I just got back from this year’s OpenStack Summit, which was a great experience. In addition to many fruitful sessions about OpenStack itself, a keysigning party was held. This was the first such session I’ve attended, and the use of PKI for signing/encrypting mail is something that’s only recently drawn my interest.
One thing that I find interesting is that there’s no central authority from which keys derive trust, unlike SSL in browsers. Instead, it’s a web-of-trust model. Individuals cryptographically sign each others’ public keys to denote trust in them. If you’ve verified my key, and I sign Bob’s key saying I’ve verified it, then, if you trust me, you can trust Bob’s key.
At the keysigning party, we used the Sassman Projected Method, in which we each stood up, presented something like a passport on the projector, and verbally verified that the list of key fingerprints compiled before the event was valid. (We also verified the MD5 and SHA sums of the list itself before beginning, so that we knew we were working with the same list.)
GPG setup notes
I’m not going to cover the basics, because myriad other sources already do a much better job. But a few helpful hints for your gpg.conf
:
- You can set a
default-key
value if you have more than one key. - Ensure that
require-cross-certification
is present
You may also want to set up a keyserver different from the default. Here is what I have:
keyserver hkps://hkps.pool.sks-keyservers.net keyserver-options ca-cert-file=~/.gnupg/sks-keyservers.netCA.pem keyserver-options auto-key-retrieve keyserver-options no-honor-keyserver-url
This uses the SKS Keyservers pool, a pool of almost 100 keyservers that all exchange keys. More specifically, it selects the HKPS one, running SSL on port 443. To use this, you must grab their self-signed SSL certificate. (Note that the use of SSL is mostly to prevent a middleman from eavesdropping than tampering with your keys—that security comes through the keys themselves.)
The auto-key-retrieve
option is so that when I get new email in mutt with a key I haven’t seen before, it will be fetched automatically. The no-honor-keyserver-url
ensures that we always use our HKPS-enabled one, even if a key points to another server, so we ensure we stay on HKPS.
Keysigning Process
caff automates much of this. On Fedora, it’s provided by pgp-tools
.
- After installing it, run
caff
once to have it generate a~/.caffrc
file. - Edit
~/.caffrc
to taste:- Make sure that
$CONFIG{'owner}
and$CONFIG{'email'}
are set properly. - If your machine doesn’t run a properly-configured MTA, add a line to relay mail through a mailserver, like so:
$CONFIG{'mailer-send'} = [ 'smtp.corp.example.com']
.
- Make sure that
caff
maintains its own gpg.conf file, in ~/.caff/gnupghome/
. You may want to customize it, or just symlink your main one to it. Partly because I missed exactly what was happening at first, I instead imported keys to my normal keyring, and just pointed caff to that keyring. I used -R
to prevent it from fetching keys, and --key-file ~/.gnupg/pubring.gpg
to pull from my normal keyring. This probably made things more difficult than needed.
One thing that took me a moment was how to look up a fingerprint. For example, if my key fingerprint is 5150 9442 00FE 3099 4CA8 D2EA E639 859C 2BE0 2E05
, how do I look that up? It turns out to be simple: take the last eight characters (2BE02E05), prepend 0x, and search.
So my workflow was:
gpg2 --search-keys 0x2be02e05 # and import caff -R --key-file ~/.gnupg/pubring.gpg 0x2be02e05 # and follow steps
Of course, be sure that the fingerprint matches, and that you’ve validated the person’s identity in real life before signing. Once you run caff, it will have you sign the key and email it to each address on file.
Other stuff
- I linked to the SKS Keyservers pool above. They’re so-named for running sks-keyserver, which appears to be the de facto keyserver software. There’s a newer one, Hockeypuck, under development. (Here’s an LWN article about Hockeypuck, which notes that it’s not yet at parity with SKS.)
- You can publish PGP keys in DNS, though it’s not clear to me how widely this is used.
- There’s something called the strong set, which Wikipedia calls “the largest collection of strongly connected PGP keys.” Here are some neat graphs of its size. The list of members is available.
- For optimal security, it’s recommended to use an OpenPGP SmartCard, so that the private key cannot be extracted. FSFE gives them out to members, and has some good instructions here.