diff options
Diffstat (limited to 'doc/gph/c4.sgml')
| -rw-r--r-- | doc/gph/c4.sgml | 433 |
1 files changed, 0 insertions, 433 deletions
diff --git a/doc/gph/c4.sgml b/doc/gph/c4.sgml deleted file mode 100644 index 1932da7ae..000000000 --- a/doc/gph/c4.sgml +++ /dev/null @@ -1,433 +0,0 @@ -<chapter id="wise" xreflabel="4"> -<docinfo> -<date> -$Id$ -</date> -</docinfo> -<title> -Daily use of &Gnupg; -</title> - -<para> -&Gnupg; is a complex tool with technical, social, and legal issues -surrounding it. -Technically, it has been designed to be used in situations having -drastically different security needs. -This complicates key management. -Socially, using &gnupg; is not strictly a personal decision. -To use &gnupg effectively both parties communicating must use it. -Finally, as of 1999, laws regarding digital encryption, and in particular -whether or not using &gnupg; is legal, vary from country to country and -is currently being debated by many national governments. -</para> - -<para> -This chapter addresses these issues. -It gives practical advice on how to use &gnupg; to meet your security needs. -It also suggests ways to promote the use of &gnupg; for secure -communication between yourself and your colleagues when your colleagues -are not currently using &gnupg;. -Finally, the legal status of &gnupg; is outlined given the current status -of encryption laws in the world. -</para> - -<sect1> -<title> -Defining your security needs -</title> - -<para> -&Gnupg; is a tool you use to protect your privacy. -Your privacy is protected if you can correspond with others without -eavesdroppers reading those messages. -</para> - -<para> -How you should use &gnupg; depends on the determination and resourcefulness -of those who might want to read your encrypted messages. -An eavesdropper may be an unscrupulous system administrator casually -scanning your mail, it might be an industrial spy trying to collect -your company's secrets, or it might be a law enforcement agency trying -to prosecute you. -Using &gnupg; to protect against casual eavesdropping is going to be -different than using &gnupg; to protect against a determined adversary. -Your goal, ultimately, is to make it more expensive to recover the -unencrypted data than that data is worth. -</para> - -<para> -Customizing your use of &gnupg; revolves around three issues: -<itemizedlist spacing="compact"> -<listitem> -<para> -the key size of your public/private keypair, -</para> -</listitem> - -<listitem> -<para> -protecting your private key, and -</para> -</listitem> - -<listitem> -<para> -managing your web of trust. -</para> -</listitem> -</itemizedlist> - -A well-chosen key size protects you against brute-force attacks on -encrypted messages. -Protecting your private key prevents an attacker from simply using your -private key to decrypt encrypted messages and sign messages in your name. -Correctly managing your web of trust prevents attackers from masquarading -as people with whom you communicate. -Ultimately, addressing these issues with respect to your own security -needs is how you balance the extra work required to use &gnupg; with -the privacy it gives you. -</para> - -<sect2> -<title> -Choosing a key size -</title> - -<para> -Selecting a key size depends on the key. -In OpenPGP, a public/private keypair usually has multiple keys. -At the least it has a master signing key, and it probably has one or -more additional subkeys for encryption. -Using default key generation parameters with &gnupg;, the master -key will be a DSA key, and the subkeys will be ElGamal keys. -</para> - -<para> -DSA allows a key size up to 1024 bits. -This is not especially good given today's factoring technology, but -that is what the standard specifies. -Without question, you should use 1024 bit DSA keys. -</para> - -<para> -ElGamal keys, on the other hand, may be of any size. -Since &gnupg; is a hybrid public-key system, the public key is used -to encrypt a 128-bit session key, and the private key is used to -decrypt it. -Key size nevertheless affects encryption and decryption speed -since the cost of these algorithms is exponential in the size of -the key. -Larger keys also take more time to generate and take more space -to store. -Ultimately, there are diminishing returns on the extra security -a large key provides you. -After all, if the key is large enough to resist a brute-force -attack, an eavesdropper will merely switch to some other method for -obtaining your plaintext data. -Examples of other methods include robbing your home or office -and mugging you. -1024 bits is thus the recommended key size. -If you genuinely need a larger key size then you probably already -know this and should be consulting an expert in data security. -</para> -</sect2> - -<sect2> -<title> -Protecting your private key -</title> - -<para> -Protecting your private key is the most important job you have to -use &gnupg; correctly. -If someone obtains your private key, then all data encrypted to -the private key can be decrypted and signatures can be made in your name. -If you lose your private key, then you will no longer be able to -decrypt documents encrypted to you in the future or in the past, -and you will not be able to make signatures. -Losing sole possession of your private key is catastrophic. -</para> - -<para> -Regardless of how you use &gnupg; you should store the public -key's <link linkend="revocation">revocation certificate</link> -and a backup of your private key on write-protected media in a safe place. -For example, you could burn them on a CD-ROM and store them in your -safe deposit box at the bank in a sealed envelope. -Alternatively, you could store them on a floppy and hide it in your -house. -Whatever you do, they should be put on media that is safe to store -for as long as you expect to keep the key, and you should store -them more carefully than the copy of your private key you use daily. -</para> - -<para> -To help safeguard your key, &Gnupg; does not store your raw -private key on disk. -Instead it encrypts it using a symmetric encryption algorithm. -That is why you need a passphrase to access the key. -Thus there are two barriers an attacker must cross to access your private -key: (1) he must actually acquire the key, and (2) he must get past -the encryption. -</para> - -<para> -Safely storing your private key is important, but there is a cost. -Ideally, you would keep the private key on a removable, write-protected disk -such as a floppy disk, and you would use it on a single-user machine -not connected to a network. -This may be inconvenient or impossible for you to do. -For example, you may not own your own machine and must use a computer -at work or school, or it may mean you have to physically disconnect -your computer from your cable modem every time you want to use &gnupg; -</para> - -<para> -This does not mean you cannot or should not use &gnupg;. -It means only that you have decided that the data you are protecting is -important enough to encrypt but not so important as to take extra -steps to make the first barrier stronger. -It is your choice. -</para> - -<para> -A good passphrase is absolutely critical when using &gnupg;. -Any attacker who gains access to your private key must bypass the -encryption on the private key. -Instead of brute-force guessing the key, an attacker will almost -certainly instead try to guess the passphrase. -</para> - -<para> -The motivation for trying passphrases is that most people choose -a passphrase that is easier to guess than a random 128-bit key. -If the passphrase is a word, it is much cheaper to try all the -words in the dictionaries of the world's languages. -Even if the word is permuted, &eg, k3wldood, it is still easier -to try dictionary words with a catalog of permutations. -The same problem applies to quotations. -In general, passphrases based on natural-language utterances -are poor passphrases since there is little randomness and lots -of redundancy in natural language. -You should avoid natural language passphrases if you can. -</para> - -<para> -A good passphrase is one that you can remember but is hard for -someone to guess. -It should include characters from the whole range of printable characters -on your keyboard. -This includes uppercase alphabetics characters, numbers, and special -characters such as <literal>}</literal> and <literal>|</literal>. -Be creative and spend a little time considering your passphrase; a -good choice is important to ensure your privacy. -</para> -</sect2> - -<!-- -<sect2> -<title> -Reacting to a compromised private key -</title> - -<para> -Despite your precautions you may lose sole access to your private key. -For example, you may forget the passphrase, or someone who you think -can bypass the encryption gets access to it. -In that case then you need to spread the word that your key is no -longer valid. -To do that you use the key revocation certificate you should have generated -when you created the key. -Importing it onto your public keyring will revoke the public key -of the keypair you no longer wish to use. -It is then up to you to distribute the revoked public key to all -those who may encrypt documents to you. -</para> - -<para> -A revoked public key only prevents future use of the private key. -Others will neither be able to encrypt documents to the key nor will -they be able to check signatures made with the private key. -Documents signed in the past can still be checked, however, and -documents encrypted in the past can still be decrypted. -</para> - -<para> -It is important that you protect the revocation certificate carefully. -Anybody can add the certificate to your public key and distribute it, -and there is no way to revoke a revocation certificate. -Therefore, you should store the revocation certificate in a safe -place such as with the backup of your private key. -</para> -</sect2> ---> - -<sect2> -<title> -Managing your web of trust -</title> - -<para> -As with protecting your private key, managing your web of trust is -another aspect of using &gnupg; that requires balancing security against -ease of use. -If you are using &gnupg; to protect against casual eavesdropping and -forgeries then you can afford to be relatively trusting of other -people's signatures. -On the other hand, if you are concerned that there may be a determined -attacker interested in invading your privacy, then -you should be much less trusting of other signatures and spend more time -personally verifying signatures. -</para> - -<para> -Regardless of your own security needs, through, you should -<emphasis>always be careful</emphasis> when signing other keys. -It is selfish to sign a key with just enough confidence in the key's -validity to satisfy your own security needs. -Others, with more stringent security needs, may want to depend on -your signature. -If they cannot depend on you then that weakens the web of trust -and makes it more difficult for all &gnupg; users to communicate. -Use the same care in signing keys that you would like others to use when -you depend on their signatures. -</para> - -<para> -In practice, managing your web of trust reduces to assigning trust to -others and tuning the options -<link linkend="marginals-needed"><option>--marginals-needed</option></link> -and -<link linkend="completes-needed"><option>--completes-needed</option></link>. -Any key you personally sign will be considered valid, but except for small -groups, it will not be practical to personally sign the key of every person -with whom you communicate. -You will therefore have to assign trust to others. -</para> - -<para> -It is probably wise to be accurate when assigning trust and then -use the options to tune how careful &gnupg; is with key validation. -As a concrete example, you may fully trust a few close friends that -you know are careful with key signing and then marginally -trust all others on your keyring. -From there, you may set <option>--completes-needed</option> to -<literal>1</literal> and <option>--marginals-needed</option> to -<literal>2</literal>. -If you are more concerned with security you might choose values of -<literal>1</literal> and <literal>3</literal> or <literal>2</literal> -and <literal>3</literal> respectively. -If you are less concerned with privacy attacks and just want some -reasonable confidence about validity, set the values to <literal>1</literal> -and <literal>1</literal>. -In general, higher numbers for these options imply that more people -would be needed to conspire against you in order to have a key validated -that does not actually belong to the person whom you think it does. -</para> -</sect2> -</sect1> - -<sect1> -<title> -Building your web of trust -</title> - -<para> -Wanting to use &gnupg; yourself is not enough. -In order to use to communicate securely with others you must have -a web of trust. -At first glance, however, building a web of trust is a daunting task. -The people with whom you communicate need to use -&gnupg;<footnote><para>In this section, &gnupg; refers to the -&gnupg; implementation of OpenPGP as well as other implementations -such as NAI's PGP product.</para></footnote>, and there needs to be enough -key signing so that keys can be considered valid. -These are not technical problems; they are social problems. -Nevertheless, you must overcome these problems if you want to -use &gnupg;. -</para> - -<para> -When getting started using &gnupg; it is important to realize that you -need not securely communicate with every one of your correspondents. -Start with a small circle of people, perhaps just yourself and -one or two others who also want to exercise their right -to privacy. -Generate your keys and sign each other's public keys. -This is your initial web of trust. -By doing this you will appreciate the value of a small, robust -web of trust and will be more cautious as you grow your web -in the future. -</para> - -<para> -In addition to those in your initial web of trust, you may want to -communicate securely with others who are also using &gnupg;. -Doing so, however, can be awkward for two reasons: -(1) you do not always know when someone uses or is willing to use -&gnupg;, and (2) if you do know of someone who uses it, you may still have -trouble validating their key. -The first reason occurs because people do not always advertise that -they use &gnupg;. -The way to change this behavior is to set the example and advertise -that you use &gnupg;. -There are at least three ways to do this: you can sign messages you mail -to others or post to message boards, you can put your public key on your -web page, or, if you put your key on a keyserver, you can put your key -ID in your email signature. -If you advertise your key then you make it that much more acceptable -for others to advertise their keys. -Furthermore, you make it easier for others to start communicating -with you securely since you have taken the initiative and made it clear -that you use &gnupg;. -</para> - -<para> -Key validation is more difficult. -If you do not personally know the person whose key you want to sign, -then it is not possible to sign the key yourself. -You must rely on the signatures of others and hope to find a chain -of signatures leading from the key in question back to your own. -To have any chance of finding a chain, you must take the intitive -and get your key signed by others outside of your intitial web of trust. -An effective way to accomplish this is to participate in key -signing parties. -If you are going to a conference look ahead of time for a key -signing party, and if you do not see one being held, offer to -<ulink url="http://www.herrons.com/kb2nsx/keysign.html">hold one</ulink>. -You can also be more passive and carry your fingerprint with you -for impromptu key exchanges. -In such a situation the person to whom you gave the fingerprint -would verify it and sign your public key once he returned home. -</para> - -<para> -Keep in mind, though, that this is optional. -You have no obligation to either publically advertise your key or -sign other people's keys. -The power of &gnupg; is that it is flexible enough to adapt to your -security needs whatever they may be. -The social reality, however, is that you will need to take the initiative -if you want to grow your web of trust and use &gnupg; for as much of -your communication as possible. -</para> -</sect1> - -<sect1> -<title> -Using &Gnupg; legally -</title> - -<para> -The legal status of encryption software varies from country to country, -and law regarding encryption software is rapidly evolving. -<ulink url="http://cwis.kub.nl/~frw/people/koops/bertjaap.htm">Bert-Japp -Koops</ulink> has an excellent -<ulink url="http://cwis.kub.nl/~frw/people/koops/lawsurvy.htm">Crypto -Law Survey</ulink> to which you should refer for the legal status of -encryption software in your country. -</para> - -</sect1> -</chapter> - |