Unix Insider –
Networked computing is a double-edged sword. Connectivity makes transparent sharing of data through e-mail, Web sites, and ftp archives possible, but it also invites unwanted access to your data. Bytes sent over a network are about as private or secure as Post-it notes posted outside your cubicle wall. You're open to data loss through copying, incorrect or inconsistent messages coming from someone impersonating you, or the exposure of sensitive information.
Last month, we looked at the secure shell (ssh), a session-level encryption system that lets you move from system to system over an unsecure network safely. SSH is suited for synchronous work, such as remote logins or X sessions.
Our budding e-mail culture, however, demands protection for asynchronous, file-based communication as well. To extend the scope of the data protection problem, you need to ensure the privacy and integrity of any number of files, knowing the identity of each file's creator and the validity of its contents. This month, we'll explore Pretty Good Privacy (PGP), Phil Zimmermann's publicly available, file-oriented encryption system. PGP can encrypt your mail and other files and attach digital signatures to files, whether they are encrypted or not.
Starting with some motivations for using PGP in the first place, we'll cover the mechanics of encrypting and decrypting files. We'll tell you how and where to get PGP, and why you need to treat it like radioactive material (seriously!). Key management, trust, and key validity form the core of a socio-political discussion, and we'll point out some safe and unsafe key exchange and protection practices. Finally, we'll tie everything together with a discussion of generating digital signatures and using them to verify data integrity and sender identity.
Say what? The need for authenticity
Don't dismiss data security as a problem for the boundary between inside and outside networks, or one that is covered by company policies regarding personal use of resources. While data privacy is nice for protecting e-mail sent to your significant other or sister in New York, it can also be a requirement for internal networks. Consider some of these scenarios:
- A contractor whose engagement has expired wants to retain an account on your machine for cheap Internet access. He forges e-mail from your manager asking you to leave his login active for another 90 days. Do you accept requests like this by fiat, or do you have a verification process?
- For an April Fool's Day prank, some of your co-workers hand-craft an official looking e-mail from the head of human resources outlining the new company dress code: wing-tip shoes and shorts, especially on Hawaiian Shirt Gonzo Fridays. Various executives go ballistic -- aiming at you -- because you had assured them that mail to the all-company alias went through an auditing script.
- You sense that someone has broken into one of your gateway machines, but you can't determine exactly what has changed. You consult your list of configuration files, but it matches the size, date, and owner information found on the system. Either you're paranoid, or the intruder modified the system and your checklist to hide the damage.
- A chunk of e-mail containing bonus information gets copied off of
the wire, revealing salary information to anyone who can divide by the
appropriate fraction. Using ssh prevents disclosure while
reading your mail, but how do you protect the contents while
they are in
<font face="Courier">sendmail</font>'s grip?
The solution to these problems, and others like them, is PGP. Command-line driven, PGP can be embedded in scripts or used as a standalone encryption tool. PGP's major attraction is that it uses public key cryptography, allowing you to exchange encrypted files without having to swap private, or secret key information with the other party.
You could solve the bonus e-mail problem, for example, by encrypting the file using
<font face="Courier">crypt</font>, but each recipient of the message would have to be given the key to decrypt it. This symmetric, or private key encryption, requires that both parties have the same key. It's fast, but it's also a mess to manage. If you want to send private mail to each of three people, and want to ensure the privacy of mail to each one, you need three secret keys. Extend the problem to the more likely case where all four of you want to exchange secret mail, and you need six keys to cover all combinations of sender and receiver. This combinatorial gem grows exponentially, making it nearly impossible to handle for anything outside of a small group.
Public key cryptography solves the problem by breaking the key up into a public and private portion. You keep the private portion secret, like a password, but freely distribute the public portion. The magic behind public key cryptography is that two parties can derive a shared key between them without ever exchanging secret (private key) information.
Returning to our example of exchanging secret mail, you'd only need four keys to exchange mail amongst four people -- each person needs a copy of every other's public key. Adding a new person to the circle requires distributing just one new public key.
Public key cryptography relies on such mathematical coolness as exponentiation, large numbers, prime numbers, and the commutative property of multiplication. Some of that is second-grade math, while most of it is twenty-year-old work done by Whitfield Diffie and Marty Hellman (the Diffie-Hellman key exchange) and Ron Rivest, Adi Shamir, and Len Adelman (RSA encryption). For now, all you need to know is that exchanging public keys with someone lets you exchange strongly encrypted data. RSA keys are typically 512, 768, or 1,024 bits long: the longer the key, the stronger the encryption. With 1,024-bit keys, the encryption is not practically breakable by brute-force methods -- there are simply too many keys to put into the electronic lock.
What's the buzz?
PGP is available, in source form, for nearly all Unix machines. There are also DOS and Macintosh versions available in source and binary form. One of PGP's many attractions is its immense portability. Getting PGP, however, is not as trivial as finding the local ftp archive and slurping bits over the wire. Because it contains strong cryptography, PGP is export-embargoed in the U.S. -- it cannot be taken or sent outside of the country. There are versions of PGP developed outside of the U.S. that can be used in other countries, and can be imported into the U.S. safely.
To ensure that only U.S. citizens currently living in the U.S. retrieve PGP, the primary distribution site at MIT makes you go through a short question-and-answer session. Telnet to net-dist.mit.edu, with a login of
<font face="Courier">getpgp</font>, and answer the questions posed to you. You'll be given a directory on that machine from which you can fetch PGP via anonymous ftp. Do so quickly after filling in the questionnaire, because the directory changes frequently. For more information, check out the MIT distribution site's home page.
Should you have Windows users who will snarl and gnash their teeth at a command-line driven utility, grab a copy of Christopher Greib's WinPGP from his home page (http://ourworld.compuserve.com/homepages/CGeib/). Version 4.0 of WinPGP runs under Windows95. And again, if you retrieve the code, don't redistribute it or send it out of the U.S., even to a co-worker, unless you particularly enjoy federal investigations. We'll briefly look at export controls and related issues next month, but for now take heed of the fact that the U.S. government only recently dropped charges against Phil Zimmermann for "distributing" PGP outside of the U.S. by posting it to USENET. If convicted, Phil would have faced up to 51 months in jail. Think carefully before sharing the goods.
Much of this month's column comes from Simson Garfinkel's outstanding book, PGP: Pretty Good Privacy published by O'Reilly & Associates. It contains a history of the package, details on every option and feature, and usage caveats. Peter Kent's PGP Companion for Windows published by Ventana Press, covers the package in less detail but describes the WinPGP Windows GUI that overlays it. If you are still interested in the theory of large numbers, primes, factoring, and the acronyms listed above, get a copy of Bruce Schneier's Applied Cryptography, published by Wiley. Now in its second edition, this book is the definitive bible on cryptosystems.
Armored transport: sending secret stuff
Enough politics and theory, let's blast bits. We'll postpone a discussion of how you collect, manage, and locate public keys, and instead go through the basics of using PGP to encrypt and decrypt messages. The simplest task to perform is encrypting a file (note that PGP normally produces quite a few time and copyright messages concerning the use of RSA, which we have elided here for space and clarity):
<font face="Courier"> huey% pgp -c message You need a pass phrase to encrypt the file. Enter pass phrase: Enter same pass phrase again: Just a moment.... Ciphertext file: message.pgp </font>
PGP asks for a pass phrase, which is simply a long password. The longer your pass phrase, the harder it will be for someone to guess it and decrypt the file. PGP produces the output file message.pgp, which can be turned back into plain (decrypted) text using PGP without any options:
<font face="Courier"> huey% pgp message.pgp </font>
Don't try to view the encrypted file with an editor or
<font face="Courier">more</font>, since it is a binary file that will at the least wreak havoc with your keyboard driver. Be sure to remove the original, plain text version of the file (or have PGP do it for you using the
<font face="Courier">-w</font>option), or your encryption efforts are for naught. The conventional encryption feature of PGP makes it possible to standardize on PGP for all of your data-security tasks.
Let's actually swap secret bits with someone. Hand PGP the options
<font face="Courier">-eat</font>and the recipients' user ID (we'll send this to our buddy Pepe):
<font face="Courier"> heuy% pgp -eat message pepe Recipients' public key(s) will be used to encrypt. Key for user ID: Pepe <firstname.lastname@example.org> 1024-bit key, Key ID 13FAC021, created 1995/05/17 . Transport armor file: message.asc </font>
We'll come back to the user ID, and how it relates to a recipient and his or her key shortly. The options produce a message suitable for mailing:
- Encryption is turned on with the
<font face="Courier">-a</font>flag tells PGP to produce an ASCII output file. Most mailers can't handle a binary file, so use the ASCII option to perform the equivalent of a
<font face="Courier">uuencode</font>. In PGP-speak, the ASCII output is called an ASCII armor file or a transport armor file, and is given the .asc extension.
- PGP treats the message like a text file when the
<font face="Courier">-t</font>option is given. When this file is decrypted on a Macintosh or Windows/DOS machine, it will have the correct end of line characters inserted. Unless you're specifically encrypting a binary file (such as a data set), use the
<font face="Courier">-t</font>option to preserve your end-of-line boundaries.
Now that we have message.asc, we can simply drop it in the mail to Pepe:
<font face="Courier"> heuy% mail email@example.com < message.asc </font>
Very few people compose mail in a text file and then pipe it to mail. PGP's filter option (
<font face="Courier">-f</font>) makes it easier to combine the encryption and composition steps:
<font face="Courier"> huey% pgp -eatf pepe | mail firstname.lastname@example.org </font>
When Pepe gets this message, he'll save it to a file, and then use
<font face="Courier">pgp mail.asc</font>to unravel the encrypted contents. The decrypted message will be saved in file mail. PGP has an option called "For Your Eyes Only," specified by the
<font face="Courier">-m</font>flag, that only displays the data. Rumor has it the feature was added so that a certain recipient could use PGP without inadvertendly leaving messages from her lover on the disk where her husband would find them. If true, it's further proof that most solid advances in computer science are spurred by games, sex, or both.
There are a few things worth pointing out: