With my current OpenPGP key set to expire in the middle of December I’ve decided to extend its life by changing the expiry date for the primary signing key 0xFEEEFA8F and adding a new encryption subkey that can be used when the existing one expires. The new expiry date for the main signing key as well as the new encryption subkey is 2 years from today. Before getting into the actual notice allow me to capture exactly what I did:
More than a year ago I moved from my expiring OpenPGP key (0x1CD3E3D8) to my current key (0xFEEEFA8F) and for that process, in addition to signing my new key with my old key, I created a Key Transition notice signed by both keys as a way to inform those who trusted my old key that my new key was in fact still me. However it only recently occurred to me that I never actually posted any instructions on how I did that and deciphering gpg command line can be a bit of a pain.
While I am by no means a security expert the following are the current best practices for configuring your gpg.conf file as best as I can determine. Key usage options default-key <your primary key> Use as the default key to sign with. If this option is not used, the default key is the first key found in the secret keyring. hidden-encrypt-to <your primary key> Same as –hidden-recipient but this one is intended for use in the options file and may be used with your own user-id as a hidden “encrypt-to-self”.
As advances in cryptography and technology move forward there is a chance that your once secure system may suddenly be relying on outdated (and perhaps now broken) algorithms or implementations. Some good examples of this in recent memory are the breaking of the MD5 hash algorithm and the constant problems plaguing the RC4 encryption cipher. When it comes to PGP it is well known that short keys, keys generated without good entropy to pull from or keys using outdated implementations and algorithms can be far less secure than you would hope they would be.
I recently came across a very good (albeit sort of old) post over at Chris Wellons’ null program blog about increasing the default protections on your stored PGP key. The short hand version is that gpg attempts to protect your PGP key from theft by encrypting it on disk so that if anyone gets access to your secret key file they still don’t immediately have access to your PGP key.
Came across pgp.asc a while back but finally got around to setting it up here. What is pgp.asc? From their website: What is pgp.asc? pgp.asc is an initiative to decentralize public PGP keys, making it easier to get an up to date and authenticated key. Sounds complicated? It isn’t: Just upload your public PGP key to your websites root folder and you’re good to go! So there you have it.
You may have seen something like this before. You go to download your favourite program SuperApp3000 and on the download page they provide you with hashes (usually MD5, SHA1, etc.) for each of the available files to download. Sometimes they even stress that you should verify that the file you downloaded matches the provided hash or that you should never trust anything you download without first confirming the hashesmatch. This is a prime example of people confusing file hashes with digital signatures and it needs to stop.
Here are a couple of neat iOS applications for the paranoid (kidding!) & security inclined. iPGMail iPGMail (currently $1.99 on the App Store) is the best OpenPGP application I’ve tried on Apple’s platform. Even within the somewhat restrictive limitations that Apple has created for application developers this particular application does everything it can to be user friendly. I would highly recommend this to anyone that wishes to send signed/encrypted e-mail from their iOS device.
After reading this I’m still not 100% sure there can ever be a completely “safe” way to do this with Twitter. That said some ways are certainly better than others… Personally I think the best of the approaches listed is to include the full key fingerprint and then to also periodically tweet the details. At least that way if an attacker does go and maliciously modify your bio there is still a chance for someone to see the good tweet as well.
I came across a crowdfunding site for GnuPG with the tag line: The world needs GnuPG encryption more than ever – a new website, new design, and new content will make strong crypto friendly. If they can actually do something to make GnuPG, and computer security in general, more user friendly and approachable than it may actually be a cause worth supporting.