[HacktionLab] GPG Key Transition

Alan Dawson aland at burngreave.net
Fri Sep 17 17:29:58 BST 2010 

On Fri, Sep 17, 2010 at 01:37:11PM +0100, Mike Harris wrote:
>  Okay another question.
> 
> I've been using a 2048 bit RSA key for some time.  Does this mean I'm
> already protected?

0.  I'm NOT a crypto expert, but am just regurgitating bits of crypto magic that I've listened to, ... so at your own risk!
1.  My understanding is that signing/hashing algorithms based SHA-1 are broken, allowing signatures to faked.
2.  DSA 1024 bit signing keys ( the default in older gpg versions ) use a SHA-1 hash
2.5 Some crypto geekery means that if you use a longer hash with a short DSA key, the hash gets truncated, so it is still weak,
3.  Later versions of gpg default to 2048 bit RSA keys, which is OK for next 20 years [ http://keylength.com ]
4.  The default preferences in gpg still use SHA-1 which is not ok

> 
> If so, should I be moving to a 4096 key?

No, but you should change your default hash preferences to not use SHA-1

2 places to do this

~/.gnupg/gpg.conf should have some lines like this

personal-digest-preferences SHA256
cert-digest-algo SHA256
default-preference-list SHA512 SHA384 SHA256 SHA224 AES256 AES192 AES CAST5 ZLIB BZIP2 ZIP Uncompressed

and your public key should have its preferences set to something like

     Digest: SHA512, SHA384, SHA256, SHA224, SHA1


So _if_ you were the owner of key

AFD55CBF 

You would go

gpg --edit-key AFD55CBF 

gpg> showpref
[ unknown] (1). Mike Harris <mike at mbharris.co.uk>
     Cipher: AES256, AES192, AES, CAST5, 3DES
     Digest: SHA1, SHA256, RIPEMD160
     Compression: ZLIB, BZIP2, ZIP, Uncompressed
     Features: MDC, Keyserver no-modify
[ unknown] (2)  Mike Harris <mike at slackmail.co.uk>
     Cipher: AES256, AES192, AES, CAST5, 3DES
     Digest: SHA1, SHA256, RIPEMD160
     Compression: ZLIB, BZIP2, ZIP, Uncompressed
     Features: MDC, Keyserver no-modify
[ revoked] (3)  Mike Harris (Psand.net email account.) <mbh at psand.net>
     Cipher: 3DES
     Digest: SHA1
     Compression: ZIP, Uncompressed
     Features: Keyserver no-modify


Note that weak digest algorithms are preferred, and then type

setpref SHA512 SHA384 SHA256 SHA224 AES256 AES192 AES CAST5 ZLIB BZIP2 ZIP Uncompressed

and save the change.

After editing your key you would push it to the public keyserver

gpg --keyserver pool.sks-keyservers.net --send-key AFD55CBF

Then when other people download your key they would know that you prefer a stronger hashing algorithm.

I think I prefer some strong hash after all that too ;-)

Regards, 

Alan Dawson

-- 
GPG key: http://aland.burngreave.net/files/e81a4bba.gpg.pub.asc
Key Transition: http://aland.burngreave.net/files/keytransition.txt.asc
Further Reading: https://we.riseup.net/alster/openpgp-dsa1-key-rollover
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 836 bytes
Desc: Digital signature
Url : http://lists.psand.net/cgi-bin/mailman/private/hacktionlab/attachments/20100917/d4ce0e57/attachment.pgp

More information about the HacktionLab mailing list