. Make it valid for at most 3 months. For the final report: Command used to generate the keys How much time it took to generate the keys Motivation for the security settings The identity you created for the key The fingerprint for the key Step 4: Submit your key for signing Now you get your key signed by the correction system. While a multitude of key formats exists, it is usually a good idea to use ascii-armor. This is an encoding that avoids characters known to cause problems with systems. So, export the (public) key you generated and it to <gpgkey@dasakh10.csc.kth.se>. Make sure you send it from address. There should only be a single identity in the key, with address. Once you have submitted your key you will, if the submission looks correct, get it in return, now signed by the course key. Due to the grey-listing used at kth.se it can take up to an hour before you receive the response. For the final report: Page 5/12

6 The signature added to your key Step 5: Add an extra address to the key It is very common to have multiple identities and addresses. These can all be bound to the same key, so your friends don't need to keep track of multiple keys to communicate with you. So add an additional identity to the key with a second address (for example your main address if it's For the final report: Description of the second identity Commands to manage identities Step 6: Signing of keys While it's nice to get a signature for free, the correction system has not done very careful checking of your key (and that you are you). Therefore you will have to prove you are not an impostor by getting an additional signature for your key. Find another student and get them to sign your key, setting an appropriate trust-level. For the final report How to sign keys using GPG Description of the signature and the trust-level the other student gave you. The commands and interpretation of the output to Manage trust levels Signing keys Step 7: Submit your key (again) Now export your public key, using ascii-armor and submit it to <gpg-key@dasakh10.csc.kth.se>. The mail must come from address. At this point your key should be signed with the course key, another student key and have several identities included. Note: You can examine what you have exported using gpg -v <filename> Receiving If you have successfully sent in your key you will get 4 mail in return. One status mail, one mail with signed data, one mail with encrypted data and one mail with both signed and encrypted data. Do not lose these s! If you lose them you will have to resend your public key to get a new set. The mails you receive contains a few cryptographic checksums (in the form of long strings). They are unique by address and you will have to return them to prove you have correctly Page 6/12

7 decrypted and verified the signatures. Each mail contains several sections that can be encrypted or signed. They are separated by ============= separator ============= This is not a part of the text, but only there to simplify for you. You should never send this separator back or use it as a part of the lab. Sending secure Now it's time to send secure back to the correction system. You shall send three s, each mail containing the parts of the you received that were properly secured. The correction is very thorough. While we will accept some extra whitespace (outside strings) any extra data or missing data will get your submission rejected. You will have to prove you understand which parts of the messages you received are secure and which parts are not. While we will send you multiple blocks of data you shall only return a single block, properly secured. This is how you normally use PGP. The reason for including several blocks in the message you get is simply to save you from getting 30 s in your inbox. So, the message you return shall look something like this: 52df87027fb5c969b86a70cbb75dff5694a351c0 b1fd51f50b438ae8a13d15a16a8cfbe60fc940e4 c d4063de3abc7615a4acb41b100b0b 1f24d c6502e f82d d0be34c127d864a835f821c45963dd288149b10 (Before encryption and signing) Step 8: Signed messages You received one message from <gpg-sign@dasakh10.csc.kth.se> with signed data. Respond to this with all the parts of the mail that were properly signed using the course key in a single block. The block you send also has to be signed (using clear sign makes it easier to see what you are doing). Again, only send ascii text. For the final report: The commands used to verify signed messages Interpretation of the output from the commands A table with your analysis of each part of the original message where you motivate why it's correctly signed (or not) Which key do you use to sign the reply? Example output from GnuPG illustrating your analysis Page 7/12

8 Step 9: Encrypted messages You received one message from with encrypted data. Respond to this with the parts of the mail that were properly encrypted and confidential. Note that it is very common to add yourself to the recipient list along with the real recipient. This lets you read your own after the encryption. For the correction to work correctly you will have to do this. Also note that only you and at most the course administration should be able to read the , nobody else. For the final report: The commands used to verify encrypted messages Interpretation of the output from the commands A table with your analysis of each part of the original message Motivate why it's correctly encrypted (or not) Which key do you use to secure the reply? Example output from GnuPG illustrating your analysis Step 10: Encrypted and signed messages You received one message from <gpg-both@dasakh10.csc.kth.se> with encrypted and signed data. This is a common usage of GPG, providing both confidentiality and integrity protection. Respond to this with the parts of the mail that were properly encrypted and signed. Make sure nobody else can read the messages you receive. Once again you will have to use both keys for the encryption. For the final report: The commands used to verify signed and encrypted messages Interpretation of the output from the commands A table with your analysis of each part of the original message Motivate why it's correctly encrypted (or not) Which key do you use to secure the reply? Example output from GnuPG illustrating your analysis Step 11: The report Once you have gotten s showing you have correctly completed each of the previous tasks, you will have to submit the report. The final report shall have the following structure: 1) Your full name Page 8/12

9 Your personnummer Your Table of Contents 2) Installing GnuPG How to install GPG on your system How to install the front-ends you used (if any). 3) Importing and trusting keys The commands and interpretation of the output when Importing keys Verifying correct fingerprints Verifying key signatures Setting trust levels for keys Interpretation of the signature added to your key 4) Creating keys The commands and interpretation of the output when generating keys How much time it took to generate the keys Motivation for the security settings. The identity you created for the key The fingerprint for the key 5) Signing keys How to sign keys using GPG Description of the signature and the trust-level the other student gave you. The commands and interpretation of the output when: Manage trust levels Signing keys 6) Managing Identities How to generate a new identity for a key Description of the second identity 7) Signed The commands used to verify signed messages Interpretation of the output from the commands A table with your analysis of each part of the original message Page 9/12

10 Motivate why it's correctly signed (or not) Which key do you use to secure the reply? 8) Signed examples Example output from GnuPG illustrating your analysis 9) Encrypted The commands used to verify encrypted messages Interpretation of the output from the commands A table with your analysis of each part of the original message Motivate why it's correctly encrypted (or not) Which key do you use to secure the reply? 10) Encrypted examples Example output from GnuPG illustrating your analysis 11) Signed-Encrypted The commands used to verify signed and encrypted messages Interpretation of the output from the commands A table with your analysis of each part of the original message Motivate why it's correctly signed and encrypted (or not) Which key do you use to secure the reply? 12) Signed-Encrypted examples Example output from GnuPG illustrating your analysis 13) References Any other homepage or resource you used to solve the lab Any other student that helped you with the lab Throughout the lab there have been instructions of parts that should be in your report. Make sure to include all these points. The report shall be mailed to buc@kth.se, subject DD2395. The document shall be correctly signed (with your key) and encrypted (remember to make sure you can decrypt it yourself!) using the course key and the key for buc. We will verify the report and that you have correctly completed the lab. You have to hand in the report and succeed in the outlined steps to pass this lab exercise. Common error messages and how to solve them This is a list of the common error messages you might get from the system and how to solve the problems related to these errors. Page 10/12

11 ERROR: Could not import user id's. Typically caused by UIDs created in the future (wrong system time) The system parsed your key correctly but failed to import your UIDs. This is most likely due to the creation date of the UID being in the future or too far into the past. Check your system time and generate a new key. ERROR: Did not find any keys to import/verifying signature failed/decrypting message failed/decryption and verification failed The system tried to verify or decrypt the message, but GPG returned a non-zero return code and no data. This is commonly caused by formatting errors, such as HTML mail, the key in attachment, multiple GPG blocks and similar. Make sure you only include a single, properly armored, block and it is in the body . ERROR: Did not see any signatures not made by course key Did you really get another student to sign your key? Did you import that signature? And then export the key again? ERROR: Found # User-ID:s in the file. The initial submission should be with one User-ID. Generate a new key and try again. Your initial submission should not contain multiple UIDs. Follow the lab instruction and submit a key with a single UID first. ERROR: Found more than one key in your submission Typically caused by exporting multiple keys before sending the mail to the lab system. By specifying which key you want to export you avoid this error. You can also try importing the key you have exported to make sure it contains what you think it contains (gpg --import -nvv). ERROR: Incorrect. I read your answer as: This means the lab system correctly verified/decrypted the gpg block in your submission and failed when it verified your submission against the expected answers. The lab system is doing a string matching of the rows. Make sure there is no extra data in the output (compared to what you encrypted/signed). Then make sure you have chosen the correct set of blocks as your answer. ERROR: Key cannot be used for encryption You have generated a sign-only key. This key can not be used for the lab and you will have to generate a key allowing both signing and encryption. Page 11/12

12 ERROR: Secret key was imported, please generate a new key pair and be more careful next time.../the secret key for this key was already imported. Please generate a new key pair and be more careful next time You sent your secret key to the lab system. As it is no longer secure you will have to generate a new key pair and start over. ERROR: Signature was invalid (status xxxxxxx) Your signature was parsed correctly but was found invalid. Make sure you don't modify the data in transport. ERROR: Submission was encrypted with # keys, should be encrypted to exactly two keys/submission was only encrypted with a single key, should be encrypted to two keys You have to make sure you use exactly two keys to encrypt the submission. That is your own key and the course key. Nobody else may read your submission. ERROR: Subkey expires in more than 3 months/subkey never expires Make sure you set a correct expiry date on the key when you generate it. It's in the lab instructions. ERROR: Submission was not signed You did not sign the submission correctly before sending it to the lab system. ERROR: The User-ID found is "Foo Bar <Foo@Bar.com>". It should have an address in domain Make sure your primary UID is in domain. This is important as the lab system will only speak addresses. ERROR: Tried to import something but failed. This can be caused by broken data, revocation certificates or broken UIDs (such as UIDs created in the future) Catch all for parsing errors when importing keys. If you get this the key has been parsed but GPG failed to import your keys. ERROR: Validation of your result failed. Key correctly signed by course key? I read your answer as: Catch all for validating submissions.. If you get this GPG returned something, but also had an error. The answer part is what gpg returned. Typically caused by sending data to the gpg-sign/crypt/both before you have your key correctly signed by the course key. Page 12/12