The DRG Guide to Using PGP

The Dragon Research Group uses Pretty Good Privacy (PGP) and PGP-compatible tools extensively for a variety of encryption needs. This guide is intended to assist others by providing an overview in using PGP and some of the issues you might encounter in day-to-day usage along with solutions to common problems newcomers may experience. We assume the reader has a good grasp of the fundamentals of public key cryptography such as that employed by PGP. If you need a refresher, here are a few good places to review the basics of the technology:

Obtaining PGP software for your operating system

GNU Privacy Guard (GnuPG) is a popular, free PGP implementation that supports a variety of platforms. Many Unix-based systems include GnuPG in the base install or as an easy add-on through their own software update and management system. GnuPG is also available as a ready-to-compile source code package or binary installation download for many platforms. See GnuPG's distribution site for details.

Symantec provides a popular commercial PGP software implementation for a variety of platforms. In addition to versions available for a fee, Symantec offers a "Trialware" version of their PGP implementation they call "PGP Desktop Email" at no cost. Some versions of Symantec's PGP solutions offer a variety of features integrated into the application suite such as full disk encryption and integrated PGP plug-ins for popular communications applications.

Android users have a variety of implementations to choose from, but each may have limited functionality, a limited track record and market share as of this writing. Android Privacy Guard (APG) is one free implementation undergoing active development. OpenPGP Manager is another implementation also under active development and available for a fee. Nanyang Polytechnic's (Singapore) School of Information Technology has released Android PGP for no cost. All of these implementations should be available from the Android Market.

Mac iOS (iPhone, iPod touch, iPad) users have a variety of implementations to choose from, but each may have limited functionality, a limited track record and market share as of this writing. Symantec provides a free PGP Viewer application. iPGMail is full featured implementation available for a small fee. SecuMail by On-Core is a nearly full featured implementation available for a fee. oPenGP is available in two versions, an oPenGP "Full" for a fee and a no-cost limited "Lite" version. All of these implementations should be available from the iTunes App Store.

The choice of PGP software is a personal one. We believe both GnuPG and Symantec provide a robust, reliable and trustworthy implementation. Others we are less familiar with and thus unable to endorse or discourage their use. If you plan to use a GnuPG implementation, we do recommend you make use of the available packages that may be available directly from your OS distributor or from one of the affiliated GnuPG packaging projects such as GPGTools for Mac users or Gpg4win for Microsoft Windows users.

Many PGP software packages are distributed as a suite of applications rather than as a single program. These suites commonly include encryption utilities for email, files, folders, volumes and whole disk drives as well as key management services. In some cases the entire suite can be accessed through a single application interface while others include individual binaries, which must be run separately. Since command line interfaces tend to change less frequently, we will use the GnuPG-based command line utilities for most of our detailed examples.

Platform-specific considerations

Generally you should have little difficulty installing or updating your PGP software, but we have encountered some issues, particularly involving backwards capability that you should be on the look out for.

The latest version of version of your PGP software is probably the best one and you should use it if possible. However, while most PGP software implementations have a good track record, you may run into encryption and hash algorithm interoperability issues depending on the version and age of your software. Special note to Mac OS X users: It is not uncommon for new Mac OS X point release to be incompatible with existing PGP software. In fact we are aware of one severe case in the past where incompatibilities between the OS and PGP software resulted in data loss in certain configurations with full disk encryption features enabled.

Encryption software has often been subject to law and regulatory constraints governing encryption technology, patents and encryption software related licenses. In many cases, it would suffice for two communicating parties to simply agree to use an unencumbered set of technologies to avoid issues. While the use of cryptography and in particular PGP software is widely supported throughout the globe, you may be subject to certain controls. Please read any and all licenses that come with your PGP software. You may also be interested in Bert-Jaap Koops' Crypto Law Survey page for additional information.

In our experience, compatibility between different versions of GnuPG has been very good. There are two major versions of GnuPG, 1.x and 2.x that are developed in parallel. Many Unix-based distributions continue to use 1.x by default for encryption libraries and base utilities. However, due to the modular nature of the 2.x software, components such as the GPG-Agent from it are often installed and used along side the 1.x base software. Whichever version you are using it is almost always best to use the latest updated release.

Other implementations of PGP tend to have a bit more turbulent path between major revisions. The PGP software that was long developed by PGP Corporation, now defunct, was available as freeware and with source code. These versions, while now many years old, are still available from the International PGP home page. In our experience, freeware versions 6.5.8 and 8.x were reasonable solutions at the time of their release and may still be in use, but we feel uncomfortable recommending their use in new installations unless you have no other option. Other versions did appear to have some additional capability problems that limited their widespread use and therefore we strongly advise against any of those older freeware PGP version. The successor implementation to these freeware versions is now maintained by Symantec. Where you would have used an older freeware version we strongly suggest you consider a more recent version from Symantec or switch to GnuPG. While we have seen some promising signs for implementations in the mobility market, we will wait for implementations there to mature before making any specific recommendations. As a general rule however, we do generally prefer cryptography software implementations that make source code available for review.

A word about encryption and signing algorithms

Recent PGP implementations generally have good defaults for the set of encryption and signing algorithms that will inter-operate with other recent PGP implementations. You can generally feel comfortable accepting the default algorithms for your software. There are two common setups as of this writing. One is to use a DSA key for signing with an ElGamal key for encryption. Another is to use an RSA keys for both signing and encryption. The choice between the two approaches is largely academic for most users and is often the result on the defaults used with the particular PGP implementation that initially generated the keys.

Key length considerations

Your PGP software may ask you for a desired key length for your key pair. Generally the larger the key size the the more difficult it is to conduct known brute force attacks. Larger keys are generally preferable all else being equal, but some older PGP software may not function with very large keys. Most current PGP software defaults to 2048-bit keys for encryption, but we've not run into any difficulties when using 4096-bit encryption keys. While 1024-bit keys are generally considered safe for the foreseeable future, we do not recommend keys less than 1024 bit and encourage you to use at least 2048-bit or larger for all new keys if possible.

Key management and pass-phrase selection

During or after installation you'll need to either create a new key pair or import an existing one. Ensure your private key is in a secure location and safely backed up. Never put a copy of your private key where it can be easily accessed by anyone else. This usually means only using your private key on a system that you have sole administrative control of.

An optional pass-phrase is associated with every private key and except for some very special cases, you always want one and you want it to be very difficult for someone to guess or brute force attack. Length and complexity are two determining factors that help differentiate a strong pass-phrase from a weak one. There are at least two reasonable approaches to pass-phrase creation. One is to use a pass-phrase generator and the other is to invent a memorable mnemonic that provides sufficient length and complexity.

There are a number of utilities available that you can use to create a difficult to guess and brute force passivise. If you do use a pass-phrase generation utility, we highly recommend it be run and output the pass-phrase only on a system you control. If you have access to a Unix machine, you can generate a reasonably complex and lengthy pass-phrase by using the DRG genpass shell script.

Post-installation considerations

After installing your PGP software you'll ultimately want to import the public keys of people or groups you'll be communicating with using PGP. Obtaining the correct public keys that are associated with the party you wish to communicate with is one of the "bootstrapping" challenges you face with public key cryptography. While a full enumeration of the challenge and proposed solutions to this problem are beyond the scope of this document, suffice it to say, obtaining and using the correct public keys is of paramount importance. If using incorrect keys, at best, encrypted messages will be unreadable by the intended party. At worst, encrypted messages will be decrypted and intercepted by an adversary.

PGP public keys are often distributed through public PGP key servers. While not everyone publishes their public keys on a key server and often many of the keys on key servers are either misleading or defunct, this is a convenient way to make keys widely available. Your PGP software should provide you an interface with which to interact with key servers to both fetch and upload keys. Using GnuPG for example, you can fetch the Dragon Research Group PGP key from MIT's PGP key server by using the command gpg --keyserver pgp.mit.edu --recv-key 47196BBF. Your software may also provide you a more sophisticated interface to search key servers for a key or PGP user. If not however, you can interact with most public key servers via a web interface for similar functionality. David E. Ross maintains a list of PGP: Public Key Servers that you might find useful.

Many PGP users also publish their public key on web pages or make their key available for download like they do for software. Furthermore, many PGP users publish their public key "fingerprint" in emails and business cards. Increasing the public record of your PGP key can help ensure those who need it can get and verify it.

At this stage in your usage of PGP, perhaps the most important consideration is safeguarding your private key(s) and associated pass-phrases. Avoid storing your private key anywhere you do not have complete and sole control over. This may included multi-user systems, shared servers (e.g. a virtual machine) and other systems that are especially vulnerable to remote attacks. If you must use PGP on any system where your private keys are at elevated risk you may wish to use a separate key pair on those systems and indicate in the key's name or comment field that this is some way a "casual" key and should not be used for anything extremely sensitive.

PGP and email integration

Perhaps the most common, but often also the most challenging use for PGP by typical users is with email. Being able to exchange email that is generally unreadable to intermediate parties is a widely desirable property since email often transits or resides on untrusted systems. However, integrating PGP into a user's email application is often a daunting task. Thankfully there are generally plug-ins or helper applications that seamlessly integrate into most common email applications. The GNU Privacy Guard Project maintains a list of GnuPG MUA front-ends most of which are open source and free for non-commercial use. Symantec also provides a desktop suite that integrates with a number of email systems.

There are essentially two basic approaches to encrypting and signing email with PGP. One is by using MIME encoding as defined in IETF RFC 3156 - MIME Security with OpenPGP. The other is by including the PGP output directly "inline" of the email body. Both approaches are commonly used and most MUAs and PGP to email integration tools support both. We find that "inline" tends to be more widely used, even though you may run into people who adamantly encourage using PGP/MIME. Unless you are in this latter camp, we recommend using inline by default.

PGP key signing parties

To help reliably exchange public keys amongst PGP users, PGP key signing parties are designed to help ensure those who would need to communicate securely can reliably obtain each others public keys. The basic idea is to arrange an in-person PGP key signing event where participants will verify each others identity, associated key(s) and then sign those keys that can be sufficiently validated as being associated with the participant. PGP key signing parties are ultimately a low-tech way to help build the PGP "web of trust". The keysigning.org web site concisely details the common methods used in key signing events. The Keysigning Party HOWTO document also details the process and details to key signing. Biglumber is a popular key signing coordination site frequently used by key signing party organizers.

Pointers to Other Resources

  1. Tom McCune's PGP page
  2. Phil Dibowitz's PGP Docs
  3. PGP & GPG: Email for the Practical Paranoid
  4. PGP: Pretty Good Privacy
  5. IETF RFC 4880 - OpenPGP Message Format

Last updated: $Date: 2012/06/25 15:50:31 $

Back to DRG