外文资料-第三篇（How to Deal With Keys）

lians

How to Deal With Keys
Jana Jaeger

Table of Contents

Can Public Keys Really be Secure?
   Building a Web of Trust
   Fingerprints
   How Much do I Trust in a Signature?
In Practice ...
   Generating Keys
   Exporting and Distributing Keys
   Importing Keys
   Revoking Keys
   Key Management
   Signing Keys
   Assigning Trust
Further Information

This article focuses on the achilles' heel of public key encryption - trusting in others and their signatures. The second part is a brief summary of the most important commands you need for handling keys underGPG.

◎Can Public Keys Really be Secure?

Powerful encryption programs likePGPorGPGdo not necessarily constitute a guarantee for secure communication via e-mail. As long as one can not be sure a public key really belongs to the one designated as its owner, the whole system has a serious weak spot.

Building a Web of Trust
Building a network of people who trust each other in the sense that each one of them would only sign a public key that belongs to its real owner is a means to ensure that only trustworthy keys are being used. This sort of network is called a"web of trust". To sign a key, one partner encrypts it with his secret (also called private) key. The higher the amount of signatures by members of the web of trust under a certain key, the higher is the amount of trust that can be put into this key. As an alternative, signatures of a certification authority guarantee the authenticity of a key. These institutions need your ID card data in order to be able to vouch for your identity.

Fingerprints
How can I verify the identity of someone whom I can only reach by e-mail or phone? Is he really the one he pretends to be? Can I trust his public key? Fingerprints provide an answer to these questions. Both parties generate a hash value (a sort of check sum) over the key/s in question. Now they compare the hash values or the so-called fingerprints on a phone line. If the fingerprints prove to be identical the key is genuine and can be stored in the public key-ring. It is not very wise to compare fingerprints via e-mail as this would mean an exchange of highly sensitive security information via an insecure channel.

How Much do I Trust in a Signature?
After a public key has been signed, it can be stored in the key-ring file. How much trust is to be put into a certain key or its signatures can be controlled by the user himself. The number of signatures needed to call a key trustworthy is adjustable. In addition to that, the amount of trust in certain signers of a key is also adjustable. This value (so-called ownertrust value) ranges from"I don't know","I do NOT trust"and"I trust marginally"to"I trust fully". Combining the trust value calculation with the adjusted number of signatures provides a means forGPGto evaluate the trustworthiness of this key.

◎In Practice ...

This section provides a short list of the most important commands ofGPG. TheGPGpackage is part of the SuSE Linux distribution and can be found in the series sec (security).

Generating Keys
New pairs of keys (one secret and one public key) are generated bygpg --gen-key. The pair of algorithms used for de- and encryption should be set to DSA/ElGamal. The key length should be set to 1024 bit which is a good compromise between security and performance at this time (this may change with the availability of more powerful computer systems). In order to assign this key to its owner, his name, an optional comment and his e-mail address are needed. Finally, the private key is protected by a passphrase.

Exporting and Distributing Keys
The newly generated keys are exported bygpg --export [UID]. Without the addition of a userID, the whole key-ring will be exported. The output file is specified by the option-o [filename]. If the key is to be sent via e-mail the addition of-aor--armormay be useful. It creates an ASCII output. Distribution of keys can also be achieved by putting them on one's own home page, copying them into the.planfile, so they can be"fingered", or by putting them on a keyserver.

Importing Keys
New public keys can be added to one's own key-ring bygpg --import [filename].

Revoking Keys
For some reasons it may be necessary to revoke an old key (maybe its length is not sufficient any more, it leaked out, or the userID has changed). This is achieved bygpg --gen-revoke. To hinder other people from revoking one's own keys, this procedure requires the private key. Thus, it is practically impossible to revoke a secret key just because its passphrase has been forgotten, since one needs the passphrase and the secret key to revoke it. ... To avoid this situation, it is very wise to create a revocation certificate immediately after the creation of keys. This has to be kept secret either by saving it on a floppy disk or just printing it.

Key Management
Any information on the keys, their signatures and fingerprints is stored in the key-ring file. Ownertrust values are stored in a separate file.gpg --list-keyslists all keys in the public key-ring. By typinggpg --list-sigstheir signatures are displayed.gpg --fingerprintsshows their fingerprints. The keys in the secret key-ring are displayed whengpg --list-secret-keysis typed. Editing of a key is done by typinggpg --edit-key UID. Modifications of the passphrase and/or the expiry date of a key can be made withgpg --edit-key [option]. To delete keys from the public key-ring, typegpg --delete-key UID, to delete a key from the secret key-ring, typegpg --delete-secret-key.

Signing Keys
To sign a public key of someone else with your own signature, choose the key withgpg --edit-key UIDand sign it withgpg -s (--sign).

Assigning Trust
Usinggpg --edit-key trustdifferent degrees of trust can be assigned to the signatures of a certain key. When using the optiontrust -1no trust is assigned to this signature,trust -2means"I do not know if I can trust this signature",trust -3 "I marginally trust this signature"andtrust -4 "I fully trust this signature".

◎Further Information

Additional information can be found on the home page of theGnuPG project. A briefHOWTOcan also be found there. Bruce Schneier's"Applied Cryptography, 2nd edition", published by Wiley&Sons, 1995 provides a deeper insight into the matter.