|
|
| Previous | Table of Contents | Next |
First, the key owner obtains the fingerprint when the key is created and writes it down. Then, when anyone wants to verify the key, he or she contacts the key owner who transfers the fingerprint. Then the end user can check the fingerprint, keysize, key creation date, and userid against the information obtained from the key’s owner. If everything matches, then the key has been verified and it is OK to sign it.
When you know that your key has been compromised, you should revoke it. A key has been compromised when an attacker has the opportunity to access the full key. This can happen when you are careless with the secret key ring and pass phrase, or if the attacker has spent enough computer time to derive the secret key from the public key.
Warning: You should never type a pass phrase in clear-text over the network. Pass phrases should always be typed at a keyboard that is directly connected to the CPU running PGP. Unfortunately, a pass phrase might be typed in the wrong window, at the wrong time, or even in the wrong program.
No matter what the cause of a compromised key, a key compromise, or revocation, certificate should be issued and sent to everyone who might be using the key. A revocation certificate behaves like a signature on the user’s own key, which tells PGP not to use the key for any security methods. A revoked key will remain on the key ring, and it can be viewed, extracted, and e-mailed just like a normal key.
~> pgp -kd president Pretty Good Privacy(tm) 2.6.2 - Public-key encryption for the masses. (c) 1990-1994 Philip Zimmermann, Phil’s Pretty Good Software. 11 Oct 94 Uses the RSAREF(tm) Toolkit, which is copyright RSA Data Security, Inc. Distributed by the Massachusetts Institute of Technology. Export of this software may be restricted by the U.S. government. Current time: 1995/11/21 23:29 GMT Key for user ID: William Clinton <President@Whitehouse.GOV> 512-bit key, Key ID 97D45291, created 1995/11/14 Do you want to permanently revoke your public key by issuing a secret key compromise certificate for “William Clinton <President@Whitehouse.GOV>” (y/N)? yes
When you ask PGP to revoke a key, it first asks you to verify your decision. You should revoke a key only when you think the key has been compromised or when you never want that key to be used again.
When you verify this revocation, PGP asks for the pass phrase on the secret key. You need the secret key to create a revocation certificate, which means that the pass phrase on the key is required.
You need a pass phrase to unlock your RSA secret key. Key for user ID “William Clinton <President@Whitehouse.GOV>” Enter pass phrase: Pass phrase is good. Just a moment.... Key compromise certificate created.
Finally, the compromise certificate is created and added to the secret key ring. You can later extract the key and send it to others to propagate the revocation certificate. Only when other users obtain the revocation certificate will they actually know not to use the key.
PGP can perform a number of security operations on files and messages. The most interesting operations are message encryption and digital signatures, which are listed in table 11.2.
| Operation Parameters | Message Operations |
|---|---|
| pgp -c text file | Encrypts with conventional encryption only |
| pgp -s text file [-u your_userid] | Signs a plaintext file with your secret key (produces text file.pgp) |
| pgp -e text file her_userid [other userids] | Encrypts a plaintext file with recipient’s public key (produces text file.pgp) |
| pgp -es text file her_userid [other userids] [-u your_userid] | Signs a plaintext file with your secret key, and then encrypts it with recipient’s public key, producing a .pgp file |
| pgp ciphertext file [plaintext file] | Decrypts or checks a signature for a ciphertext (.pgp) file |
| Previous | Table of Contents | Next |