HostedDB - Dedicated UNIX Servers
-->
Internet Security Professional Reference:PGP
Previous Table of Contents Next


Creating the PGP Userid

The next piece of information is the userid on the key. The userid should be a string that contains the name of the user of the key as well as an electronic address where that user can be reached. The suggested format appears in the preceding sample command list: the user’s name followed by the e-mail address in angle brackets.

Next, PGP will ask for a pass phrase. The pass phrase is used by PGP to encrypt the secret key before it is written to disk. Later, the user will be required to type the pass phrase before he or she can use the secret key to sign or decrypt messages. A lost pass phrase cannot be recovered; for this reason, it is imperative that users choose a pass phrase that is easy to remember. Never write down the pass phrase.

Warning:  Choose a pass phrase that is easy to remember and hard to guess. PGP accepts pass phrases over 100 characters long, which provides you with enough space to make pass phrases as long as you want. The longer the pass phrase, the harder it is to brute force by trying all possible keys. Good pass phrases consist of both upper- and lowercase letters and some punctuation and numeric characters. A medium-length sentence with capitalization and punctuation usually makes a good pass phrase.

It is important that users do not forget their pass phrases. A secret key cannot be recovered if the pass phrase is lost. Nothing in the world can be done for a user who forgets his or her pass phrase. Make sure that pass phrases can be remembered. One of the benefits of having such a long pass phrase is that it can be English words in a meaningful English sentence; which makes remembering the phrase much simpler. 

You need a pass phrase to protect your RSA secret key.
Your pass phrase can be any sentence or phrase and may have many
words, spaces, punctuation, or any other printable characters.

Enter pass phrase:
Enter same pass phrase again:
Note that key generation is a lengthy process.

We need to generate 784 random bits. This is done by measuring the
time intervals between your keystrokes. Please enter some random text on
your keyboard until you hear the beep:
   0 * -Enough, thank you.
............**** .......................................................
..****
Key generation completed.

After the pass phrase is entered, PGP will ask for a lot of random keystrokes. While the user types the keystrokes, it measures the inter-keystroke timings to get random data. Because people type at an inconsistent speed, PGP can use the time between each keystroke and use the variance as a source of randomness. It then uses that randomness to generate two large prime numbers, which become the RSA keypair. A user can specify almost all the appropriate data on the command-line. The following example will generate a key of only 512 bits, which is a relatively insecure length. The name of the President is used as the userid to show how easy it is to create a key in someone else’s name. 

~> pgp -kg 512 -u ‘William Clinton <President@Whitehouse.GOV>’
Pretty Good Privacy(tm) 2.6.2 - Public-key encryption for the masses.
(c) 1990-1994 Philip Zimmermann, Phil’s Pretty Good Software. 11 Oct 94
Uses the RSAREF(tm) Toolkit, which is copyright RSA Data Security, Inc.
Distributed by the Massachusetts Institute of Technology.
Export of this software may be restricted by the U.S. government.
Current time: 1995/11/14 08:16 GMT
Generating an RSA key with a 512-bit modulus.
Generating RSA key-pair with UserID “William Clinton
<President@Whitehouse.GOV>”. \\

You need a pass phrase to protect your RSA secret key.
Your pass phrase can be any sentence or phrase and may have many
words, spaces, punctuation, or any other printable characters.
Enter pass phrase:

Enter same pass phrase again:
Note that key generation is a lengthy process.
We need to generate 576 random bits. This is done by measuring the
time intervals between your keystrokes. Please enter some random text
on your keyboard until you hear the beep:
   0 * -Enough, thank you.
............**** .......................................................
..****
Key generation completed.

This key ring now looks like this: 

Type bits/keyID    Date       User ID
pub   512/97D45291 1995/11/14 William Clinton <President@Whitehouse.GOV>
pub   709/C1B06AF1 1992/09/25 Derek Atkins <warlord@MIT.EDU>
pub  1024/D0C6326D 1995/11/14 Ruth Thomas <tara@mail.Free.NET>


Previous Table of Contents Next