please give us safer defaults for gnupg

vedaal at vedaal at
Tue Dec 17 20:40:12 CET 2013

On Tuesday, December 17, 2013 at 12:49 PM, "adrelanos" <adrelanos at> wrote:

>The person who agreed with me:
>carlo von lynX
>Also the autor of "15 reasons not to start using PGP". [1]


All of his reasons are easily countered. 
In the interests of time and space, I'll just address the following ones:

2. The OpenPGP Format: You might aswell run around the city naked.
3. Transaction Data: Mallory knows who you are talking to.
8. PGP conflates non-repudiation and authentication

First, as a general approach to encryption and authentication, it's important to recognize that there are several levels why a user may want to encrypt and/or authenticate.

The simplest level:

[a] It's not really important, but it's nobody else's business either.

This is equivalent to sending a message in an envelope rather than a post-card, except that in PGP, it's easier for users to confirm that the sender and the recipient are who they are, than in the case of snail-mail through an envelope, or ordinary e-mail.

The next level:

[b] It's important, and the sender stands behind the information, and is willing to have the receiver vouch for the signature or send it on with the signature intact, to whoever needs to take action on the information.

A more serious level:

[c] It's very important, and needs to be kept confidential as to who sent it, who received it, and needs repudiation as to who signed it.

There are several ways that, with a little effort,  open-pgp can be used to do this. Here is one suggestion:

(i) The sender and receiver each generate a key of typical size (2048 or 4096) but do not ever post it to a key server. Instead they exchange it, either in person, or by having it posted encrypted to the intended recipient's key, using the throw-keyid option, to a website or newsgroup that allows encrypted postings.
(The reason 'typical size' is mentioned, is that the throw-keyid option does not hide the 'size' of the key, so if you happen to be the only one on the internet who decided to generate a cool atypical key of 3693, it will be pretty obvious who is behind the message, even with the throw-keyid used. It's also possible for someone to intentionally 'frame' you for the message  ;-)   ).

(ii) The sender and receiver also generate a separate signing key that they give to each other, that they can each use, and post it as in (i).

(iii) Messages can now be signed with the key generated in (ii), hidden-encrypted to the key generated in (i), put on a small clean usb, and posted anonymously from a public place to the website or newsgroup, and then physically destroy the usb.

Depending on how serious the requirements are, the more precautions need to be taken.
generating and decrypting pgp messages only on a machine never connected to the internet and under physical security at all times;
posting from different public wifi sites with different laptops, etc.   depending on the threat model.

To borrow from the racing car analogy used earlier in this thread:

GnuPG  provides an extremely high performance sturdy vehicle that can be used for ordinary shopping as well as high speed off road chases ...  ;-)

There are enough capabilities and workarounds in GnuPG, to do almost anything a user wants to do in terms of storing, sending or authenticating any messages or files.

Thanks again, to WK and the GnuPG team.


More information about the Gnupg-users mailing list