Sunday, December 7, 2014

About PGP Signatures

My people have no tradition of proofreading.  —Ken White

I started attaching PGP digital signatures to my work email a few months ago.  That's kind-of an appropriate thing for me to do since I'm a teacher of computer security.  For many people, that signature is just a mysterious hunk of garbled letters either appended to the email message or sent as an attachment.  Such a signature looks like this:

Version: GnuPG v2.0.22 (MingW32)


Ewww... that's ugly! But why?

A PGP Digital Signature Authenticates the Message

When people get email, they naturally assume that the name on the From: line is the sender of the message, especially if it's someone they know and with whom they communicate frequently.  Unhappily, that doesn't have to be true; it is trivially easy to forge a sender's identity in email.  The PGP digital signature provides strong evidence that the message is actually from the purported sender and that it hasn't been tampered with in transit.

How Does it Work?

The PGP digital signature depends on two cryptographic technologies, cryptographic hash functions and public key cryptography.   A cryptographic hash function produces a "fingerprint" for a message.  The text of the message is input to a computer program that computes the hash code, called a "digest."  Every possible message probably has a unique digest, and even a tiny change in the message would change the computed digest dramatically.  Why is it called "hash?"  Look at the example above!

Public key cryptography uses two keys called public and private.  The public key is widely available, often published a key server like the OpenPGP key server.  If you know someone's email address and they have a PGP key pair, you can probably find their public key easily.  A very useful feature of PGP  keys is that they are cryptographic inverses of one another.  If you encrypt a message using my public key, it can only be decrypted with my private key.  If I've carefully kept my private key, um, private, only I will be able to decrypt the message.  It works the other way, too.  If I encrypt a message using my private key, which only I have, anyone can get my public key and decrypt the message, but I'm the only one who could have encrypted it because only I have the private key.  So, a message encrypted with my private key is digitally signed.

My email program generates a PGP signature by first computing a cryptographic hash digest from the message, then by encrypting the digest using my private key.  The recipient can use my public key to decrypt the digest.  If the rest of the process works, the message could only have come from me because only I have the corresponding private key.  The recipient then computes a new digest from the message using the same cryptographic hash algorithm.  The newly-computed digest is compared to the decrypted digest.  If they're the same, the decryption worked and the message hasn't been tampered with because tampering would have caused the newly-computed digest to be different.

I wrote that a valid PGP signature "provides strong evidence that the message is actually from the purported sender and that is hasn't been tampered with in transit."  How strong?  The main consideration is whether the sender has kept his private key truly private.  Anyone with a copy of my private key can sign a message that will appear to come from me.  You also have to trust that neither the cryptographic hash algorithm nor the public key algorithm has a flaw that can be exploited.  Modern cryptographic algorithms are strong enough to make the cryptographic safety of PGP signatures a good bet.

What is PGP, Anyway?

PGP stands for "Pretty Good Privacy," invented by Phil Zimmerman to allow exchange of secure (confidential) and authenticated messages.  Zimmerman's original PGP ran into patent problems and Zimmerman himself was the subject of a long criminal investigation for "exporting munitions," namely cryptographic algorithms.  (The FBI, CIA, NSA, TSA, DHS, DoJ and every other three-letter agency known to man hate encryption because it makes dragnet surveillance and casual snooping very difficult.  With that said, I cannot emphasize too strongly that, in the United States, there is nothing illegal about using encryption. )

I'm actually using the implementation of the OpenPGP standard built into the Thunderbird email client.

What About Snooping?

A digital signature doesn't do anything to protect the confidentiality of a message.  To do that, one must encrypt the message itself.  It's easy to do, and if you start sending me encrypted email, I'll be sure my replies are encrypted.  That way, even the NSA won't know what kind of pizza we're planning to have.  See the articles below for instructions.

Want to Know More?

I've written a series of three articles on using and understanding encryption:
There's also plenty of information in the links above. Knock your socks off!

Too Long; Didn't Read

The XKCD comic, which everyone who does anything with technology ought to read, explains PGP digital signatures this way.

You have to actually validate the digital signature, not just check that it's present to be certain.  But really, if the signature is there, odds are good that it will validate, and if you have any doubts, you can validate and be sure.  How?  Probably your email client will do it for you.  For details, see Using Encrypted Email.

Copyright © 2014 by Bob Brown

Creative Commons License
About PGP Signatures by Bob Brown is licensed under a Creative Commons Attribution-ShareAlike 3.0 Unported License.

No comments:

Post a Comment