There are two kinds of passwords in the world. One is to prevent your little sister from reading your files. The other is to prevent the authorities from reading your documents.
— Bruce Schneier, Applied Cryptography
Previous link:
In 2021, use PGP in a more modern way (part 1)
Three, safe use and backup
To prepare
For security, it is recommended to generate your key pair on an offline Linux or BSD system.
The Tails (Boum.org) distribution is especially recommended, with tools like GPG and PaperKey to ensure full network outages, and rebooting erases everything without erasing keys. Tools required:
- A computer
- A THUMB drive 0 with Tails system, which is used to generate the key
- A fully encrypted USB /TF card 1 (recommended), or smart card, is used to store the master key
- A smart card (recommended), or a fully encrypted USB /TF card 2, is used to store sub-keys for daily use
Backup strategy
My backup strategy:
- Only one copy of the master key is reserved, offline.
- Sub-key can be copied multiple copies, imported into each device through THE U disk, special secret and special, recommended daily use of smart card (such as Yubikey), but also can avoid the trouble of entering the password every time
- Revocation credentials can be backed up together with the master key, and a separate backup (so that if the key is lost, at least it can be revocation)
A master key backup is recommended on a fully encrypted usb drive and in a secure location.
Backup media:
The smart card
It is not recommended to import the master key to the smart card device. The smart card is portable and can be used at any time. Although the key in the smart card cannot be exported, carrying it with you increases the risk of losing the master key.
If you are rich, of course, it is better to import the smart card, because the key in the smart card can not be exported, but the smart card can no longer be carried, and the same should be in a safe place, not to have to no longer use, but this is a bit of waste, and I do not recommend the reason.
The cloud storage
You can encrypt the master private key and upload it to a web disk or other online service.
PaperKey
It is disconnection operation, and asymmetric algorithm, but also to save a private key, this set of process you also found the similarity with digital currency, many backup methods can learn from their ideas, such as the above network disk storage is the idea of digital currency hot wallet.
Cold wallet is a classic way, is to write/print the private key on paper, of course we can also learn from, but if you want to copy down the endless private key, or print it, and then need to recover in the future to enter the computer one by one, obviously not realistic.
(Part of the sample private key, use it immediately, if it is your own private key, do not show it to others.)
For bitcoin, the private key looks like this:
5KYZdUEo39z3FPrtuX2QbbwGnNP5zTd7yyr2SC1j299sBCnWjss # It's so short that it's easy to copy and type
Copy the code
Also asymmetric algorithm, why PGP private key is so long?
Because they use different algorithms, bitcoin uses ECDSA’s secP256K1 algorithm by default, which is only used for signature and authentication, not encryption. Bitcoin is sometimes called a cryptocurrency only because it relies on asymmetric algorithms in cryptography, not because it can encrypt…) PGP uses the RSA algorithm by default and can be used for signature and encryption at the same time. The length of an RSA key is at least 2048 bits. The exported private key contains not only the key information, but also all public key information, UID, subkey information, and password confusion.
There is a tool called Paperkey under Linux, which can be used to eliminate redundant public key information in the private key, greatly reducing the length of the private key, and then you can print the simplified private key (Base 16 format), or convert the Raw format into two-dimensional code, and print it out.
Note:
Now that you’ve decided to use PaperKey instead of a network printer,
The paperkey tool is the default software in the Tails new version
The Paperkey manual recommends using OCR scan when recovering private keys, and most OCR services need to be networked, please note this.
other
A key is just a piece of information that can theoretically be stored in any other medium, such as a CD, steganography in a picture, writing IC cards, tattoos, X-rays, memorizing, and so on, to use your imagination.
The safe use
Use the subkey on a computer you trust. Do not use the master key unless absolutely necessary. If you use the subkey on a smart card, ignore this part.
The sub-key can be directly used on the mobile storage device without copying/importing it to the computer.
GPG --homedir [path to your storage device]Copy the code
Four, advanced use
Use other algorithms
Why is it safe? The section mentioned that PGP supports many algorithms, but when we generated keys earlier, we saw only a few.
Because GPG also has a hidden mode —- expert mode, which can be used when generating keys
gpg --expert --full-gen-key
# output
Please select what kind of key you want:
(1) RSA and RSA (default)
(2) DSA and Elgamal
(3) DSA (sign only)
(4) RSA (sign only)
(7) DSA (set your own capabilities)
(8) RSA (set your own capabilities)
(9) ECC and ECC
(10) ECC (sign only)
(11) ECC (set your own capabilities)
(13) Existing key
(14) Existing key from card
Copy the code
The ECC algorithm stands for Elliptic Curve Cryptography.
I picked 9 up here. Go ahead
Please select which elliptic curve you want (1) Curve 25519 (3) NIST P-256 (4) NIST P-384 (5) NIST P-521 (6) Brainpool P-256 (7) Brainpool P-384 (8) Brainpool P-512 (9) secP256K1 # Algorithm used by bitcoinCopy the code
Among them, NIST series elliptic curve, Brainpool series elliptic curve and SECP256K1 have different security risks and are not recommended to be used.
It can be found that (2) is missing here. In fact, there are some hidden algorithms not listed here, which can be checked by the following command
gpg --list-config --with-colons curve
# outputcfg:curve: cv25519; ed25519; nistp256; nistp384; nistp521; brainpoolP256r1; brainpoolP384r1; brainpoolP512r1; secp256k1Copy the code
The missing (2) above corresponds to ED25519, which is a signature algorithm. When you select (1), the master key used for signing and signing is ED25519, and the sub-key algorithm automatically generated for encryption is CV25519.
RSA VS ECC
ECC algorithm has an advantage over RSA in that the key length of ECC is much smaller and the performance is better under the same strength. After the PGP private key of RSA algorithm is simplified by Paperkey, there will generally be 50+ lines of HEX data. If ECC algorithm is used to generate data, it can be reduced to less than 8 lines, and there is no problem to copy by hand.
The advantage of RSA algorithm lies in the good compatibility of most hardware devices. For example, YubiKey 5 supports RSA 4096 but does not support Curve 25519. And most devices provide hardware acceleration to the RSA algorithm.
PS:
When I looked up the materials, I found a sentence copied and copied by many people in Chinese blogs:
Ed25519 encryption and decryption fast, short generation time and higher security, RSA encryption and decryption is slightly slower, long generation time, security is not ed25519 high, but rsa is basically the default, so more people use, but it is recommended to convert to ED25519, website software now basically all support.
Ed25519 is a kind of EdDSA Algorithm, only a kind of Signature Algorithm, EdDSA full name edEDS-Curve Digital Signature Algorithm, The Digital Signature Algorithm implemented by Edward elliptic curve.
The default RSA algorithm for SSH is ed25519. In fact, the asymmetric algorithm in SSH protocol is not used to encrypt and decrypt information, but only for authentication, the correct statement is that ed25519 signature and authentication speed is very fast.
Moreover, the RSA 4096 is more secure than the ED25519, regardless of the key length.
Additional UID
The UID is a user ID and consists of three parts:
- Full name (current screen name is ok)
- Note (to include with)
- Email address (included with < >)
UID properties:
- A key can have more than one UID, making it easy to use in different situations.
- The UID is independent of the subkey; it applies to the entire key.
- A UID can be added at any time, but an existing UID cannot be modified and can only be revoked separately.
- After the UID is revoked separately, you only need to re-publish the public key.
Generally speaking, only the master key has permission to operate on a UID, which can be forged and then submitted to the server as mentioned later.
gpg --edit-key {keyid/uid}
gpg> adduid Enter help to view the supported operations
Enter the information you want to append
Copy the code
What are the scenarios for using UID? If you use an infrequently used email address as your Github/GitLab account, the PGP key generated by your main email address will not be used to sign.
In order to protect privacy and manage only one key, you can set Github Settings to “Keep my Email addresses private” to add random email addresses generated for you to the UID. You can sign your different Git accounts at the same time.
Add a picture
Similar to adding a UID, type addphoto in the GPG interface. To view, type showphoto.
Use PGP to sign git commit
As long as your PGP uid contains a git config mailbox, use git config
git commit -S -m your commit message
You can sign.
SSH using PGP
Generate authentication (A) with A subkey
gpg --expert --edit-key {keyid/uid} Use expert mode, otherwise there is no authentication option
gpg> addkey
Please select what kind of key you want:
(3) DSA (sign only)
(4) RSA (sign only)
(5) Elgamal (encrypt only)
(6) RSA (encrypt only)
(7) DSA (set your own capabilities)
(8) RSA (set your own capabilities)
(10) ECC (sign only)
(11) ECC (set your own capabilities)
(12) ECC (encrypt only)
(13) Existing key
Your selection? 8 Select 8, RSA, custom permissions
Possible actions for a RSA key: Sign Encrypt Authenticate
Current allowed actions: Sign Encrypt The default permissions are Sign and Encrypt
(S) Toggle the sign capability
(E) Toggle the encrypt capability
(A) Toggle the authenticate capability
(Q) Finished
Your selection? S # # to close the Sign
Possible actions for a RSA key: Sign Encrypt Authenticate
Current allowed actions: Encrypt
(S) Toggle the sign capability
(E) Toggle the encrypt capability
(A) Toggle the authenticate capability
(Q) Finished
Your selection? E # # close Encrypt
Possible actions for a RSA key: Sign Encrypt Authenticate
Current allowed actions:
(S) Toggle the sign capability
(E) Toggle the encrypt capability
(A) Toggle the authenticate capability
(Q) Finished
Your selection? A # # open Authenticate
Possible actions fora RSA key: Sign Encrypt Authenticate Current allowed actions: Authenticate (S) Toggle the sign capability (E) Toggle the encrypt capability (A) Toggle the authenticate capability (Q) Finished Your selection? Q# # exit
RSA keys may be between 1024 and 4096 bits long.
What keysize do you want? (2048) 4096
Requested keysize is 4096 bits
Please specify how long the key should be valid.
0 = key does not expire
<n> = key expires in n days
<n>w = key expires in n weeks
<n>m = key expires in n months
<n>y = key expires in n years
Key is valid for? (0) 1y The validity of # #
Key expires at Tue Jan 7 11:33:54 2020 CST
Is this correct? (y/N) y
Really create? (y/N) y
We need to generate a lot of random bytes. It is a good idea to perform
some other action (type on the keyboard, move the mouse, utilize the
disks) during the prime generation; this gives the random number
generator a better chance to gain enough entropy.
sec rsa2048/7DEFA5351BCE3C55
created: 2019-01-07 expires: 2021-01-06 usage: SC
trust: ultimate validity: ultimate
ssb rsa2048/2FCE923F8ECB63F6
created: 2019-01-07 expires: 2021-01-06 usage: E
ssb rsa4096/19D32A8839DCAA1F
created: 2019-01-07 expires: 2020-01-07 usage: A
[ultimate] (1). hhhhh <[email protected]>
gpg> save # # to save
Copy the code
The configuration file
Edit the bashrc file to replace the default SSH agent with gPg-agnet
# ~/.bashrc
export GPG_TTY=$(tty)
export SSH_AUTH_SOCK=$(gpgconf --list-dirs agent-ssh-socket)
echo UPDATESTARTUPTTY | gpg-connect-agent 1> /dev/null
Copy the code
Edit the ~/. Gnupg /gpg-agent.conf file and add:
# ~/.gnupg/gpg-agent.conf
enable-ssh-support
Copy the code
And then:
❯ GPG - k - with - keygrip/Users/root /. Gnupg/pubring KBX -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- the pub rsa2048, 2019-01-07 (SC) [expires: 2021-01-06] 8A9FC025A44AA4824C1F4AE27DEFA5351BCE3C55 Keygrip = BEFCCDFE36CC5442B888B8459265C68B60A4ABD2 uid [ultimate] hhhhh <[email protected]> sub rsa2048/0xF681DAEBBAB82124 2019-01-07 [E] [expires: 2021-01-06] Keygrip = 422922ACFD099E79863D93B93333528F225C90FC sub rsa2048/0x501DEDC36BD409C8 2019-01-07 [A] [expires: 2020-01-07] Keygrip = 999A87A51CFE82DAA494BEB42F585051307F9E33Copy the code
Choose your new added with the new child [A] logo key keygrip, namely 999 a87a51cfe82daa494beb42f585051307f9e33
Add the file to ~/. Gnupg /sshcontrol and run ssh-add -l to check whether the file is added.
then
gpg --export-ssh-key {keyid}!
Copy the code
Note that you cannot use uid here, otherwise you will be prompted:
gpg: key "uid" not found: Unusable public key
gpg: export as ssh key failed: Unusable public key
Copy the code
You can only enter the key ID of the child key, which in this case is 0x501DEDC36BD409C8.
SSH /.ssh/authorized_keys = ~/.ssh/authorized_keys