CS 120 / Lab 11 - April 2010 Allison Mankin, mankin@cs.jhu.edu Security Topics Today you will create a public key that can be used by others to verify that code and any other material you choose to sign has come from your undergrad account. You'll also get a brief intro do secure coding and I'll give you an orientation for a great manual on the web for secure coding in C++ and C. Public Keys ----------- 1. If you don't already have your undergrad public_html web site configured, configure now, using instructions -> http://www.cs.jhu.edu/webdocs/ Many of you have already done this during one of the mercurial labs 2. Public keys using 'gpg' a. What are public keys used for? - signing: one metaphor is a transparent envelope with your signature across the sealed flap - encryption: opaque envelope that can be opened only by the recipient - public key-private key: security algorithm in which you sign your documents with a key known only to you. Others are able to check that you were the signer and that the document has not changed since you signed it. The key that they use to check it is a companion to your private key, but it is public and available to to the whole world. Most common algorithm: RSA There are many other uses for public-private key security. Just one other: you can encrypt a message for your friend using her public key, the one that the entire world has. Then only she can read your message because even though it was encrypted with her public key, it can only be decrypted with the private key that she keeps secret. - public key block: an ascii representation of part of the key made available publicly - key fingerprint: a hash (math function) of the long public key to make a unique* shorter representation (usually 96 bits). *(probability of non-uniqueness is near 0). b. Make your own pgp key with 'gpg' Before you start, think of a passphrase that you will use to activate gpg anytime you use it after you generate your keys. A passphrase is typically a full sentence, not a password. For instance: "Curiouser and curiouser, thought Alice." We'll type the following commands. % cd ~ [APPENDIX A has a log from running gpg --gen-key] % gpg --gen-key [The command bellow -- export -a argument produces the ascii public key block. We look at it on the screen first and then redirect it into a file. ] % gpg --export -a % gpg --export -a > gpg.txt % gpg --fingerprint > fingerprint.txt c. Make the public key available for others to use by publishing on your CS webpage. - your key fingerprint - your public key block % cp gpg.txt fingerprint.txt public_html % cd public_html % chmod 704 gpg.txt fingerprint.txt d. Take a look at keys and fingerprints published on the web... http://ugrad.cs.jhu.edu/~mankin/[gpg.txt | fingerprint.txt] e. Verify (check the signature on) a file that I've signed. The full log of this is in APPENDIX B. % gpg --fetch-keys http://ugrad.cs.jhu.edu/~mankin/gpg.txt % wget http://ugrad.cs.jhu.edu/~mankin/message1.txt % gpg --verify message1.txt A summary of our results -- (full log in APPENDIX B) gpg says signature is good gpg warns us that signature is not certified by a trusted signature and we can't be sure the signature belongs to the owner What this means: the file in the clear envelope is signed correctly by the private key of someone calling herself Allison Mankin in that posted key. But gpg reminds us that we need to ask how we know that the real Allison posted that key. In some cases we can know by inspecting the fingerprint. Often we build up web of trust with public keys of other people that we sign at key signing parties. Because public key blocks can themselves can be placed in those clear envelopes by us or by others whom we trust. Today: do you trust the public key you fetched in order to verify message.txt? Why? Terms: - web of trust - key signing party - key ring e. Exercise: try verifying a compromised version of the file: name and text changed, while signature was left as is. % wget http://ugrad.cs.jhu.edu/~mankin/messagel.txt % gpg --verify messagel.txt What is the result? f. Signature verification for downloads. Why? https://help.ubuntu.com/community/VerifyIsoHowto g. Exercise: sign a file of your own %gpg --clearsign Your signed file is .asc h. If time permits: generate your encryption key %gpg --edit-key [e.g for mine: ] %gpg --edit-key 186DA45D [log of edit-key is in APPENDIX C] Intro to Secure Coding ---------------------- *** We either write secure code on purpose or we write at-risk code. ***** https://www.securecoding.cert.org/confluence/display /seccode/CERT+C+Secure+Coding+Standard ------------------------------------------------------- APPENDIX A. Log of gpg --gen-key $ gpg --gen-key gpg (GnuPG) 1.4.9; Copyright (C) 2008 Free Software Foundation, Inc. This is free software: you are free to change and redistribute it. There is NO WARRANTY, to the extent permitted by law. gpg: directory `/home/mankin/.gnupg' created gpg: new configuration file `/home/mankin/.gnupg/gpg.conf' created gpg: WARNING: options in `/home/mankin/.gnupg/gpg.conf' are not yet active during this run gpg: keyring `/home/mankin/.gnupg/secring.gpg' created gpg: keyring `/home/mankin/.gnupg/pubring.gpg' created Please select what kind of key you want: (1) DSA and Elgamal (default) (2) DSA (sign only) (5) RSA (sign only) Your selection? 5 RSA keys may be between 1024 and 4096 bits long. What keysize do you want? (2048) Requested keysize is 2048 bits Please specify how long the key should be valid. 0 = key does not expire = key expires in n days w = key expires in n weeks m = key expires in n months y = key expires in n years Key is valid for? 90 You need a user ID to identify your key; the software constructs the user ID from the Real Name, Comment and Email Address in this form: "Heinrich Heine (Der Dichter) " Real name: Allison Mankin Email address: mankin@cs.jhu.edu Comment: (At JHU) Invalid character in comment Comment: At JHU You selected this USER-ID: "Allison Mankin (At JHU) " Change (N)ame, (C)omment, (E)mail or (O)kay/(Q)uit? O You need a Passphrase to protect your secret key. We need to generate a lot of random bytes. It is a good idea to perform some other action (type on the keyboard, move the mouse, utilize the disks) during the prime generation; this gives the random number generator a better chance to gain enough entropy. Not enough random bytes available. Please do some other work to give the OS a chance to collect more entropy! (Need 284 more bytes) ....+++++ gpg: /home/mankin/.gnupg/trustdb.gpg: trustdb created gpg: key 186DA45D marked as ultimately trusted public and secret key created and signed. gpg: checking the trustdb gpg: 3 marginal(s) needed, 1 complete(s) needed, PGP trust model gpg: depth: 0 valid: 1 signed: 0 trust: 0-, 0q, 0n, 0m, 0f, 1u pub 2048R/186DA45D 2010-04-22 Key fingerprint = 4129 14E3 3691 170D 6281 6403 A92D A5A2 186D A45D uid Allison Mankin (At JHU) Note that this key cannot be used for encryption. You may want to use the command "--edit-key" to generate a subkey for this purpose. ------------------------------------------------------- APPENDIX B. Log of gpg --fetch-keys and gpg --verify masters1$ gpg --fetch-keys http://ugrad.cs.jhu.edu/~mankin/gpg.txt gpg --fetch-keys http://ugrad.cs.jhu.edu/~mankin/gpg.txt gpg: key 186DA45D: public key "Allison Mankin (At JHU) " imported gpg: Total number processed: 1 gpg: imported: 1 (RSA: 1) masters1$ gpg --verify message.txt gpg --verify message.txt gpg: Signature made Thu 22 Apr 2010 01:02:57 PM EDT using RSA key ID 186DA45D gpg: Good signature from "Allison Mankin (At JHU) " gpg: WARNING: This key is not certified with a trusted signature! gpg: There is no indication that the signature belongs to the owner. Primary key fingerprint: 4129 14E3 3691 170D 6281 6403 A92D A5A2 186D A45D ------------------------------------------------------- APPENDIX B. Log of gpg --edit-key 186DA45D Command> addkey Key is protected. You need a passphrase to unlock the secret key for user: "Allison Mankin (At JHU) " 2048-bit RSA key, ID 186DA45D, created 2010-04-22 Please select what kind of key you want: (3) DSA (sign only) (4) RSA (sign only) (5) Elgamal (encrypt only) (6) RSA (encrypt only) Your selection? 6 RSA keys may be between 1024 and 4096 bits long. What keysize do you want? (2048) Requested keysize is 2048 bits Please specify how long the key should be valid. 0 = key does not expire = key expires in n days w = key expires in n weeks m = key expires in n months y = key expires in n years Key is valid for? (0) 90 Key expires at Sun 25 Jul 2010 01:21:57 PM EDT Is this correct? (y/N) y Really create? (y/N) y We need to generate a lot of random bytes. It is a good idea to perform some other action (type on the keyboard, move the mouse, utilize the disks) during the prime generation; this gives the random number generator a better chance to gain enough entropy. Not enough random bytes available. Please do some other work to give the OS a chance to collect more entropy! (Need 220 more bytes) ....+++++ pub 2048R/186DA45D created: 2010-04-22 expires: 2010-07-25 usage: SC trust: ultimate validity: ultimate sub 2048R/27F21F02 created: 2010-04-26 expires: 2010-07-25 usage: E [ultimate] (1). Allison Mankin (At JHU)