Concepts/OpenPGP Getting Started: Difference between revisions
No edit summary |
No edit summary |
||
Line 1: | Line 1: | ||
This page is still under construction (created from a split of another article). | {{Construction|1=This page is still under construction (created from a split of another article).}} | ||
== Introduction == | == Introduction == |
Revision as of 15:24, 25 April 2013
Introduction
Main key and subkeys
Most OpenPGP keys have at least one subkey (all have exactly one main key). You usually need not care about this difference; your application (or rather the base application GnuPG) selects the right one automatically. The main key is the one which the key fingerprint refers to and only the main key can certify: your own subkeys and user IDs and the user IDs of other keys. The subkeys can do everything else (mainly decryption and signing) if you configure them so. The reason the difference between these key types is mentioned here is that this is very important for key generation: You can separate the secret main key from the secret subkeys. The subkeys can be replaced later, the main key cannot. Thus if you create an offline main key at key generation which you protect by a very hard passphrase and store at least the passphrase securely and use the main key in a secure environment only then you can keep this key "forever" (say 20 years). This is important for everyday keys. High security keys don't really need this seperation (usually don't need subkeys at all).
Key security
Nobody cracks keys by brute force attacks. That is simply impossible for everyone beneath the level of a government agency of a "rich" country. And it would not make sense: It's so easy to just steal them. With a huge probability the system which you are just using to read this text (if not printed...) is not very secure. De facto no system which is used for reading email or reading web pages is safe. Don't argue, just accept this. If you don't you just compromise yourself. A key is never more secure than the system on which it is used (this, of course, includes: created). And it is more secure than the system on which it is stored just by its passphrase which is no protection against a brute force attack if it is either not really random or less than 16 characters long (for small and capital letters and digits).
It is perfectly OK to use OpenPGP on such insecure systems (at least today; this may change in the future if everyone has crypto keys on his system which are a valuable target for attackers). You and your communication partners(!) just have to be aware of the security level. The next security level are smartcards. You cannot steal a key from a smartcard (you can abuse it nonetheless if you control the system to which the smardcard is connected). The next level after smartcards are secure systems: Unconnect your harddisk, all USB sticks (and the like) and the network, boot from a secure medium like a Linux live DVD (from a trusted source, of course!). Use high security keys in such a secure environment only. The next level is protection against hardware attacks (obviously not a subject for a beginners article).
How to get started
You can easily create a key for playing around. But if you let others verify such a key you risk throwing work away later. Your aim should be to create one or more long term keys. The best advice is: Don't try on your own if you can avoid it. Ask experts if you can, people who already have replaced a key of their own and learnt from that. Use a secure system to create a key, use an offline main key and give both the main key and the subkeys an expiration date (not more than a year). Select a key policy (describing the security and usage of main key and subkeys) and stick to it. If you certify other keys before you have a certification policy, do not certify them for the public (web of trust), make local signatures instead (just for yourself). Avoid doing new things before you understand well what they mean.
And remember this:
- What is comfortable (at least nearly) always threatens your security.
- More secure is not always better for the given task. Just be aware of the consequences (in both directions).
Welcome to the crypto world!