|
Previous | Table of Contents | Next |
It is said that, using the appropriate intermediaries, it takes six handshakes to get from any one person on earth to any other person on earth. This is a web of introducers, where each person acts as an introducer to the next person in the chain. PGP uses a similar method to introduce new keys, using key signatures as a form of introduction. When someone signs a key, he or she become a potential introducer for that key. For example, suppose Alice signs Bobs key, and Bob signs Charlies key. Alice now has a certification path to Charlie. Alice now has a means of knowing that Charlies key really is Charlies because it has a signature of Bob on it, and Alice knows that Bobs key really belongs to Bob. This is a way to provide transitive trust in keys.
There is clearly a problem in this design. What happens if someone is acting as an introducer but does not really know the person he claims to know? For example, what if Bob is completely careless and signed Dougs key, even though it claimed to be Charlies. Not only would Bob think that this key belongs to Charlie (even though it is Doug claiming to be Charlie), but if there were no measurement of trust, Alice would believe it, too.
This is where the PGP Web of Trust comes into play. With the Web of Trust, users define the amount of trust they put into a key to act as an introducer for them. In the preceding example, Alice can put as much trust as she wants in Bobs key, and should only trust a key if she trusts Bob to sign others keys correctly. If Alice knows that Bob is lax about verifying keys, she would clearly not trust Bob to act as an introducer. As a result Alice would not trust the key that Bob signed for Doug, claiming to be Charlie.
Of course, the Web of Trust is not foolproof. If someone is fooled into signing a wrong key, it can cause others to believe it incorrectly. The PGP Web of Trust can be thought of as a reputation system, where people are reputed to give good signatures, and others are reputed to give bad signatures. The system can fail when false positive reputations exist.
The Web of Trust starts with a users own keypair. PGP assumes that if you have the secret key for a keypair, you can trust it. This is because you can verify the key at any time by creating a signature and verifying it. This is called Ultimate Trust. Any keys signed by an Ultimately Trusted key are trusted to be valid keys.
For each valid key, the user is asked to assign a level of trust in that key. This trust value defines how much the user trusts that key as an introducer. This can get confusing because PGP uses the same terms to define trust in a keys validity as it uses to define the amount of trust as an introducer. There are four levels of trust:
In addition to defining trust in keys as introducers, users define the number of completes and marginals needed to trust the validity in a key. By default, PGP requires one complete or two marginal signatures, where a complete signature is a signature by a key that is completely trusted as an introducer, and a marginal signature is a signature by a key that is marginally trusted as an introducer. These values can be set by the user to define how many complete and marginal signatures are required to trust the validity of a key.
This process continues until a user-defined level is reached. The default value is four levels of recursion, or nesting, in the search of the key ring. If Alice signs Bob, Bob signs Charlie, Charlie signs Dave, Dave signs Elena, and Elena signs Frank, Alice could only get as far as Elena, and could not trust Frank because there are too many steps. Moreover, this all depends on the trust that Alice has in all of the signers in the line. In general, it is not recommended to put trust in keys belonging to users you do not know.
To manage keys, PGP has developed an extensive set of key management functions. Many would say that this is the most confusing part of PGP, which is probably right. However, PGP key management is not so complicated that it takes a Unix guru to understand it. With some time exploring and with some careful explanations, anyone can understand it.
The important point regarding key management is that all PGP key management functions are invoked by PGP command lines that begin with the -k option. The arguments listed in table 11.1 follow this option and tell PGP which key management function is requested. Arguments listed with brackets are optional.
Option | Description |
---|---|
pgp -kg [length] [ebits] [-u userid] | Generates your own unique public/secret key pair |
pgp -ka keyfile [key ring] | Adds a key files contents to your public or secret key ring |
pgp -kx userid keyfile [key ring] | Extracts (copies) a key from your public or secret key ring |
pgp -ks her_userid [-u your_userid] [key ring] | Signs someone elses public key on your public key ring |
pgp -kv[v] [userid] [key ring] | Views the contents of your public key ring |
pgp -kc [userid] [key ring] | Checks signatures on your public key ring |
pgp -kr userid [key ring] | Removes a key or a user ID from your public or secret key ring |
pgp -krs userid [key ring] | Removes selected signatures from a userid on a key ring |
pgp -kvc [userid] [key ring] | Views fingerprints for keys on your key ring |
pgp -kd userid [key ring] | Disables or revokes a key |
pgp -ke your_userid [key ring] | Edits your user ID or pass phrase |
Previous | Table of Contents | Next |