“Travellin’ and livin’ off the web…”

I have a GPG key, freshly created a couple of days ago. GPG is the GNU Privacy Guard, also known as GnuPG, used for encryption and digital signatures.

Many people include helpful comments about GPG encryption on a page with their public key and fingerprint. Instead of making similar remarks (which I don’t feel qualified to make), I’ll point to some examples: Karl Fogel, Peter S. May, and Henrik Lund Kramshoej.

I’ve read Karl’s page with interest in the past, and revisited it while preparing my own GPG key page. His comments have been influential in adding to my doubts about using the software and keys properly. I found Peter’s and Henrik’s pages recently in Google search results as I’ve been reading about the subject. All three have wise words of caution and advice about using GPG for encryption and digital signing. Peter and Henrik further get in to the concept of the “web of trust” in public key cryptography. Peter’s page is detailed and he appears to be quite conscientious about being a good participant in this web of trust.

(There is also PGP. Both programs implement the OpenPGP standard, but PGP is not free-as-in-freedom so you should use GnuPG.)

So what’s the point of this page?

Well, to refer you to other sources of information, for starters, and to talk about my shiny new key, reasons for creating it, reasons for attending key signing parties, and lay out my rudimentary key signing policy, which I hope will make the case that I intend to be an upstanding cryptizen* and follow good key signing practices.

However, while not a stranger to GPG, I’m pretty new at key signing and web of trust stuff, so my proclamations and methods have to be viewed with skepticism. You can read this post and perhaps draw your own conclusions.

Why a key now?

I haven’t previously had much (if any) personal need for encryption or signing using GPG, but now seemed like a good time to create a key pair before going to the FSF meeting in Cambridge next weekend where I might gather a few signatures.

That might be an answer for “why now?”, but doesn’t really answer the question of why I need a key at all. Why do I want to use GPG? And it suggests another question: Why do I care about getting signatures for my key? I think my primary motivation at the moment is community. Even though I don’t have an immediate need in mind, being trustworthy (at least with respect to my participation in the web of trust) may help me be a better free software community member.

Other reasons for crypto?

Why else am I interested in cryptography, and why might you be also?

  • It’s fun. It brings me back to the secret codes and decoder rings of youth. Even if I don’t understand the math, I get a kick out of running data through this powerful, free software, and seeing it magically become scrambled and unscrambled.

  • It’s freedom and privacy affirming to have this kind of software legally available, and we should exercise our rights to use it, even if we don’t have much need for secret communications. And if we do have that need, it may be critically important to be skilled in using these tools. And maybe we just want to object to the growing surveillance society, and make the job of eavesdroppers more difficult.

    “Me and you and a dog named boo / How I love being a free man”

    (Well, we were born free, anyway.)

  • Aside from secrecy/privacy uses, the ability to use digital signatures for identification and verification is quite useful. That web of trust we’ve been talking about. (Another word you hear in this area is non-repudiation, which sounds impressive.)

I’m mainly talking here about the use of public-key cryptography for sending private messages and signing/verifying messages and files. Other reasons to care about encryption are that it keeps your financial transactions secure (although usually in the form of SSL encryption; not GPG), can be used for keeping personal files on your computer private (usually with symmetric keys instead of public/private keys), and is useful for commerce in general.

Why key signing parties?

From the Keysigning Party HOWTO:

There are three primary reasons to hold as many key signing parties as you possibly can.

First, and perhaps most importantly, you should hold as many key signing parties as possible in order to expand the web of trust. The deeper and more tightly inter-linked the web of trust is, the more difficult it is to defeat. This is of special significance to the Free Software Community, for both developers and users alike. Members of the community rely upon PGP technology to cryptographically protect the integrity of their software packages, security advisories, and announcements. The strength and robustness of the web of trust is directly proportional to the strength of the protection PGP provides the community from security threats such as trojan horses, malware, viruses, and forged messages.

Second, key signing parties help others get integrated into the security culture and encourage them to gain an understanding of PGP and related strong cryptography technologies. In order to get the benefits of strong cryptography, people must use strong cryptography, and use it properly. This requires a basic understanding of the underlying technology. It can be difficult for people new to computers and new to the free software culture to gain such an understanding. Introducing people who lack knowledge and skills in cryptography to individuals that have developed them can be very helpful to those trying to learn. It provides a great deal of value and benefits everyone.

Finally, key signing parties help build communities. They help techies get together to get to know each other, network, and discuss important issues like civil liberties, cryptorights, and internet regulation. Discussion is important because discussion is not only the first step, but also the step before action. When I first wrote this document there were not very many complex webs of trust in the world. Things have dramatically improved, with more plentiful webs that are much deeper than they were a few years ago. However, it still remains the case that if you work to build a web of trust in your local area, it is very likely that the first participants in that web will be the leaders and policy setters of the internet community in your area. They are the individuals who can choose to build secure strong cryptographic technology and protocols into the local infrastructure if they so choose. The integration of such technology and protocols could make issues like the FBI’s carnivore system and the National Security Agency’s illegal domestic surveillance technologically infeasible and therefore moot.

–V. Alex Brennen, “Why should I hold a Keysigning Party

And those sound to me like very good reasons, and make me more interested in participating in this web and promoting more widespread use of this technology.

Back to my key

So, I’ve created my key and have sent it to a few keyservers, including pgp.mit.edu and keyring.debian.org. I was able to retrieve it from mit.edu, but so far not from debian.org.

I wasn’t sure how paranoid and extreme I should be about the whole thing. Should I take my laptop offline, boot from an Ubuntu Live CD, generate the key and keep the secret part forever offline, only accessing it from a USB flash after booting up in the same way? There is some appeal to that approach, but I decided not to start out that way. I’m just learning to do some of this, and thought it might be harder to figure out how to manage signing and whatnot with that method. And I’d like to have a general purpose key that isn’t overly cumbersome to use. Instead, I’m keeping it on an EncFS file system that isn’t regularly mounted.

Do you ever think about those wasted random bytes when GPG asks you to help gain some entropy? There you are, typing, typing furiously away, with the software goading you to create more, more, more random bytes, until suddenly you’ve got a surplus spilling over when the work is all done. I think about them. I’m sure one of these days I’ll inadvertently run rm or some other command with negative consequences. I’ve also wondered if that part could just be a joke played on us by the GPG developers. Yeah, um, just type randomly on your keyboard for a minute or two…

My key signing policy

As mentioned, I’m new at key signing and participating in the web of trust, but I intend to do my part in being a trustworthy key signer.

But I’m starting out a bit confused, because in my reading so far I’ve seen two concepts related to trust, and I’m not sure what my main responsibility is in signing someone else’s key. Part one is verifying that a key belongs to a person, and part two is evaluating how well you think they will correctly verify other people’s keys.

I found this in the GnuPG manual:

GnuPG overloads the word “trust” by using it to mean trust in an owner and trust in a key. This can be confusing. Sometimes trust in an owner is referred to as owner-trust to distinguish it from trust in a key. Throughout this manual, however, “trust” is used to mean trust in a key’s owner, and “validity” is used to mean trust that a key belongs to the human associated with the key ID.

The Debian keysigning page says:

It is nice to get more signatures on ones key, and it is tempting to cut a few corners along the way. But having trustworthy signatures is more important than having many signatures, so it’s very important that we keep the keysigning process as pure as we can. Signing someone else’s key is an endorsement that you have first-hand evidence of the keyholder’s identity. If you sign it when you don’t really mean it, the Web of Trust can no longer be trusted.

So what am I trying to accomplish when signing a key? Verification? Yes, this key belongs to Bob?

GPG 1.4.6 prints this when asking you to pick a trust level for someone’s key:

Please decide how far you trust this user to correctly verify other users' keys
(by looking at passports, checking fingerprints from different sources, etc.)

But this is for your own personal trust db, right? Or is that important also when deciding to sign Bob’s key. If I’m positive that this is Bob’s key, but I don’t trust him to be a good key signer, should I choose not to sign it? Or if I know and trust Alice and sign her key, what if she then signs Mallory’s key because she knows it belongs to him, but she doesn’t trust him at all?

For identity verification, it seems common that people will look for a government issued photo ID and a passport (acknowledging that there are problems with both as ultimate arbiters of identity). I’d personally rather not carry my passport around if it’s not needed for travel, but it may be worthwhile if it helps other people feel more comfortable confirming identity and strengthens that web.

For my own satisfaction, I’ll expect at least one form of ID, and I’ll likely poke around on the web looking for corroborating evidence of identity. Other things I’ll keep an eye out for are key types and lengths, and that the key owner’s name matches between ID and key.

But I need to see how things go in practice.

Keyservers

I understand that it is bad form to send signed keys to a keyserver without the owner’s permission. I’m happy to go by that rule. I’ll send the signed key to you via encrypted email, and only post to a keyserver if you say it’s ok. (Much to learn in this area — if I send you the signed key, can you go ahead and send it to the keyserver yourself?)

Feel free to send my public key with your signature to the keyserver, although I’d like it by email also. Again, I’m interested to see how this all works in practice.

* Cryptizen

Cryptizen = Crypto + Citizen. No hits in Google today for that one — maybe I can coin the term!

Yes, I’m a sad little man. :-)

Photo attribution

Thanks to Jorge Barrios for releasing the skeleton key photo into the public domain.