GNU Privacy Guard

from Wikipedia, the free encyclopedia
GNU Privacy Guard

Logo from GnuPG
Basic data

Maintainer Werner Koch
developer The GNU Privacy Guard Team
Publishing year 1997
Current  version 1.4.23
( June 11, 2018 )
operating system GNU / Linux , macOS (and other Unix systems ), Windows
programming language C.
category Encryption software
License GNU GPLv3 +
German speaking Yes
Others z. B. for systems without gpg-agent, version 1 will continue to be maintained, the current version is 1.4.22 (July 19, 2017)Template: Infobox software / maintenance / other
gnupg.org

GNU Privacy Guard (English for GNU - privacy protection ), abbreviated GnuPG or GPG , is a free cryptography system . It is used to encrypt and decrypt data and to generate and check electronic signatures.

The program implements the OpenPGP standard according to RFC 4880 and was developed as a replacement for PGP . Versions from 2.0 also implement the S / MIME and PGP / MIME standards. GnuPG only uses patent-free algorithms by default and is distributed under the GNU GPL . It can be operated under GNU / Linux , MacOS and various other Unixoid systems as well as under Microsoft Windows .

The project was started in 1997 by Werner Koch who is still the main developer. At the end of 2014, Koch called for crowdfunding , in January 2015 the topic was picked up by the national press and within a few days the financing was secured through donations for two to three years.

aims

GnuPG has set itself the goal of enabling the largest possible user group to use cryptographic methods for the confidential transmission of electronic data.

GnuPG supports the following functions:

  • Encryption of data (e.g. e-mails ) in order to transmit confidential information to one or more recipients that can only be decrypted again by the recipients.
  • Creation of a signature over the sent data in order to guarantee their authenticity and integrity.

Both functions can be combined. As a rule, the signature is created first and appended to the data. This packet is then sent encrypted to the recipient. GnuPG only supports the combination of both actions in one call in this order. When sending e-mails (as PGP / MIME according to RFC 3156 ), both variants are possible, but due to the restrictions of the mail clients this is the only possible order in practice. The option of first encrypting an email and then adding a plain text signature (which could then be evaluated by a virus scanner or spam filter that cannot decrypt the actual message, for example) is not provided. However, you can encrypt files independently of the e-mail dispatch, attach them to an e-mail and then have the e-mail signed as PGP / MIME.

Established use of GnuPG

GnuPG is used by at least most Linux distributions and related systems as part of their package manager to ensure the integrity of the distributed software packages and is therefore already included in most installations. Booting from an authentic installation medium of such a system is therefore a way of starting GnuPG in a secure environment (i.e. free from malware ), for example for the generation or use of keys with high security requirements.

functionality

GPG is a public key encryption method , which means that no secret information is required to encrypt messages. Each GPG user creates a key pair that consists of two parts: the private key and the public key . Only the owner may have access to the private key. Therefore it is usually protected with a password. With this data can be decrypted and signed. The public key is used to encrypt data and to verify signed data. It must be available to every communication partner who wants to carry out these two actions. The data can neither be signed nor decrypted with the public key, so its dissemination is not associated with any security risk. The public keys can be exchanged with other users via a variety of channels, e.g. B. Internet key server . They (or the combination of public key and user ID) should be reliably checked before use in order to prevent identity manipulation, since the identity information entered in the public key (usually name and e-mail, possibly also a comment) is trivially forged can be. GPG can only determine whether the data has been signed or encrypted with a certain key. The user has to decide whether the key is trustworthy. After all, anyone can create a key with information from other users and upload it to a keyserver . A key loaded from an insecure source (e.g. the Internet) should therefore not be trusted at first. To check it, the fingerprint ( hash value ) of the key is obtained via a secure channel (e.g. telephone) and compared with the locally generated one of the downloaded key. This is safe because it is not possible to generate a matching key for a given fingerprint. This security depends on the strength of the hash function (and the number of possible keys). In version 4 of the OpenPGP key format, the use of the hash function SHA-1 is stipulated for which collision attacks are currently (2012), but not the second pre-image attacks, which are crucial for the imitation of keys . The recent definition of the SHA-3 hash function means that development of the next OpenPGP key format can be expected soon.

Keys of different strengths are available to encrypt or sign the data. Currently (2014) 2048 to 4096-bit strong keys, with a recommended length of 2048 bits, are common. GPG currently only uses non-patented algorithms to encrypt data with these keys, such as RSA , Elgamal , CAST5 , Triple- DES (3DES), AES (Rijndael) and Blowfish .

Offline master key

With master keys, GnuPG supports a security feature that goes beyond the OpenPGP standard and therefore does not work reliably if such secret keys are to be imported into another OpenPGP application. The master key is not used for everyday signing and decryption, but for managing your own key components (user IDs and subkeys) and the certification of other keys. These actions are comparatively rare, so that the master key can be specially secured. The advantages of this approach are:

  1. The communication partner does not need to repeat the verification of the key. The master key remains valid.
  2. Subkeys can easily be exchanged. Expiring and new subkeys are nothing special for OpenPGP; they are automatically included in key updates and used transparently for the user.
  3. If the master key is also allowed to sign, you can use its significantly higher level of security to sign information of great importance with it, such as your own key policy.

The technical approach is to export the secret keys without the master key (after a backup of the master key), then delete all secret keys and then only import the subkeys. Unfortunately, this GnuPG function is not yet supported by the GUI, so you have to carry out the necessary steps yourself in the console.

Web of Trust

By means of a web of trust , PGP / GnuPG tries to counter the problem that it is usually not possible to personally ensure the authenticity of the keys of all communication partners. Users can sign other keys with their own key, thereby confirming to third parties that they have verified the authenticity of the key. You can also determine how much you trust the person's signatures. This creates the trust network described. For example, if Alice has confirmed the authenticity of Bob's key with her signature, Cloey can trust the authenticity of Bob's key even if she was unable to convince herself of this, for example because she obtained it from the Internet. The prerequisite for this is of course that she knows Alice's key and trusts her. There are some certification bodies (Engl. Certification authority , CA), which determine the authenticity of keys, for example by personal contact with verification of the identity card. This is offered free of charge by the magazine c't and CAcert , for example . With these organizations, interested parties can, for example, personally identify themselves at computer fairs such as CeBIT and have their public keys confirmed.

The PGP Web of Trust has been extensively studied by scientists and visualized in detail. It was found that a large part of the users belong to a subset that is completely connected to one another by mutual confirmations, the so-called strong set of the Web of Trust. Studies have also shown that the c't crypto campaign has made a significant contribution to strengthening the connections between the participants.

Another important contribution to the Web of Trust is made by the Debian project, which requires digital signatures for the acceptance of contributions.

gpg-agent

This article or section needs to be revised. Details should be given on the talk page. Please help to improve it , and then remove this flag.

Like the ssh-agent (with OpenSSH ), the gpg-agent, which has been an integral part since GnuPG 2.0.x, is used, among other things, to keep the passphrase in the main memory for a configurable period of time so that it is not necessary to re-enter it; gpg-agent not only saves the passphrase, but also takes over the query from the user (via a configurable utility). In contrast to OpenSSH, however, the gpg-agent is a mandatory component from version 2 of GnuPG; In the future version 2.1, all operations involving private keys will even be outsourced to gpg-agent, which makes it possible to save the keys on another computer and only use them indirectly. The second important task of gpg-agent in GnuPG 2.0.x is access to smart cards.

Contact with an instance of gpg-agent that does not use the standard socket (several can run at the same time, but this is usually not useful) is made possible via an environment variable. An example: The Thunderbirdgpg-agent --daemon thunderbird mail client is started with the command , with the environment variable . This contains a character string such as (path of the socket, PID of gpg-agent (is ignored) and version number of the protocol). This allows the mail program to contact the respective gpg-agent and let him handle the private keys (and their passphrase). GPG_AGENT_INFO/tmp/gpg-xY9Q7R/S.gpg-agent:2244:1

In most Unix-like desktop environments, the gpg-agent is activated at the start. Because the start script of the desktop environment exports this environment variable, all programs have access to it. If gpg-agent is not running (or cannot be found), gpg, gpgsm and gpgconf will start it automatically. A running gpg-agent can be accessed in the console using the gpg-connect-agent program . You can then communicate with the server using the text-based Aswan protocol. You can therefore use gpg-agent independently of OpenPGP and OpenSSH to manage passphrases for your own programs. The configuration file gpg-agent.conf may be used to a. defines the period of time for which a passphrase is cached.

You cannot directly query which entries gpg-agent is currently saving, but you can test whether a specific entry is available (and have it displayed). GnuPG stores the passphrase of a key under its fingerprint (possibly that of the subkey concerned): 

   > gpg-connect-agent "GET_PASSPHRASE --data --no-ask 4F7E9F723D197D667842AE115F048E6F0E4B4494 t1 t2 t3" /bye
   D fubar
   OK

A passphrase can also be set so that it does not have to be queried by the user (e.g. for automated processes). There is even a dedicated application for this: gpg-preset-passphrase.

With gpg-connect-agent you can also easily test whether gpg-agent is running at all (or running in such a way that it can be used immediately): 

   # gpg-connect-agent /bye
   gpg-connect-agent: can't connect to the agent: IPC "connect" Aufruf fehlgeschlagen

Test of the email application

To check whether the application works correctly, you can use the Mailbot Adele (adele@gnupp.de) of the GNU Privacy Project . To do this, you send an e-mail to Adele with your own public key as an attachment and receive an e-mail encrypted with this key, which contains Adele's public key as a text block in the e-mail. Now you can import this key into the key management and use it to write an encrypted mail to Adele yourself. Adele's reply contains the content of the message that was just encrypted and that the message could be decrypted.

Support from German authorities

The porting of GnuPG to Windows was supported between 2001 and 2002 by the Federal Ministry of Economics and Labor (BMWA) and the Federal Ministry of the Interior (BMI) as part of the “Security on the Internet” campaign (see GNU Privacy Project ) to create freely available encryption software for to make available to everyone. The support has now expired. On the basis of this project, the Federal Office for Information Security initiated Gpg4win in 2006 . With Pretty Easy privacy , the use of PGP is to be automated and thus massively simplified.

User interfaces

In order to use GnuPG in different application contexts, numerous front ends have been created. The following front-end types can be distinguished here:

  • Front ends that make the functions of the command line-oriented program available via a graphical user interface, such as B. the Gnu Privacy Assistant (GPA), which is provided by the Free Software Foundation as a standard front end, Seahorse and KGpg for integration in the desktop environments Gnome or KDE , WinPT or Gpg4win for working under Windows , as well as GPGTools for Apple OS X .
  • Mail programs that GnuPG either directly (such as Evolution , KMail , Mutt or Claws Mail ) or via a plug-in ( Enigmail for Mozilla’s e-mail programs, EudoraGPG for Eudora , gpg4o and GPGol (part of Gpg4win) for Microsoft Outlook or GPGMail for Apple Mail ).
  • Chat programs such as Gabber , Miranda IM , licq , Kopete , Psi or Gajim , which in some cases also enable cross-platform encrypted chats via networks such as ICQ .
  • Server-based front ends such as GNU Anubis, freenigma or GPGrelay, which as SMTP relay servers or MTAs allow centralized and transparent e-mail encryption.
  • For the web browser Mozilla Firefox there was an add-on called FireGPG that recognizes and processes GPG blocks on every website, but has not been further developed since June 2010 or version 0.8. With WebPG there is a similar add-on for Mozilla Firefox and Google Chrome .
  • gpg4usb is a portable version that is installed on a USB stick. GnuPG can then be used for many platforms without installation via the stick.

There are also other interfaces for using GnuPG from various scripting languages ​​such as Perl , PHP or Python .

Problem cases

Due to a bug in the optimization of the digital signature process in GPG, a security vulnerability arose in 2003. This only concerned the procedure for digitally signing messages in GPG versions 1.02 to 1.2.3. Allegedly fewer than 1000 such keys are said to have been listed on the key servers. This technique has been discouraged and few users have used it. Damage was not reported publicly. This procedure is no longer offered from version 1.2.4.

Two further security flaws were discovered in early 2006 - with the first, GPG scripts could have resulted in errors of the 2nd type (false negative) when checking signatures , with the second, non-MIME messages were susceptible to the ingestion of data that were considered by appeared covered with the digital signature, but actually were not. Both vulnerabilities were fixed by new GPG versions at the time of their announcement.

SSH support

In version 2 of GPG, the management of private keys was outsourced to a daemon process ( gpg-agent ). There is a similar structure ( ssh-agent ) with OpenSSH , but optional there. As the RSA signature algorithm is used by both OpenPGP and SSH, the respective keys can in principle be exchanged. Therefore, gpg-agent can be used to establish an SSH connection using an OpenPGP key (which must have the normally unused authentication capability). This fact opens up two useful possibilities:

  1. An already verified OpenPGP key can also be used for SSH. The (possibly difficult) verification of a second key can be omitted.
  2. Since GPG supports smart cards , SSH access can be linked to the use of a smart card (which is also possible without GPG via PKCS # 11 support in OpenSSH ).

Web links

Wikibooks: The GNU Privacy Guard  - Learning and Teaching Materials
Commons : GNU Privacy Guard  - collection of images, videos and audio files

Individual evidence

  1. ^ In: Free Software Directory .
  2. Werner Koch: The GNU Privacy Guard - Release Notes (via archive.org). January 20, 1999, archived from the original on February 2, 1999 ; accessed on June 24, 2015 .
  3. GnuPG 1.4.23 released (2018-06-11) important . (accessed June 20, 2018).
  4. www.openhub.net .
  5. Werner Koch: GnuPG 1.4.22 released (2017-07-19). July 19, 2017, accessed July 27, 2017 .
  6. ^ The People behind GnuPG. Retrieved on February 6, 2015 (English): “Werner Koch, Core components maintainer. Werner started GnuPG in 1997 and still puts most of his working time into the development and maintenance of GnuPG. "
  7. Werner Koch: GnuPG News for February 2015. In: GnuPG Blog. March 10, 2015, accessed June 24, 2015 .
  8. Introduction to the functionality of OpenPGP / GnuPG (section "What is a secure system?"). Retrieved October 6, 2012 .
  9. ^ Heise online : crypto campaign , Heise Security, accessed on December 11, 2012
  10. analysis of the strong set in the PGP web of trust , Henk P. Penning, January 2, 2013.
  11. Dissecting the Leaf of Trust , Jörgen Cederlöf on http://www.lysator.liu.se/
  12. Description of the Aswan Protocol on the GnuPG website
  13. Gpg4win - Secure email and file encryption on the BSI website, accessed on August 24, 2015
  14. gpg4o website. Retrieved July 26, 2013 .
  15. GPGrelay website. Retrieved August 4, 2013 .
  16. Add-on for the Firefox browser, it enables encryption with webmail providers . It had special built-in support for Gmail , which has since been discontinued.
  17. WebPG website. Retrieved April 8, 2015 .
  18. gpg4win at www.gpg4win.de
  19. gpg4usb ( Memento of the original from December 22nd, 2015 in the Internet Archive ) Info: The archive link was inserted automatically and has not yet been checked. Please check the original and archive link according to the instructions and then remove this notice. at wiki.ubuntuusers.de @1@ 2Template: Webachiv / IABot / wiki.ubuntuusers.de
  20. gpg4win at www.heise.de
  21. ^ Phong Q. Nguyen (2004): Can We Trust Cryptographic Software? Cryptographic Flaws in GNU Privacy Guard v1.2.3. EUROCRYPT 2004: 555-570
  22. GnuPG's ElGamal signing keys compromised Werner Koch, November 27, 2003.
  23. False positive signature verification in GnuPG Werner Koch, February 15, 2006.
  24. GnuPG does not detect injection of unsigned data , Werner Koch, March 9, 2006.
  25. GPG documentation (gpg-agent). Retrieved February 26, 2012 .