Big Brother may is watching. But thanks to OpenPGP's tampering detection alerts and powerful encryption tools, you don't need to give him access to your personal e-mail. PGP ("Pretty Good Privacy") and GPG (Gnu Privacy Guard) are two security programs that provide e-mail encryption/decryption, as well as digital signatures to verify user identities.
In this interview, Michael W. Lucas, author of PGP & GPG: E-mail for the Practical Paranoid, explains how to navigate security protocols like the Web of Trust and SSL. He also recommends common-sense passkey security practices.
What are the differences, security-wise, between inline encoding and PGP/MIME encoding?
Michael W. Lucas: The main difference between the two is that, with inline encoding, you must encrypt attachments separately. PGP/MIME handles attachments transparently. It's very easy to encrypt an e-mail message with inline encoding and forget to secure your attachments!
What are the security limitations of PGP/MIME encoding?
Lucas: The limitations of PGP/MIME aren't obviously security issues. Not all combinations of mail clients and OpenPGP software can handle PGP/MIME encoding. While I can make the case that unreadable mail is secure, it's not what most people are looking for.
How much safer can the OpenPGP 'Web of trust' concept be than certificate authority?
Lucas: The most common plan for data security consists of equal parts hope and inaction! Compared to that, both the Web of Trust and a certificate authority look pretty good. Using either one puts you head and shoulders above your peers. Either system is a reasonable choice for certain environments.
In the past, private keys for signing certificates have been stolen from certificate authorities. Many people trust code and sites signed by those certificates without reservation. The thief can sign code and have it executed on millions of computers worldwide. These certificates are usually updated and revoked in the next release of the Web browser or in an operating system update, but people frequently delay implementing these updates because of possible interoperability issues.
Can't user identities easily be spoofed by downloading keys?
Lucas: If my OpenPGP private key is stolen, it's my own fault. The only person this theft can hurt is myself. The thief has only a brief window of opportunity between his theft and my revocation of my key to do any damage. Really, using OpenPGP requires you to update your public keys regularly, and this update process has no risk of breaking your applications or shutting down your operating.
You can also use OpenPGP without involving any certificate authority or centralized key repository, even without an OpenPGP key server. I have correspondents who have handed me a public key for our personal messages but haven't shared it with anyone else in the world. It's hard to steal or forge what you don't know about!
What provisions does OpenPGP include to make tampering with identity certificates detectable?
Lucas: First off, there's the math. Public key cryptography is a well-understood set of mathematical processes. If someone tampers with a signed or encrypted message, or a key, the numbers won't add up. It's easier to sneak bad math past a suspicious IRS auditor than OpenPGP.
Each OpenPGP implementation has very definite ways of notifying the user when the math doesn't add up. For example, Microsoft Outlook with PGP lets you announce in the message when a message has been tampered with. Even the old-fashioned command-line mail reader I've been running since 1990 or so prints out ugly warnings when an OpenPGP message doesn't look right.
Why would a user want to expand the Web of Trust instead of tracing the Web of Trust or using the key but limiting the trust of the sender?
Lucas: Expanding the Web of Trust means that you're attaching yourself to the Web. Each person who signs your key is another link to the Web of Trust, meaning that you are closer to any individual in the Web of Trust.
When you trace the Web of Trust, you see how many OpenPGP users connect you to another person. This gives you an idea of how certain you can be that the users' identities are as they claim.
You don't have to use the whole global Web of Trust; it's perfectly fine to have your own personal Web of Trust, containing only the public keys of the people you know. If you're an IT manager, you can easily set up a Web of Trust that works within your company. As things stand today, I can easily forge an e-mail that looks like it's from the company president announcing that I have been appointed the 'Grand High Poobah' of my department. OpenPGP prevents those tricks. PGP Corporation has a number of nice, boxed solutions for this, or you can use GnuPG and not spend a penny on software.
OpenPGP puts you in control of your trust decisions. Suppose you know an OpenPGP user that signs the key of anyone who asks. This is bad practice, but there are a few people like that out there. I might decide that I'll trust his key for him, but that I don't want to trust the signatures he places on keys belonging to other people.
They're different sides of the same process. The key here is to choose the parts of the process that fit your needs for your environment and your business. OpenPGP provides a pretty flexible set of tools and standards for that.
How are OpenPGP protocols safer than SSL protocols?
Lucas: OpenPGP protects data at the originating point, in transit and at the destination. OpenSSL only protects data in transit. If I compromise your computer, I can get your data even if you are using OpenSSL. If you've encrypted your data with OpenPGP, I have to do a lot more work to get at that same data.
How can users generate their own keys?
Lucas: Generating keys is easy in both PGP and GPG. Each has a well-defined routine for key generation. Even if you don't want to know anything about public-key cryptography, the software will help you out.