Tag: Security

A New GPG Key

May 30, 2018 » Geek

It’s been 12 years since I created my first GPG key and 11 since I’ve created the one I actually use. That is far too long, so I decided to create a new pair and deprecate the old. In 2013 I started this process, but I didn’t follow through and I’ve since lost access to those keys. I know where they are, but the machine died so I need to hook up it’s HDD and pull the keys out.

Regardless, it is time for new ones, and I did some reading to get a real plan for this. I would generate a new, strong key offline, with a subkey for each capability. The subkeys would go onto a smart card, in my case a Yubikey 4. The primary key material would go to offline backup to keep it safe.

Disclaimer

Nothing in this post is new or novel, but rather collected from many other posts. I’ve tried to link to any relevant posts below each section, and I encourage you to read these sources. Any mistakes I’ve made I would be glad if you send me an email (GPG encrypted of course ;) to point it out.

Yubikey Configuration

After I ordered my Yubikey, I had to configure it. The Yubikey docs expect a fair amount of knowledge before you start, but the steps are pretty simple when you understand it. Basically, it boils down to:

  1. Change the Admin PIN
  2. Change the PIN
  3. Set a Reset Code
  4. Fill in optional metadata

Plug in your card and proceed as follows:

$ gpg --card-edit

Reader ...........: Yubico Yubikey 4 OTP U2F CCID
Application ID ...: D2760001240102010006075857980000
Version ..........: 2.1
Manufacturer .....: Yubico
Serial number ....: 07------
Name of cardholder: [not set]
Language prefs ...: [not set]
Sex ..............: unspecified
URL of public key : [not set]
Login data .......: [not set
Signature PIN ....: not forced
Key attributes ...: rsa4096 rsa4096 rsa2048
Max. PIN lengths .: 127 127 127
PIN retry counter : 3 0 3
Signature counter : 0
Signature key ....: [none]
Encryption key....: [none]
Authentication key: [none]
General key info..: [none]

gpg/card> admin
Admin commands are allowed

gpg/card> passwd
gpg: OpenPGP card no. D2760001240102010006075857980000 detected

1 - change PIN
2 - unblock PIN
3 - change Admin PIN
4 - set the Reset Code
Q - quit

Your selection? 3
PIN changed.

1 - change PIN
2 - unblock PIN
3 - change Admin PIN
4 - set the Reset Code
Q - quit

Your selection? 1
PIN changed.

1 - change PIN
2 - unblock PIN
3 - change Admin PIN
4 - set the Reset Code
Q - quit

Your selection? 4
Reset Code set.

1 - change PIN
2 - unblock PIN
3 - change Admin PIN
4 - set the Reset Code
Q - quit

Your selection? Q


gpg/card> name
Cardholder's surname: Hobbs
Cardholder's given name: John

gpg/card> lang
Language preferences: en

gpg/card> url
URL to retrieve public key: http://static.velvetcache.org/John-Hobbs-Public-Key.asc

gpg/card> login
Login data (account name): [email protected]

gpg/card>

Reader ...........: Yubico Yubikey 4 OTP U2F CCID
Application ID ...: D2760001240102010006075857980000
Version ..........: 2.1
Manufacturer .....: Yubico
Serial number ....: 07------
Name of cardholder: John Hobbs
Language prefs ...: en
Sex ..............: unspecified
URL of public key : http://static.velvetcache.org/John-Hobbs-Public-Key.asc
Login data .......: [email protected]
Signature PIN ....: not forced
Key attributes ...: rsa4096 rsa4096 rsa2048
Max. PIN lengths .: 127 127 127
PIN retry counter : 3 3 3
Signature counter : 0
Signature key ....: [none]
Encryption key....: [none]
Authentication key: [none]
General key info..: [none]

gpg/card> quit
Links

Generating Keys

Next, I created my keys. Be sure you set up a clean environment for this, ideally a random directory in /tmp, better still on a ramfs of an offline, live CD machine. But that’s a bit drastic for my use case.

$ export GNUPGHOME="/tmp/$(pwgen 30 1)/gnupg"
$ echo $GNUPGHOME
/tmp/mah1zakioboo1Caipa3ORu5ielohga/gnupg
$ mkdir -p "$GNUPGHOME"
$ cd "$GNUPGHOME/.."
$ chmod 0700 gnupg
$ ls -l
total 0
drwx------  2 johnhobbs  wheel  64 May 30 14:23 gnupg

You’ll want a good base config file in there too.

$ cat < gnupg/gpg.conf
# Show long key IDs, not short: https://gwolf.org/node/4070
keyid-format 0xlong

# Display the calculated validity of user IDs during key listings
list-options show-uid-validity
verify-options show-uid-validity

# List keys with their fingerprints
with-fingerprint

# Default preferences used for creating new keys
default-preference-list SHA512 SHA384 SHA256 SHA224 AES256 AES192 AES CAST5 ZLIB BZIP2 ZIP Uncompressed

# Digest used to sign keys
cert-digest-algo SHA512

# Cipher to use for encrypting private keys
s2k-cipher-algo AES256

# Digest to use for mangling passphrases on private keys
s2k-digest-algo SHA512

# Refuse to run if GnuPG cannot get secure memory.
require-secmem
EOF

With the directory in place, I can create a primary key, option 4. 4096-bits is as strong as GPG allows right now, and I set it not to expire because I will be keeping offline and it should be ok to revoke manually if needed.

$ gpg --full-gen-key
gpg (GnuPG/MacGPG2) 2.2.3; Copyright (C) 2017 Free Software Foundation, Inc.
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.

gpg: keybox '/tmp/mah1zakioboo1Caipa3ORu5ielohga/gnupg/pubring.kbx' created
Please select what kind of key you want:
   (1) RSA and RSA (default)
   (2) DSA and Elgamal
   (3) DSA (sign only)
   (4) RSA (sign only)
Your selection? 4
RSA keys may be between 1024 and 4096 bits long.
What keysize do you want? (2048) 4096
Requested keysize is 4096 bits
Please specify how long the key should be valid.
         0 = key does not expire
        = key expires in n days
      w = key expires in n weeks
      m = key expires in n months
      y = key expires in n years
Key is valid for? (0) 0
Key does not expire at all
Is this correct? (y/N) y

GnuPG needs to construct a user ID to identify your key.

Real name: John Hobbs
Email address: [email protected]
Comment:
You selected this USER-ID:
    "John Hobbs "

Change (N)ame, (C)omment, (E)mail or (O)kay/(Q)uit? O
We need to generate a lot of random bytes. It is a good idea to perform
some other action (type on the keyboard, move the mouse, utilize the
disks) during the prime generation; this gives the random number
generator a better chance to gain enough entropy.
gpg: /tmp/mah1zakioboo1Caipa3ORu5ielohga/gnupg/trustdb.gpg: trustdb created
gpg: key 0xCF469E79A0A20E10 marked as ultimately trusted
gpg: directory '/tmp/mah1zakioboo1Caipa3ORu5ielohga/gnupg/openpgp-revocs.d' created
gpg: revocation certificate stored as '/tmp/mah1zakioboo1Caipa3ORu5ielohga/gnupg/openpgp-revocs.d/5A4B39AA4C644429718D6EAACF469E79A0A20E10.rev'
public and secret key created and signed.

Note that this key cannot be used for encryption.  You may want to use
the command "--edit-key" to generate a subkey for this purpose.
pub   rsa4096/0xCF469E79A0A20E10 2018-05-30 [SC]
      Key fingerprint = 5A4B 39AA 4C64 4429 718D  6EAA CF46 9E79 A0A2 0E10
uid                              John Hobbs 

$ gpg --list-secret-keys
gpg: checking the trustdb
gpg: marginals needed: 3  completes needed: 1  trust model: pgp
gpg: depth: 0  valid:   1  signed:   0  trust: 0-, 0q, 0n, 0m, 0f, 1u
/tmp/mah1zakioboo1Caipa3ORu5ielohga/gnupg/pubring.kbx
-----------------------------------------------------
sec   rsa4096/0xCF469E79A0A20E10 2018-05-30 [SC]
      Key fingerprint = 5A4B 39AA 4C64 4429 718D  6EAA CF46 9E79 A0A2 0E10
uid                   [ultimate] John Hobbs

Now it’s time to create subkeys. There are four capabilities that a PGP key can have.

C is for Certify

Your primary key will have the capability of Certification. Certify is essentially the ability to sign other keys. A key with Certify can be “parent” to subkeys, create new subkeys, and edit existing ones. You also need this capability to sign another users public key.

S is for Sign

A key with the Sign capability can sign files and messages, allowing others to verify their integrity.

E is for Encrypt

A key with the Encrypt capability is used for encrypting files. Simple.

A is for Authenticate

An Authentication key is generally used for SSH authentication.

Generating the subkeys is a bit tedious, but so it goes.

$ gpg --edit-key 0xCF469E79A0A20E10
gpg (GnuPG/MacGPG2) 2.2.3; Copyright (C) 2017 Free Software Foundation, Inc.
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.

Secret key is available.

sec  rsa4096/0xCF469E79A0A20E10
     created: 2018-05-30  expires: never       usage: SC
     trust: ultimate      validity: ultimate
[ultimate] (1). John Hobbs 

gpg> addkey
Please select what kind of key you want:
   (3) DSA (sign only)
   (4) RSA (sign only)
   (5) Elgamal (encrypt only)
   (6) RSA (encrypt only)
Your selection? 4
RSA keys may be between 1024 and 4096 bits long.
What keysize do you want? (2048) 4096
Requested keysize is 4096 bits
Please specify how long the key should be valid.
         0 = key does not expire
        = key expires in n days
      w = key expires in n weeks
      m = key expires in n months
      y = key expires in n years
Key is valid for? (0) 4y
Key expires at Sun May 29 14:16:18 2022 CDT
Is this correct? (y/N) y
Really create? (y/N) y
We need to generate a lot of random bytes. It is a good idea to perform
some other action (type on the keyboard, move the mouse, utilize the
disks) during the prime generation; this gives the random number
generator a better chance to gain enough entropy.

sec  rsa4096/0xCF469E79A0A20E10
     created: 2018-05-30  expires: never       usage: SC
     trust: ultimate      validity: ultimate
ssb  rsa4096/0xA93E031FD5AB0841
     created: 2018-05-30  expires: 2022-05-29  usage: S
[ultimate] (1). John Hobbs 

gpg> addkey
Please select what kind of key you want:
   (3) DSA (sign only)
   (4) RSA (sign only)
   (5) Elgamal (encrypt only)
   (6) RSA (encrypt only)
Your selection? 6
RSA keys may be between 1024 and 4096 bits long.
What keysize do you want? (2048) 4096
Requested keysize is 4096 bits
Please specify how long the key should be valid.
         0 = key does not expire
        = key expires in n days
      w = key expires in n weeks
      m = key expires in n months
      y = key expires in n years
Key is valid for? (0) 4y
Key expires at Sun May 29 14:16:48 2022 CDT
Is this correct? (y/N) y
Really create? (y/N) y
We need to generate a lot of random bytes. It is a good idea to perform
some other action (type on the keyboard, move the mouse, utilize the
disks) during the prime generation; this gives the random number
generator a better chance to gain enough entropy.

sec  rsa4096/0xCF469E79A0A20E10
     created: 2018-05-30  expires: never       usage: SC
     trust: ultimate      validity: ultimate
ssb  rsa4096/0xA93E031FD5AB0841
     created: 2018-05-30  expires: 2022-05-29  usage: S
ssb  rsa4096/0xC8A284D483920085
     created: 2018-05-30  expires: 2022-05-29  usage: E
[ultimate] (1). John Hobbs 

gpg> save

The authentication key requires E X P E R T M O D E. Git gud.

$ gpg --expert --edit-key 0xCF469E79A0A20E10
gpg (GnuPG/MacGPG2) 2.2.3; Copyright (C) 2017 Free Software Foundation, Inc.
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.

Secret key is available.

sec  rsa4096/0xCF469E79A0A20E10
     created: 2018-05-30  expires: never       usage: SC
     trust: ultimate      validity: ultimate
ssb  rsa4096/0xA93E031FD5AB0841
     created: 2018-05-30  expires: 2022-05-29  usage: S
ssb  rsa4096/0xC8A284D483920085
     created: 2018-05-30  expires: 2022-05-29  usage: E
[ultimate] (1). John Hobbs 

gpg> addkey
Please select what kind of key you want:
   (3) DSA (sign only)
   (4) RSA (sign only)
   (5) Elgamal (encrypt only)
   (6) RSA (encrypt only)
   (7) DSA (set your own capabilities)
   (8) RSA (set your own capabilities)
  (10) ECC (sign only)
  (11) ECC (set your own capabilities)
  (12) ECC (encrypt only)
  (13) Existing key
Your selection? 8

Possible actions for a RSA key: Sign Encrypt Authenticate
Current allowed actions: Sign Encrypt

   (S) Toggle the sign capability
   (E) Toggle the encrypt capability
   (A) Toggle the authenticate capability
   (Q) Finished

Your selection? S

Possible actions for a RSA key: Sign Encrypt Authenticate
Current allowed actions: Encrypt

   (S) Toggle the sign capability
   (E) Toggle the encrypt capability
   (A) Toggle the authenticate capability
   (Q) Finished

Your selection? A

Possible actions for a RSA key: Sign Encrypt Authenticate
Current allowed actions: Encrypt Authenticate

   (S) Toggle the sign capability
   (E) Toggle the encrypt capability
   (A) Toggle the authenticate capability
   (Q) Finished

Your selection? E

Possible actions for a RSA key: Sign Encrypt Authenticate
Current allowed actions: Authenticate

   (S) Toggle the sign capability
   (E) Toggle the encrypt capability
   (A) Toggle the authenticate capability
   (Q) Finished

Your selection? Q
RSA keys may be between 1024 and 4096 bits long.
What keysize do you want? (2048) 4096
Requested keysize is 4096 bits
Please specify how long the key should be valid.
         0 = key does not expire
        = key expires in n days
      w = key expires in n weeks
      m = key expires in n months
      y = key expires in n years
Key is valid for? (0) 4y
Key expires at Sun May 29 14:20:03 2022 CDT
Is this correct? (y/N) y
Really create? (y/N) y
We need to generate a lot of random bytes. It is a good idea to perform
some other action (type on the keyboard, move the mouse, utilize the
disks) during the prime generation; this gives the random number
generator a better chance to gain enough entropy.

sec  rsa4096/0xCF469E79A0A20E10
     created: 2018-05-30  expires: never       usage: SC
     trust: ultimate      validity: ultimate
ssb  rsa4096/0xA93E031FD5AB0841
     created: 2018-05-30  expires: 2022-05-29  usage: S
ssb  rsa4096/0xC8A284D483920085
     created: 2018-05-30  expires: 2022-05-29  usage: E
ssb  rsa4096/0xED7858737F087831
     created: 2018-05-30  expires: 2022-05-29  usage: A
[ultimate] (1). John Hobbs 

gpg> save

That’s it! We’re in business.

Links
  1. https://spin.atomicobject.com/2013/11/24/secure-gpg-keys-guide/
  2. https://www.linode.com/docs/security/authentication/gpg-key-for-ssh-authentication/
  3. https://gist.github.com/abeluck/3383449
  4. https://alexcabal.com/creating-the-perfect-gpg-keypair/
  5. https://gist.github.com/graffen/37eaa2332ee7e584bfda

Backups

Before we do anything else, we need to back that thang up.

I’m choosing two methods: backup to a USB key that will live in a fire safe (who has a safety deposit box these days?), and a printed backup in case the USB key fails. Ideally these two articles would not be co-located.

First we export the keys and move them to the USB stick. The export-secret-subkeys output is less important than the export-secret-key output as it doesn’t contain a viable certification key, but would be useful as a “middle tier” of backup that wouldn’t expose your primary key to risk.

$ # Dump the public key, for giggles.
$ gpg --armor --export 0xCF469E79A0A20E10 > 0xCF469E79A0A20E10.public.asc
$ # This is the all the secret keys together.
$ gpg --armor --export-secret-key 0xCF469E79A0A20E10 > 0xCF469E79A0A20E10.master.asc
$ # This is just the subkeys.
$ gpg --armor --export-secret-subkeys 0xCF469E79A0A20E10 > 0xCF469E79A0A20E10.subkeys.asc
$ ls -l
total 64
-rw-r--r--   1 johnhobbs  wheel  14134 May 30 14:50 0xCF469E79A0A20E10.master.asc
-rw-r--r--   1 johnhobbs  wheel  14134 May 30 14:50 0xCF469E79A0A20E10.public.asc
-rw-r--r--   1 johnhobbs  wheel  12338 May 30 14:50 0xCF469E79A0A20E10.subkeys.asc
drwx------  13 johnhobbs  wheel    416 May 30 14:20 gnupg

Now, we could take these ascii armored keys and just print them, but that’s a lot of bytes to pray for OCR to recognize. Instead, we can use a piece of software called Paperkey which strips out everything but the most secret parts of the key and gives you something much shorter to type in.

 
$ gpg --export-secret-key | paperkey --output 0xCF469E79A0A20E10.master.paper
$ cat 0xCF469E79A0A20E10.master.paper
# Secret portions of key 5A4B39AA4C644429718D6EAACF469E79A0A20E10
# Base16 data extracted Wed May 30 14:53:56 2018
# Created with paperkey 1.5 by David Shaw
#
# File format:
# a) 1 octet:  Version of the paperkey format (currently 0).
# b) 1 octet:  OpenPGP key or subkey version (currently 4)
# c) n octets: Key fingerprint (20 octets for a version 4 key or subkey)
# d) 2 octets: 16-bit big endian length of the following secret data
# e) n octets: Secret data: a partial OpenPGP secret key or subkey packet as
#              specified in RFC 4880, starting with the string-to-key usage
#              octet and continuing until the end of the packet.
# Repeat fields b through e as needed to cover all subkeys.
#
# To recover a secret key without using the paperkey program, use the
# key fingerprint to match an existing public key packet with the
# corresponding secret data from the paper key.  Next, append this secret
# data to the public key packet.  Finally, switch the public key packet tag
# from 6 to 5 (14 to 7 for subkeys).  This will recreate the original secret
# key or secret subkey packet.  Repeat as needed for all public key or subkey
# packets in the public key.  All other packets (user IDs, signatures, etc.)
# may simply be copied from the public key.
#
# Each base16 line ends with a CRC-24 of that line.
# The entire block of data ends with a CRC-24 of the entire block of data.

  1: 00 04 5A 4E 39 AA 4C 64 44 29 71 8D 6E AA CF 46 9E 79 A0 A2 0E 10 745BFD
  ...
  248: 36 96 66 39 EE 0B36C4
  249: D3A56B

Still not fun to type it all in, but it’s better and this is a last ditch sort of thing anyway.

Recovery

Backups you don’t test aren’t backups, they are hopes and dreams. So let’s try recovering from our paperkey output!

$ mkdir recovery/
$ # Paperkey wants the public component to be raw.
$ gpg --dearmor 0xCF469E79A0A20E10.public.asc
$ # You can't specify output filename on dearmor so let's move it.
$ mv 0xCF469E79A0A20E10.public.asc.gpg recovery/
$ # Combine the public with the secret to get a GPG compatible keyring.
$ paperkey --pubring recovery/0xCF469E79A0A20E10.public.asc.gpg --secrets 0xCF469E79A0A20E10.master.paper --output recovery/0xCF469E79A0A20E10.master.gpg
$ # Check it out, without importing it.
$ gpg --import --import-options show-only recovery/0xCF469E79A0A20E10.master.gpg
sec   rsa4096/0xCF469E79A0A20E10 2018-05-30 [SC]
      Key fingerprint = 5A4B 39AA 4C64 4429 718D  6EAA CF46 9E79 A0A2 0E10
uid                              John Hobbs 
ssb   rsa4096/0xA93E031FD5AB0841 2018-05-30 [S] [expires: 2022-05-29]
ssb   rsa4096/0xC8A284D483920085 2018-05-30 [E] [expires: 2022-05-29]
ssb   rsa4096/0xED7858737F087831 2018-05-30 [A] [expires: 2022-05-29]

gpg: Total number processed: 1
gpg:       secret keys read: 1

Links
  1. http://www.jabberwocky.com/software/paperkey/

The certificate revoke you, secret key!

While not required, we can generate a revocation certificate while we still have the primary key on this machine.

$ gpg --output 0xCF469E79A0A20E10.revocation-certificate.asc --gen-revoke 0xCF469E79A0A20E10

sec  rsa4096/0xCF469E79A0A20E10 2018-05-30 John Hobbs 

Create a revocation certificate for this key? (y/N) y
Please select the reason for the revocation:
  0 = No reason specified
  1 = Key has been compromised
  2 = Key is superseded
  3 = Key is no longer used
  Q = Cancel
(Probably you want to select 1 here)
Your decision? 0
Enter an optional description; end it with an empty line:
>
Reason for revocation: No reason specified
(No description given)
Is this okay? (y/N) y
ASCII armored output forced.
Revocation certificate created.

Please move it to a medium which you can hide away; if Mallory gets
access to this certificate he can use it to make your key unusable.
It is smart to print this certificate and store it away, just in case
your media become unreadable.  But have some caution:  The print system of
your machine might store the data and make it available to others!

Throw that onto your backup drive too while you’re at it.

Links
  1. https://www.hackdiary.com/2004/01/18/revoking-a-gpg-key/

Sign!

Ok. Everything is generated, we have a good backup, we are ready to transition. To indicate that this key is your new key, you can sign it with your old one, then send it up to the keyservers in the sky (if you’re into that)

$ # --local-user lets us specify which key we want to sign with.
$ gpg --local-user 0x2580c0be34eb9490 --sign-key 0xCF469E79A0A20E10
$ gpg --list-sigs 0xCF469E79A0A20E10
pub   rsa4096/0xCF469E79A0A20E10 2018-05-30 [SC]
      Key fingerprint = 5A4B 39AA 4C64 4429 718D  6EAA CF46 9E79 A0A2 0E10
uid                   [ unknown] John Hobbs 
sig 3        0xCF469E79A0A20E10 2018-05-30  John Hobbs 
sig 3        0x2580C0BE34EB9490 2018-05-30  John Hobbs 
sub   rsa4096/0xC8A284D483920085 2018-05-30 [E] [expires: 2022-05-29]
sig          0xCF469E79A0A20E10 2018-05-30  John Hobbs 
sub   rsa2048/0xED7858737F087831 2018-05-30 [A] [expires: 2022-05-29]
sig          0xCF469E79A0A20E10 2018-05-30  John Hobbs 
sub   rsa4096/0xA93E031FD5AB0841 2018-05-30 [S] [expires: 2022-05-29]
sig          0xCF469E79A0A20E10 2018-05-30  John Hobbs 
$ # Send it all off to the keyservers!
$ gpg --send-keys 0xCF469E79A0A20E10
gpg: sending key 0xCF469E79A0A20E10 to hkps://hkps.pool.sks-keyservers.net

Links
  1. https://www.apache.org/dev/key-transition.html

To The Smart Card Robin!

I'm Batman

Moving the keys onto a smart card helps protect them. They won’t exist on your filesystem anymore, only on the card. That means they can’t be read out and stolen by a malicious process, but you can still use them by providing your smart card pin and key password.

Keep in mind, this is a one way trip. Make sure your backups are really, truly in place. We want to move our Signing, Encryption and Authentication keys onto the card. The Certification key we will only store offline, as mentioned before.

$ gpg --list-secret-keys
/tmp/mah1zakioboo1Caipa3ORu5ielohga/gnupg/pubring.kbx
-----------------------------------------------------
sec   rsa4096/0xCF469E79A0A20E10 2018-05-30 [SC]
      Key fingerprint = 5A4B 39AA 4C64 4429 718D  6EAA CF46 9E79 A0A2 0E10
uid                   [ultimate] John Hobbs 
ssb   rsa4096/0xA93E031FD5AB0841 2018-05-30 [S] [expires: 2022-05-29]
ssb   rsa4096/0xC8A284D483920085 2018-05-30 [E] [expires: 2022-05-29]
ssb   rsa4096/0xED7858737F087831 2018-05-30 [A] [expires: 2022-05-29]
$ gpg --edit-key 0xCF469E79A0A20E10
gpg (GnuPG/MacGPG2) 2.2.3; Copyright (C) 2017 Free Software Foundation, Inc.
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.

Secret key is available.

sec  rsa4096/0xCF469E79A0A20E10
     created: 2018-05-30  expires: never       usage: SC
     trust: ultimate      validity: ultimate
ssb  rsa4096/0xA93E031FD5AB0841
     created: 2018-05-30  expires: 2022-05-29  usage: S
ssb  rsa4096/0xC8A284D483920085
     created: 2018-05-30  expires: 2022-05-29  usage: E
ssb  rsa4096/0xED7858737F087831
     created: 2018-05-30  expires: 2022-05-29  usage: A
[ultimate] (1). John Hobbs 

gpg> key 1

sec  rsa4096/0xCF469E79A0A20E10
     created: 2018-05-30  expires: never       usage: SC
     trust: ultimate      validity: ultimate
ssb* rsa4096/0xA93E031FD5AB0841
     created: 2018-05-30  expires: 2022-05-29  usage: S
ssb  rsa4096/0xC8A284D483920085
     created: 2018-05-30  expires: 2022-05-29  usage: E
ssb  rsa4096/0xED7858737F087831
     created: 2018-05-30  expires: 2022-05-29  usage: A
[ultimate] (1). John Hobbs 

gpg> keytocard
Please select where to store the key:
   (1) Signature key
   (3) Authentication key
Your selection? 1

sec  rsa4096/0xCF469E79A0A20E10
     created: 2018-05-30  expires: never       usage: SC
     trust: ultimate      validity: ultimate
ssb* rsa4096/0xA93E031FD5AB0841
     created: 2018-05-30  expires: 2022-05-29  usage: S
ssb  rsa4096/0xC8A284D483920085
     created: 2018-05-30  expires: 2022-05-29  usage: E
ssb  rsa4096/0xED7858737F087831
     created: 2018-05-30  expires: 2022-05-29  usage: A
[ultimate] (1). John Hobbs 

gpg> key 2

sec  rsa4096/0xCF469E79A0A20E10
     created: 2018-05-30  expires: never       usage: SC
     trust: ultimate      validity: ultimate
ssb* rsa4096/0xA93E031FD5AB0841
     created: 2018-05-30  expires: 2022-05-29  usage: S
ssb* rsa4096/0xC8A284D483920085
     created: 2018-05-30  expires: 2022-05-29  usage: E
ssb  rsa4096/0xED7858737F087831
     created: 2018-05-30  expires: 2022-05-29  usage: A
[ultimate] (1). John Hobbs 

gpg> key 1

sec  rsa4096/0xCF469E79A0A20E10
     created: 2018-05-30  expires: never       usage: SC
     trust: ultimate      validity: ultimate
ssb  rsa4096/0xA93E031FD5AB0841
     created: 2018-05-30  expires: 2022-05-29  usage: S
ssb* rsa4096/0xC8A284D483920085
     created: 2018-05-30  expires: 2022-05-29  usage: E
ssb  rsa4096/0xED7858737F087831
     created: 2018-05-30  expires: 2022-05-29  usage: A
[ultimate] (1). John Hobbs 

gpg> keytocard
Please select where to store the key:
   (2) Encryption key
Your selection? 2

sec  rsa4096/0xCF469E79A0A20E10
     created: 2018-05-30  expires: never       usage: SC
     trust: ultimate      validity: ultimate
ssb  rsa4096/0xA93E031FD5AB0841
     created: 2018-05-30  expires: 2022-05-29  usage: S
ssb* rsa4096/0xC8A284D483920085
     created: 2018-05-30  expires: 2022-05-29  usage: E
ssb  rsa4096/0xED7858737F087831
     created: 2018-05-30  expires: 2022-05-29  usage: A
[ultimate] (1). John Hobbs 

gpg> key 3

sec  rsa4096/0xCF469E79A0A20E10
     created: 2018-05-30  expires: never       usage: SC
     trust: ultimate      validity: ultimate
ssb  rsa4096/0xA93E031FD5AB0841
     created: 2018-05-30  expires: 2022-05-29  usage: S
ssb* rsa4096/0xC8A284D483920085
     created: 2018-05-30  expires: 2022-05-29  usage: E
ssb* rsa4096/0xED7858737F087831
     created: 2018-05-30  expires: 2022-05-29  usage: A
[ultimate] (1). John Hobbs 

gpg> key 2

sec  rsa4096/0xCF469E79A0A20E10
     created: 2018-05-30  expires: never       usage: SC
     trust: ultimate      validity: ultimate
ssb   rsa4096/0xA93E031FD5AB0841
     created: 2018-05-30  expires: 2022-05-29  usage: S
ssb  rsa4096/0xC8A284D483920085
     created: 2018-05-30  expires: 2022-05-29  usage: E
ssb* rsa4096/0xED7858737F087831
     created: 2018-05-30  expires: 2022-05-29  usage: A
[ultimate] (1). John Hobbs 

gpg> keytocard
Please select where to store the key:
   (3) Authentication key
Your selection? 3

sec  rsa4096/0xCF469E79A0A20E10
     created: 2018-05-30  expires: never       usage: SC
     trust: ultimate      validity: ultimate
ssb   rsa4096/0xA93E031FD5AB0841
     created: 2018-05-30  expires: 2022-05-29  usage: S
ssb  rsa4096/0xC8A284D483920085
     created: 2018-05-30  expires: 2022-05-29  usage: E
ssb* rsa4096/0xED7858737F087831
     created: 2018-05-30  expires: 2022-05-29  usage: A
[ultimate] (1). John Hobbs 

gpg> save

HOYB

Hold onto your butts.

This is it. The big moment. Take out that smart card, secure your backups, and let’s delete our primary key material.

$ gpg --delete-secret-key 0xCF469E79A0A20E10
gpg (GnuPG/MacGPG2) 2.2.3; Copyright (C) 2017 Free Software Foundation, Inc.
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.


sec  rsa4096/0xCF469E79A0A20E10 2018-05-30 John Hobbs 

Delete this key from the keyring? (y/N) y
This is a secret key! - really delete? (y/N) y
$ gpg --list-secret-keys

Now you can have gpg create key stubs for all the keys on your smart card.

$ gpg --card-status
Reader ...........: Yubico Yubikey 4 OTP U2F CCID
Application ID ...: D2760001240102010006075857980000
Version ..........: 2.1
Manufacturer .....: Yubico
Serial number ....: 07------
Name of cardholder: John Hobbs
Language prefs ...: en
...
General key info..: sub  rsa4096/0xCF469E79A0A20E10 2018-05-30 John Hobbs 
sec#  rsa4096/0xCF469E79A0A20E10  created: 2018-05-30  expires: never
ssb>  rsa4096/0xA93E031FD5AB0841  created: 2018-05-30  expires: 2022-05-29
                                  card-no: 0006 07------
ssb>  rsa2048/0xC8A284D483920085  created: 2018-05-30  expires: 2022-05-29
                                  card-no: 0006 07------
ssb>  rsa4096/0xED7858737F087831  created: 2018-05-30  expires: 2022-05-29
                                  card-no: 0006 07------

Now when we list keys, we see that our primary key has a # next to it, showing we don’t have access to that secret key. The subkeys have a > next to them showing they are stubs for the keys on the smart card. Success!

$ gpg --list-secret-keys
/tmp/mah1zakioboo1Caipa3ORu5ielohga/gnupg/pubring.kbx
-----------------------------------------------------
sec#   rsa4096/0xCF469E79A0A20E10 2018-05-30 [SC]
      Key fingerprint = 5A4B 39AA 4C64 4429 718D  6EAA CF46 9E79 A0A2 0E10
uid                   [ultimate] John Hobbs 
ssb>  rsa4096/0xA93E031FD5AB0841 2018-05-30 [S] [expires: 2022-05-29]
ssb>  rsa4096/0xC8A284D483920085 2018-05-30 [E] [expires: 2022-05-29]
ssb>  rsa4096/0xED7858737F087831 2018-05-30 [A] [expires: 2022-05-29]

Fin!

That’s it. There is, of course, more to do, like setting up git signing, SSH access, etc. But the new keypair is created, and it’s on the Yubikey, so that’s all for now.

Update: Git Signing

Turns out git signing is a cinch. Just throw a couple items into your git config and it’s automatic and transparent.

[user]
	signingKey = 0xF79C72E6EDC70E38
[commit]
	gpgSign = true
[log]
	showSignature = true
[merge]
	verifySignatures = true

user.signingKey

Tells git which key to use for signing, unset it just uses the default key.

commit.gpgSign

Makes it sign all commits by default, instead of passing -S to every git commit.

log.showSignature

By default, git won’t show you if a commit is GPG signed. You can see it with gpg log --show-signature, or you can set it as default with this config option.

It makes signed commits much chunkier, so be aware of the reduced screen real estate.

commit 6f02c4df4fac400841bf3970c1022c7358298333 (HEAD -> gpg-demo)
gpg: Signature made Wed Jun  6 11:52:40 2018 CDT
gpg:                using RSA key 44DC4F5A950F24A65D3F305801FC8AE9E5070C1D
gpg: Good signature from "John Hobbs " [ultimate]
Primary key fingerprint: 5616 12FF A10D 9D7A 7FFB  75F4 F79C 72E6 EDC7 0E38
     Subkey fingerprint: 44DC 4F5A 950F 24A6 5D3F  3058 01FC 8AE9 E507 0C1D
Author: John Hobbs 
Date:   Wed Jun 6 11:49:33 2018 -0500

merge.verifySignatures

This is the only one I am not setting by default. If you have it enabled, all merges that include unsigned commits will be rejected. This really only works if everyone in your organization is signing all their commits.

Links
  1. https://git-scm.com/book/en/v2/Git-Tools-Signing-Your-Work
  2. https://git-scm.com/docs/git-config

Update: One-Touch Actions

By default, with the smart card in, GPG will happily sign and decrypt things after you enter your PIN the first time, with no further interaction from you. The Yubikey offers a mode where these actions require a touch on the key to complete, which I like because it makes the action more explicit without requiring me to remove the key between operations.

To enable this, you need a special script, `yubitouch.sh`. To make it work with my GPG Tools install, I had to hard code the path to `gpg-connect-agent` (`/usr/local/MacGPG2/bin/gpg-connect-agent`) and my admin PIN, since pinentry wasn’t working and I didn’t want it in my bash history.

$ ./yubitouch.sh sig on
All done!
$ ./yubitouch.sh aut on
All done!
$ ./yubitouch.sh dec on
All done!

Now, when GPG needs to sign something, my Yubikey flashes at me until I touch it and give my permission. Neat.

Links
  1. https://developers.yubico.com/PGP/Card_edit.html
  2. https://github.com/a-dma/yubitouch
Tags: , ,

Password Generator Alfred Workflow

October 9, 2014 » Geek, Life

I love pwgen for passwords. They are simple and strong, pharmacy but it can be a pain to kick over to the terminal whenever I need one.

So, mind I made a super simple Alfred Workflow for this.

Basically, you type in “pw”, “pwgen” or “password” and it will generate and copy a 40 character password into your clipboard/open app.

You can use the “secure” option to generate stronger, less memorable passwords, and you can pass a length option as well.

Download it here: pwgen.alfredworkflow

Tags: , , ,

Hashes Are Not *$&%@! Magic

September 27, 2012 » Geek

I’m going to get on a programming soapbox real quick and cover a topic that seems to confuse some people.

Hashes Are Not *$&%@! Magic

Some people seem to think that swapping out a secret with a hashed version of that secret makes it all safe and cozy, but that’s simply not true.

Yes, cryptographic hashes are a very important part of digital security, for a number of good reasons, but they have to be applied in a manner which takes the whole system into account.

The impetus for this work was a login integration I recently updated, because some other developer foolishly applied hashes.

Essentially, we were cross-posting a login form on one website to another. Nothing fancy. Ignore the lack of CSRF control.

The New Form

But the new form would need a change. Instead of sending the username and password, we would send the username, and an MD5 hash of the concatenation of username and password.

Now, I’m sure when this idea was implemented, it was sold as a way to authenticate the user, without exposing their password in plaintext (note that they don’t use SSL). Brilliant!

Yes, it does obscure the plaintext password, but it is not any more secure.

You see, they didn’t think about the system as a whole, they were just focused on obscuring the password.

All that happened here is a substitution of shared secrets.

Previously the server compared the username and password it has on file to what was sent in. Now it compares the username and the hashed password to what it has on file. Do you see what we did? We’ve simply swapped the secret of the plaintext password for the secret of the hashed password. I can still intercept your form submission over the wire and steal your credentials.

I don’t have to prove I know the password, I have to prove I know the secret.

Zero gain, and you’ve added complexity.

MD5, lol

As a bonus, they picked MD5, probably because it’s been implemented many times, there is a JavaScript version readily available, and it tends to be one of the first hashes people learn about, due to it’s age.

But MD5 is weak. And we have the salt, if you can call it that, in the username. An old 2Ghz P4 can try about 20 Million hashes a second, and throwing a modern GPU at it you can test several billion hashes a second. If we want the plaintext password, we can get it unless it is reasonably large (7+ characters) and fairly complex (at least one non-alphanumeric character).

(╯°□°)╯︵ ┻━┻

For an extra thought, consider how they must be storing these passwords. Either there scheme has always been MD5(CONCAT(username,password)) or they are storing them in plaintext and are (hopefully) migrating to hashed.

Tags: , ,

Linux Encrypted Laptop

January 25, 2008 » Geek

This post will (try to) explain how to set up a working system of hard drive encryption on a Debian system, in this case sidux. I’m going to outline the specific course of action I took to set up my own laptop, but will try to provide generic enough instructions alongside that to help the reader adapt it for themselves. Please excuse the wild tense changing and poor overall writing style, I’m not that good at this stuff.

This post is not aimed at the novice Linux user. I’m not going to hold your hand, so be comfortable with the command line and competent enough to get your system back if you screw up along the way. Also, do not skip the backup step! Finally, this is (obviously) not a wholly original and independent work, I owe a great deal to the sources I’ve listed at the bottom. Enjoy!

The Context
I run Linux on my laptop and I want to encrypt the important parts of my hard drive because there is a lot of my personal life on there. Most specifically I’m interested in my passwords, many of which I store in firefox Iceweasel for convenience, and my financial data which is in the form of KMyMoney files and pdf receipts.

Here’s the layout of my disk, and yes I know I have outrageous sizes on some of these partitions, I just like to have breathing room. Please see [1] for a good guide to partitioning.

/dev/sda1 ntfs /windows 40.00 GB
/dev/sda2 ext3 / 15.00 GB
/dev/sda3 EXTENDED
    /dev/sda6 swap 509.81 MB
    /dev/sda7 ext3 /tmp 1.00 GB
    /dev/sda8 ext3 /var 5.00 GB
    /dev/sda9 ext3 /home 39.51GB
    /dev/sda5 fat32 /winshare 9.98 GB
/dev/sda4 ext3 /data 121.88 GB

What we need to encrypt on there are: /home, /tmp, /data and /swap. I’ll be treating the /windows and the /winshare as dirty and never let anything important touch those partitions, I rarely boot into XP for anything but school work anyway.

The Tools
You’ll need a very few pieces of software, and possibly a piece of hardware. For the software side you just need “cryptsetup” and possibly a partitioning tool if you want to change your layout. You’ll also be needing some spare hard drive space to hold your existing data if you have any. I used an 80 GB external drive I had on hand.

Backup
I’m using an existing system as my base, so I have to copy off my /home and /data partitions. Once we are backed up, it’s important to write down somewhere the /dev names of the file system. I made a little table, like the one above, by using gparted.

Unmounting
Now I’m going to go down to run level 3. This is just to minimize noise on the system. We need to unmount /home, /data and /tmp. When unmounting file systems, you might get something like the following error:

[email protected]:/home/jmhobbs# umount /tmp
umount: /tmp: device is busy
umount: /tmp: device is busy
[email protected]:/home/jmhobbs#

This just tells us there is an open file descriptor on /tmp, we can see who has it with:

[email protected]:/home/jmhobbs# lsof | grep /tmp
COMMAND    PID    USER   FD   TYPE     DEVICE SIZE   NODE NAME
atievents 3037    root    4r   DIR      254,2 4096  29249 /tmp/.X11-unix
kdeinit   5418 jmhobbs    8u  unix 0xf31fc000       11568 /tmp/ksocket-jmhobbs/kdeinit-
gconfd-2  6127 jmhobbs   11wW  REG      254,2  625 102371 /tmp/gconfd-jmhobbs/lock/0t1201112611ut204480u1000p6127r1358695165k3219666472 (deleted)
konqueror 6627 jmhobbs   12u   REG      254,2 1270  58498 /tmp/kde-jmhobbs/konqueror-crash-y2tzca.log
[email protected]:/home/jmhobbs#

Now in the above example it is obvious that I did not go down to run level 3, X11 and kde are still running. So just weed out the open files and then unmount them when there are none left.

Encrypting
This is where that /dev table you made earlier (you did make it right?) comes in handy. Be sure that you are backed up, because this is the point of no return. Setting up an encrypted partition is dead simple. As root you’ll want to run:

cryptsetup --verbose --verify-passphrase luksFormat /dev/sda9

Where /dev/sda9 is your /home partition. I encourage you to go read the man pages for cryptsetup [2]. I just went with the values on a post I found [3].

Now we need to open and format that, so we use cryptsetup to open it:

cryptsetup luksOpen /dev/sda9 chome

This is going to create a mapper device called “chome” in /dev/mapper/chome. You don’t need to call it chome, I just do it to keep track of whats what.

Now to format it we need to do:

mkfs.ext3 -j -m 1 -O dir_index,filetype,sparse_super /dev/mapper/chome

The file system really doesn’t matter, you can use ext2, reiserfs, whatever your heart desires. Once you’ve done that, you’ll want to close it again.

cryptsetup luksClose chome

We need to repeat that process for /data, but since it’s essentially the same procedure I’m not going to run through it here.

The /tmp partition is a different story. You’ve got an existing file system on there that we need to blow away. The first way that came into my head was to use dd to copy zeros over it, like so:

dd if=/dev/zero of=/dev/sda7

That’ll probably take a while and not report in. You can force it to give you a status by stopping it, sending it a USR1 signal then restarting it. Not really a big deal though, I just waited it out.

It also might be wise to increase the block size on that, and you might not have to do the whole thing either. Again, refer to the man pages [4] if it concerns you.

Set Up crypttab And fstab
We now need to update our fstab and the crypt equivalent, crypttab. This is going to vary for everyone, but there are a few key things to note. Let’s look at crypttab first. Here’s mine, and I’ll walk you through it.

#                 
chome   /dev/sda9                       none luks
cdata    /dev/                               none luks
cswap   /dev/sda6       /dev/random     swap
ctmp    /dev/sda7       /dev/random     tmp

So the major things here are the target, which is what the device will be called in /dev/mapper. I picked the easy to associate: chome,cdata, cswap, and ctmp. Next is the source device, which are the partitions we messed with earlier. The key file is set to /dev/random on cswap and ctmp because those are going to be one time file systems, and the key should just be random garbage.

Finally we get to options. chome and cdata have “none” in there. This is just saying “prompt us for the password”. You could put the password in there and it would happily take care of it for you, but that seems like a stupid thing to do to me. The “luks” just tells it to use the luks extensions. cswap and ctmp both use special options. The swap and tmp options basically say “reformat this then encrypt it”. They are reformatted on boot to linux-swap and ext2 file systems, respectively. For more information check out the, you guessed it, man page [5].

Now that we’ve got the crypttab set up we need to modify out fstab. Again, I’ll show you the relevant parts of mine, and walk you through. It’s pretty simple though.

# /etc/fstab - static information about the filesystems - fstab(5)
#                          

# automatically added, WDC_WD2500BEVS-0-WD-WXC607403544-part2, /dev/sda2
UUID=60a14eae-a8c7-4ecb-a222-79a0e97fd73e       /       ext3    defaults,noatime,errors=remount-ro      0       1

# automatically added, WDC_WD2500BEVS-0-WD-WXC607403544-part7, /dev/sda7
#UUID=0da43c8e-2a64-4f45-b967-91504b4aa167      /tmp    ext3    defaults,noatime        0       2
/dev/mapper/ctmp                                /tmp    ext2    defaults,noatime        0       0

# automatically added, WDC_WD2500BEVS-0-WD-WXC607403544-part9, /dev/sda9
#UUID=3ee7225e-f04a-4d96-b28d-e867ed38a73c      /home   ext3    defaults,noatime        0       2
/dev/mapper/chome                               /home   ext3    defaults,noatime        0       2

# automatically added, WDC_WD2500BEVS-0-WD-WXC607403544-part4, /dev/sda4, LABEL=\x2fdata
#UUID=e3e9105b-1820-4edc-a660-7d569bc61900       /data   ext3    auto,users,exec,noatime 0       2
/dev/mapper/cdata                               /data   ext3    defaults,noatime        0       2

# automatically added, WDC_WD2500BEVS-0-WD-WXC607403544-part6, /dev/sda6
#UUID=21ac314b-704b-4675-bf5e-769745b46f7a      none    swap    sw      0       0
/dev/mapper/cswap                               none    swap    sw      0       0

Okay, so, the basic idea is that we find the old /tmp, /home, /data and swap entries, and replace them with the mapped ones. One important item here is that you’ll want to set that last digit to a 0 on /tmp. This is what says “Hey, fsck me!” at boot time, and we don’t want to bother with a checking a brand new file system, right?

cryptdisks And cryptdisks-early
These two are the init scripts for starting up your disks. They should be in /etc/init.d, which on my system just lead to /lib/cryptsetup/cryptdisks.functions. I tried using bum to add them, but I wasn’t getting them to run before the mounting took place. I poked around on the sidux forums and found a post [6] (in German) that had another way of adding them. I don’t know if this is a Debian issue or not, but the following worked for me, as root.

update-rc.d -f cryptdisks-early remove
update-rc.d -f cryptdisks remove
update-rc.d cryptdisks-early start 26 S . start 59 0 6 .
update-rc.d cryptdisks start 28 S . start 48 0 6 .

Reboot
Now you should be able to just reboot and be good to go. I’m not 100% on this guide as I made it after the fact, so I may have spaced off some small things. If I did, they should be very, very minor and shouldn’t cause any problems. Please do leave comments if you have an issue, I’d like to correct any errors I may have made. There are some additional sources below, please read up if you have the time. Good luck!


Sources

  1. Linux Tips – Disk Partitioning
  2. cryptsetup(8)
  3. HowTo: Setup and Benchmark Encrypted Partitions in Ubuntu
  4. dd(1)
  5. crypttab(5)
  6. Startskript “cryptdisks-early” wird zu spät ausgef
  7. Protect Your Stuff With Encrypted Linux Partitions(And Part 2)
Tags: , ,

BlowPass Has Taken Over

December 7, 2006 » Geek

So I thought that I had moved past BlowPass. I guess I was wrong. I’ve been spending every spare moment working on it. I found what I feel is a better Blowfish library at www.farfarfar.com. I still can’t implement any of the vector tests because they’re all in hex and translate into nasty characters. This means I have no actual idea if the crypt is working. I also quickly stopped trying to write my own Twofish implementation. I could handle it in C I think, but not JavaScript, I don’t know enough of it and it’s little oddities.

Regardless of all that, I’ve got my prototype AJAX down pat now (okay, AHAH) and I’m working up my own open source version of passlet.com. Here’s a nice list of features/todo’s.

  • Uses a non-proprietary algorithm (Blowfish)
  • Has AJAX-y-ness
  • Uses PHP
  • Uses a database abstraction library TODO
  • Slick animations (mootools?) TODO

You can check out the current version at http://static.velvetcache.org/projects/blowpass/demo/ to play around.

Tags: , , , , , , ,
«