Creating a Secured Key
When you build a PGP key you going to start using that key to verify your identity, so like all other forms of identification you have to protect it. Unfortunately to make PGP usable you cant permanently store you private keys locked in a safe, you actually need a copy of it one your computer, phone, table, laptop, basically any place where you want to send verified emails or decrypt messages you receive.
So what do you do if you phone or laptop are stolen? Even if you have secured your private-key with a strong password it is still at risk from someone with direct access to it.
Protection Using Subkeys
There isn’t allot of information on web about how to secure your key in this situation. I was able to find a few reference sites most notably the Debian Wiki about Subkeys.
When you create a OpenPGP key you are creating one key for signing and another for encryption. Its the signing key that is your master key and the one you need to protect. So after creating a new OpenPGP key you can create a new subkey just for signing.
This way the only things stored on your mobile device are your encryption key and your signing-subkey. If you lose control of your laptop, but still retain control of you master key, you can revoke the sub signing and encryption keys and create replacements.
If an attacker were able to break your password they would get access to anything encrypted before you revoked the key but nothing after that point. They could also only sign emails and files using the subkey you just revoked and any receiving PGP application would see that the key used to sign the message had been revoked and not validate the signature.
So how do we do it?
Creating the Keypair
gpg --gen-key command to create the new keypair
nxad@desktop:~$ gpg --gen-key gpg (GnuPG) 1.4.12; Copyright (C) 2012 Free Software Foundation, Inc. This is free software: you are free to change and redistribute it. There is NO WARRANTY, to the extent permitted by law. Please select what kind of key you want: (1) RSA and RSA (default) (2) DSA and Elgamal (3) DSA (sign only) (4) RSA (sign only) Your selection? 1 RSA keys may be between 1024 and 4096 bits long. What keysize do you want? (2048) 4096 Requested keysize is 4096 bits Please specify how long the key should be valid. 0 = key does not expire <n> = key expires in n days <n>w = key expires in n weeks <n>m = key expires in n months <n>y = key expires in n years Key is valid for? (0) 0 Key does not expire at all Is this correct? (y/N) y You need a user ID to identify your key; the software constructs the user ID from the Real Name, Comment and Email Address in this form: "Heinrich Heine (Der Dichter) <firstname.lastname@example.org>" Real name:Stuart McCulloch Anderson Email address: email@example.com Comment: You selected this USER-ID: "Stuart McCulloch Anderson <firstname.lastname@example.org>" Change (N)ame, (C)omment, (E)mail or (O)kay/(Q)uit? o You need a Passphrase to protect your secret key. gpg: gpg-agent is not available in this session Enter passphrase: gpg: key 1FA1E814 marked as ultimately trusted public and secret key created and signed. gpg: checking the trustdb gpg: 5 marginal(s) needed, 1 complete(s) needed, PGP trust model gpg: depth: 0 valid: 2 signed: 2 trust: 0-, 0q, 0n, 0m, 0f, 2u gpg: depth: 1 valid: 2 signed: 1 trust: 2-, 0q, 0n, 0m, 0f, 0u gpg: next trustdb check due at 2015-09-12 pub 4096R/1FA1E814 2014-05-04 Key fingerprint = BB2C EB25 BE05 16A7 A9C6 F2FB EEB4 96E6 1FA1 E814 uid Stuart McCulloch Anderson <email@example.com> sub 4096R/FA4F70FF 2014-05-04
You will be prompted to enter a password, its a good idea to make this a secure one; hard to guess and one you want forget. Keep it safe. If you lose your password you could lose control over your key and will have to start again.
PGP uses hashes through the signing and encrypting process, I’ve better explained this on the “How is works” page. To strengthen your key you can set your preferred hashes. This is useful because as time moves on and computers become more powerful weaknesses are being discovered in previously thought secure hashes such as SHA-1.
gpg --edit-key command and when prompted enter the command
setpref SHA512 SHA384 SHA256 SHA224 AES256 AES192 AES CAST5 ZLIB BZIP2 ZIP Uncompressed, then
Subkey for Signing
OpenPGP subkeys work the same as normal (master) keys, expect they are mathematical related to the master key and they can be used for signing or encrypting. What makes them special here is they can be revoked and store independently of the master key.
Again use the
gpg --edit-key command and type
addkey. Select a sign only key, ether 3 or 4 depending on if you want to use DSA or RSA. After the new key is ready type
nxad@desktop:~$ gpg --edit-key 1FA1E814 gpg (GnuPG) 1.4.12; Copyright (C) 2012 Free Software Foundation, Inc. This is free software: you are free to change and redistribute it. There is NO WARRANTY, to the extent permitted by law. Secret key is available. pub 4096R/1FA1E814 created: 2014-05-04 expires: never usage: SC trust: ultimate validity: ultimate sub 4096R/FA4F70FF created: 2014-05-04 expires: never usage: E [ultimate] (1). Stuart McCulloch Anderson <firstname.lastname@example.org> [ultimate] (2) [jpeg image of size 2578] gpg> setpref SHA512 SHA384 SHA256 SHA224 AES256 AES192 AES CAST5 ZLIB BZIP2 ZIP Uncompressed Set preference list to: Cipher: AES256, AES192, AES, CAST5, 3DES Digest: SHA512, SHA384, SHA256, SHA224, SHA1 Compression: ZLIB, BZIP2, ZIP, Uncompressed Features: MDC, Keyserver no-modify Really update the preferences? (y/N) y You need a passphrase to unlock the secret key for user: "Stuart McCulloch Anderson <email@example.com>" 4096-bit RSA key, ID 1FA1E814, created 2014-05-04 gpg: gpg-agent is not available in this session pub 4096R/1FA1E814 created: 2014-05-04 expires: never usage: SC trust: ultimate validity: ultimate sub 4096R/FA4F70FF created: 2014-05-04 expires: never usage: E [ultimate] (1). Stuart McCulloch Anderson <firstname.lastname@example.org> [ultimate] (2) [jpeg image of size 2578] gpg> save
Since we are creating subkeys we do not have to worry about theft of a laptop or phone. In that case you could still use your master key to revoke only that subkey. What I describe bellow is when you lose your master key and must revoke everything.
If you ever lose your private key you will have no way of generating the revocation certificates needed to revoke your new key. So best practice is to generate those certificates now and store them in a safe place encase you need them later.
You can do this from the command line with the command:
nxad@desktop:~$ gpg --output 1FA1E814.rev.asc --armor --gen-revoke 1FA1E814
However I has also worked on a bash script that can automate the process of creating these certificates. More information on this is available from the project page.
Export The Final Product
Now export your keypair. You can export both the private-key and public-key using these commands:
nxad@desktop:~$ gpg --export-secret-keys --armor 1FA1E814 > 1FA1E814.pri.asc nxad@desktop:~$ gpg --export --armor 1FA1E814 > 1FA1E814.pub.asc
You should protect these two files. Do not keep them on your laptop of mobile. The private file we exported contains your master key. Losing this could compromise your entire keypair.
Creating your Laptop Key
Now that your master key is ready you can create your laptop key. GPG does not make this easy, but with a little trickery you can make it work. These instructions assume you have created your master key on your laptop, if you have created your key on your desktop machine you can just skip the step two and not delete your secret key.
- Start by exporting your subkeys
gpg --export-secret-subkeys 1FA1E814 > 1FA1E814.sub.gpg
- Next delete the master key from your key ring
gpg --delete-secret-key 1FA1E814
- Now reimport the subkeys back into your keyring, or if you are not working from your laptop just import the subkeys there
gpg --import 1FA1E814.sub.gpg.
Using your new key
You can now use your laptop keypair to sign, decrypt or encrypt emails and files. If you want to sign someone else’s key or revoke a subkey attached to your mast key you need to use the original master key.
Now that your key is ready for public consumption your can start sharing it. You can distribute your key anyway you like, but the simplest solution is to send it to a key server:
nxad@desktop:~$ gpg --send-keys 1FA1E814
There are hundreds of key servers online, but you don’t need to send your key to all of them. In most cases any key server you use will distribute your public key across all the others. This process is fully automatic but it can take a few days for your key to appear on them all.