What is OpenPGP
If you are reading this blog, there is little reason that you shouldn’t be encrypting your personal email with OpenPGP based encryption every time. This series of blog posts will attempt to explain what OpenPGP is, and why and how you should use it.
OpenPGP is a IETF standard format, RFC 4880 [0], for providing encryption and digital signatures for any content. OpenPGP is quite flexible, and, although it is used most commonly with E-mail, OpenPGP can be used anywhere that text or files can be exchanged. OpenPGP compliant programs turn data into an ASCII or Binary data that can be copy/paste into files or put in files directly.
GPG [1], The GNU Privacy Guard, is a FOSS implementation of OpenPGP. This is somewhat ironic, because the original PGP code written by Zimmerman was open source, but not libre. Over the years, the code has been extended and owned by a variety of actors - This is perhaps the best example of how open source != libre. This is not the only implementation of OpenPGP: Multiple chrome extensions including one by google [2] and OpenPGP.js by Protonmail exist to perform OpenPGP manipulations from a web browser for web-mail, an Apache module, mod_openpgp exists to sign web pages, and various email client extensions like Enigmail to simply the process.
This blog post is going to explain how to use the GPG command line to perform basic encryption and decryption.
Symmetric Encryption - Encryption for Insiders.
Symmetric encryption is perhaps the simplest type of encryption, and the kind the makes sense to the average person: Encryption with a password. You provide a password, you get the contents of the file. No certificates or identity are in play here. GPG uses the ‘–symmetric’ option to preform symmetric encryption.
gpg --symmetric [file]
Doing this will result in the creation of [file].gpg which is the encrypted file. The original will not be touched. We can affect the name of the file using the --output option like so
gpg --symmetric --output [newname] [file]
Running the file command, we can see that the file is AES encrypted by default:
[newname]: GPG symmetrically encrypted data (AES cipher)
We can actually view further details with the --list-packets option.
gpg --list-packets [newfile]
which yields the voluminous output
[user@host ~]$ gpg --list-packets [newfile]
gpg: AES encrypted data
gpg: encrypted with 1 passphrase
# off=0 ctb=8c tag=3 hlen=2 plen=13
:symkey enc packet: version 4, cipher 7, s2k 3, hash 2
salt F99B17B7C36EECB2, count 30408704 (237)
# off=15 ctb=d2 tag=18 hlen=2 plen=0 partial new-ctb
:encrypted data packet:
length: unknown
mdc_method: 2
# off=36 ctb=a3 tag=8 hlen=1 plen=0 indeterminate
:compressed packet: algo=1
# off=38 ctb=ad tag=11 hlen=3 plen=5515
:literal data packet:
mode b (62), created 1599521025, name="[file]",
raw data: 5494 bytes
Here we can observe, the original file name and size are recorded in the encrypted file as cryptographic metadata. So, if disclose the secrets through file name, your secrets are disclosed. Be aware of this when you encrypt ‘love_letter_to_mrs_brown.txt’. We also observe, the cipher used is “cipher 7”. We can look this up in the standard in section 9.2
ID Algorithm
-- ---------
0 - Plaintext or unencrypted data
1 - IDEA [IDEA]
2 - TripleDES (DES-EDE, [SCHNEIER] [HAC] - 168 bit key derived from 192)
3 - CAST5 (128 bit key, as per [RFC2144])
4 - Blowfish (128 bit key, 16 rounds) [BLOWFISH]
5 - Reserved
6 - Reserved
7 - AES with 128-bit key [AES]
8 - AES with 192-bit key
9 - AES with 256-bit key
10 - Twofish with 256-bit key [TWOFISH]
100 to 110 - Private/Experimental algorithm
and so we see, the algorithm used is AES-128, which was also denoted [AES] by file, and the standard. PGP gracefully allows users to control this with the --cipher-algo option. Let's try 256 bit camellia, a modern cipher with as much protection as AES.
gpg --symmetric --cipher-algo camellia256 [file]
That option isn’t listed by the standard.. We can determine what cryptographic primitives, including ciphers, GPG supports by running
gpg --version
Binary and ASCII : How do I post on forums
Printable ASCII data is a series of bytes/numbers that happen to be interpreted as printable characters by software like web forums. This is only interesting because there are bytes/numbers that are not printable. Trying to paste the contents of a GPG encrypted file in binary format, the default, used above, is going to result in chaos that is not copy-pastable by the recipient - Some characters might not get rendered by the forums/text editors, others can modify/remove characters. Thankfully, OpenPGP has an ASCII only mode that generates files that can be copy-paste. For this, we use the --armor option.
gpg --symmetric --armor [file]
This produces as .asc file that contains only letters that you can copy and paste anywhere that letters are accepted. Here is a demo of what that the files content looks like.
-----BEGIN PGP MESSAGE-----
jA0EBwMC9F4ypBiTvw/t0ogBLUu6G3BXTFqEpW0VQ9i2rh2c3PAWvND7D5yURQ6g
QmAXK+cgLDaUiUQpFK8e3Ojy0G/57ZpijESfXBJiC+dWAlRch4I6hFmreJ/f87Wa
6ThRVuyJvf5ZrbTmu6y1iVasf0JnjkE+0KXQ5E/76fmU0k6RCRVNO0qq2D06iQtN
EeIMkC1GWptK
=X+Pf
-----END PGP MESSAGE-----
An alternate, but not as common method of encoding binary data as ASCII so that it can be rendered by text editors/forums is base64. GPG doesn’t automatically understand base64 encoded files, and its not as obvious the file is GPG encrypted. This doesn’t really provide any security but makes for a game commonly played by neophytes.
base64 [binary_file] > [filename]
This can be decoded with the -d switch.
base64 -d [file_name] > [binary_file]
In a pinch, you could use this to obfuscate binary files, or even just make them transmissible over forums without encryption. This is most commonly seen as a tactic in CTFs to confuse newbies.
Symmetric Decryption : Give me my data back!
So, one obvious question you might have now that you have encrypted all your files is, “how do I decrypt them”. GPG can do that too, with the --decrypt option. By default, the --decrypt option will output to standard out, or the terminal. You probably want to change this by using the --output option.
gpg --decrypt --output [newname] [file]
Interestingly, GPG doesn’t make use of the filename in the cryptographic metadata, and as far as I can see, this feature cannot be disabled.
Why use Symmetric Encryption
The Problem of Key Exchange
Symmetric Encryption requires all parties agree on a password securely. One objection that you might raise is, “If I can get you the password securely, why not just pass the data instead?” This objection is deeper than it sounds, and has concerned governments, military, and cryptographers for a long time. The problem is called “Key Exchange”. Symmetric Encryption algorithms like AES, CAMELLIA, don’t handle ensuring the people decrypting the file have the password/key. The good news is, there are cryptographic ways to do Key Exchange securely, but lets consider for now, why would anyone use Symmetric Encryption algorithms?
Limitation’s of Full Disk Encryption and Layers of Security
One obvious use is when there is no key exchange, IE. the encryptor is the only party. You can use GPG to encrypt your own files and data transfers. Of course, full disk encryption exists, and applying GPG to each file before use is a pain in the dick (READ: Not scalable) - so it's not a drop in replacement for FDE. However, an important consideration is that FDE actually only protects data at rest that is to say, files on a hard disk spun down with encryption key not in memory, and computer powered off. If your computer is running when attacked, all bets are off. For a real life example of this, see Ulbrict Ross [3], Dread Pirate Roberts , whose laptop was seized running. One thing you might do to provide an additional layer of protection to your device is to encrypt a few special files when not in use, even with the full disk encrypted. This is actually what the pass [4] password manager does.
Encrypting Data Transfers
If you're an admin, you have likely transferred data insecurely with netcat. Don’t do this, GPG is installed on almost all Linux machines by default. You can encrypt netcat data transfers without cryptocat or the annoyance of SSL certificates for ncat by using GPG.
cat [secret data] | gpg --symmetric --passphrase "lol_this_is_in_history" --batch | nc -lp [port]
and
nc [host] [port] | gpg --decrypt --passphrase "lol_this_is_in_history" --batch > [secret_data]
If you are a regular human being, you probably use e-mail as a way to send yourself files. You’d be pleasantly surprised to learn then, that OpenPGP software is available for virtually every platform including Andriod, IOS, Windows, Linux and MacOS. Don’t send secure data insecurely.
No Identity and Repudiation
Perhaps another interesting facet of symmetric encryption, is there is no identity requirements. No certificates, little metadata. So publicly posting symmetrically encrypted data would allow a group of insiders to access content together without revealing who can access that content, or even who encrypted it to begin with… Anyone with the password could have. This might provide you with plausible deniability, and anonymity. However, reusing the same key for an extended period of time is a bad idea. And you have to have a way to securely change and exchange the key.
Distribution of Easily decrypted content
Finally, also of interest, The shadow brokers distributed archives of symmetrically encrypted files with PGP, so that they could make public the passphrase at a later date as kind of insurance against the files getting taken down. Wikileaks and other organizations have similarly been known to post insurance files with unknown passphrases.
Challenge
Decrypt the demo above by placing the contents in a file and running gpg against the file. The password is password. For bonus points check the original file name using the cryptographic metadata with the --list-packets option, and see if I accidentally disclosed a secret. If you successfully complete the above, than we have exchanged data using simply a webpage. I could have printed this out and mailed it to you, and we could have securely exchanged data this way as well. Anywhere you can post text, you can exchange encrypted data now.
Comments