Chapter 6 Working with Public Keys

6.1 Trusting a Public Key

Sam says: “‘Trust but verify’ also applies to public keys. For example, consider keyservers: they are public servers hosting user-generated con- tent. Just because a public key has been uploaded to the keyserver doesn’t mean it’s true: I can upload a key with your name and your e-mail address on it, but it doesn’t prove that key is your key. But, there are other ways to gain confidence.”

Bob asks, “What about giving me your key directly, shouldn’t I trust that?”

“That is one way to do it, but you still need to verify the key is what I say it is,” replies Sam. “The obvious way is to examine the entire public key and make sure it’s exactly correct--because a public key has to be exactly correct. Change one character of a public key, and that key is no longer usable.”

Bob asks,“Could I print out your public key and compare it to. . . what would I compare it to?”

“First off, keep in mind that the public key you just created seems relatively short only because it has not been signed by anyone but you;

the public key block for a key that’s been signed (see web of trust) is too large for a person to verify by hand,”Sam says.

“If I give you my pubic key in person, and I’ve also posted my pub- lic key on a web site, you could compare those two keys,” replies Sam,

“but you’d still have to trust that I am who I say I am; most people would check my passport or drivers license in addition to my public key.”

“You could also use a trusted third party, like if there were some- one we both knew, and that person gave you a copy of my public key, you could compare the key I give you to the key that other person gives you--this is web of trust stuff again. This comes up with signing keys for open source projects: you download the signing key from the project web site, as well as from any mirror sites, and compare the keys from all those sources,”says Sam.“But there’s a better way.”

6.1.1 Using Fingerprints

“The public key block is right at the edge of manageability for a per- son (see the one on page 26): it’s a page or so (or more) of random- seeming text, which is a lot of random-seeming text for a person to process. But if you generate a secure hash on the entire public key, you have afingerprintuniquely identifying the key. If I give you my public key and that key’s fingerprint, you import the public key and compare fingerprints. If they match, the public key is verified.”

“But it could still be fake, right?”asks Bob.

“Well, at some point you have to be willing to trust people you’re encrypting data with. I can claim to be Barack Obama, e-mail address barry@whitehouse.gov, and my fingerprint checks out with a public key you found on a keyserver--but that doesn’t make me the presi- dent.” Sam continues: “What it does do is give you confidence that when you encrypt a message to me,‘Barry’, Iwill be the only one who can decrypt it.”

“I could show you a passport and ID to prove my identity--but since you already know I’m a spy, you probably won’t trust my docu- ments. You can, however, be confident that my public key is connected to me, the person sitting next to you, the person you know as ‘Sam Mallory’. It’s subtle, but it’s there and you need to deal with it.”

6.1.2 Other Ways of Verifying a Public Key

Sam continues: “In addition to the technical ways of verifying public keys, I try to use common sense to determine how much I need to worry.”

“For example, I look for multiple sources for a public key: a book, a web site, a keyserver, wherever a public key might be published. An attacker might be able to switch out the legitimate public key on my web site, but it’s harder to replace a key on a printed page in a library book. Some people even put their fingerprints on their business cards, to make things simple,” says Sam.

“How do I find the fingerprint?”asks Bob,“and what actuallyisit?”

6.1.3 Fingerprints

“The fingerprint for a GnuPG public key is 40 characters, usually displayed as 10 four-character ‘words’. To see a fingerprint, use the --fingerprintcommand”:

gpg –-fingerprint [keyID]

“Where[keyID]¹ is the actual key ID or a partial/complete string of the key’s user name or e-mail address or comment. You should also know that the key ID is the last 8 bytes of the fingerprint², so if you have the fingerprint handy, you also have the key ID. I can display the fingerprint of any key on my keyring by specifying that 8-byte key ID;

here’s mine”:

$ gpg --fingerprint 1A0F711A

pub 2048R/1A0F711A 2013 -01-15 [expires: 2015 -07-04]

Key fingerprint = 3E2E 4BB0 6F8C C405 6AD0 D125 3B3B B3B3 1A0F 711A uid Sam Mallory <sam.mallory.404@gmail.com>

sub 2048R/DDBB6A4D 2013 -01-15 [expires: 2015 -07-04]

“Also, my name would work,”adds Sam,“or my e-mail address, or a string from my key comment, though usually it’s best to use the key ID, since it’s most likely to be unambiguous--I may have more than one public key, or you may have public keys from two people with the same name, but key IDs should be unique.”

Bob frowns and asks,“Should be? Are fingerprints not unique?”

1Key ID here is optional, if left off, GnuPG returns fingerprints forallkeys on your keyring.

2The last 8 bytes of the fingerprint form theshort key ID, the last 16 bytes are the long key ID.

65 Working with Public Keys

“Well, key IDs and fingerprints can collide in theory, but in prac- tice you shouldn’t have to worry about it, at least not for now³, ” answers Sam, continuing:

“You verify the public key by comparing the fingerprint GnuPG shows to the fingerprint you get from the keyholder: look at the back of my business card, and compare to what GnuPG returns. Should be the same.”

Bob taps in the command, and Sam continues: “If they don’t put their fingerprint on their business cards, people may post their finger- print online with their public key; ideally, you want to get a fingerprint directly from the keyholder (along with photo ID), or if you know the keyholder well enough to identify them over a phone connection, that’s another way to get a fingerprint that you can trust.”

Bob asks, “What about sending a fingerprint by e-mail?” Sam replies, “That’s not a good idea because you might be tricked by a man-in-the-middle attack. That’s where someone intercepts messages intended for you, and changes them. Even if the fingerprint is sent encrypted to your public key, that proves nothing about who is send- ing the message. Just remember that it’s best to do verification in person.”

“What about keyservers, Sam? Can’t I get all this stuff from them?” asks Bob.