Hardening PGP using GnuPG and Yubikey - SCALE · PDF fileHardening PGP using GnuPG and Yubikey...
Transcript of Hardening PGP using GnuPG and Yubikey - SCALE · PDF fileHardening PGP using GnuPG and Yubikey...
![Page 1: Hardening PGP using GnuPG and Yubikey - SCALE · PDF fileHardening PGP using GnuPG and Yubikey ... John Roman Linux System Administrator RAND Corporation ... NFC option: here be dragons](https://reader031.fdocuments.in/reader031/viewer/2022022004/5aad8c167f8b9a2e088e63d6/html5/thumbnails/1.jpg)
Hardening PGP using GnuPG and Yubikeyhybrid multifactor authentication and cryptography
John Roman
Linux System AdministratorRAND Corporation
SCALE 2017
Roman, John PGP
![Page 2: Hardening PGP using GnuPG and Yubikey - SCALE · PDF fileHardening PGP using GnuPG and Yubikey ... John Roman Linux System Administrator RAND Corporation ... NFC option: here be dragons](https://reader031.fdocuments.in/reader031/viewer/2022022004/5aad8c167f8b9a2e088e63d6/html5/thumbnails/2.jpg)
PGP 101
public/private keyrings
public keys go to the world, generated on machine
key types: signing, authentication, cryptography
Roman, John PGP
![Page 3: Hardening PGP using GnuPG and Yubikey - SCALE · PDF fileHardening PGP using GnuPG and Yubikey ... John Roman Linux System Administrator RAND Corporation ... NFC option: here be dragons](https://reader031.fdocuments.in/reader031/viewer/2022022004/5aad8c167f8b9a2e088e63d6/html5/thumbnails/3.jpg)
PGP 101
public/private keyrings
public keys go to the world, generated on machine
key types: signing, authentication, cryptography
Roman, John PGP
![Page 4: Hardening PGP using GnuPG and Yubikey - SCALE · PDF fileHardening PGP using GnuPG and Yubikey ... John Roman Linux System Administrator RAND Corporation ... NFC option: here be dragons](https://reader031.fdocuments.in/reader031/viewer/2022022004/5aad8c167f8b9a2e088e63d6/html5/thumbnails/4.jpg)
PGP 101
public/private keyrings
public keys go to the world, generated on machine
key types: signing, authentication, cryptography
Roman, John PGP
![Page 5: Hardening PGP using GnuPG and Yubikey - SCALE · PDF fileHardening PGP using GnuPG and Yubikey ... John Roman Linux System Administrator RAND Corporation ... NFC option: here be dragons](https://reader031.fdocuments.in/reader031/viewer/2022022004/5aad8c167f8b9a2e088e63d6/html5/thumbnails/5.jpg)
pitfalls
private keyring. . . but how private?
portability
standards compliance
Roman, John PGP
![Page 6: Hardening PGP using GnuPG and Yubikey - SCALE · PDF fileHardening PGP using GnuPG and Yubikey ... John Roman Linux System Administrator RAND Corporation ... NFC option: here be dragons](https://reader031.fdocuments.in/reader031/viewer/2022022004/5aad8c167f8b9a2e088e63d6/html5/thumbnails/6.jpg)
pitfalls
private keyring. . . but how private?
portability
standards compliance
Roman, John PGP
![Page 7: Hardening PGP using GnuPG and Yubikey - SCALE · PDF fileHardening PGP using GnuPG and Yubikey ... John Roman Linux System Administrator RAND Corporation ... NFC option: here be dragons](https://reader031.fdocuments.in/reader031/viewer/2022022004/5aad8c167f8b9a2e088e63d6/html5/thumbnails/7.jpg)
pitfalls
private keyring. . . but how private?
portability
standards compliance
Roman, John PGP
![Page 8: Hardening PGP using GnuPG and Yubikey - SCALE · PDF fileHardening PGP using GnuPG and Yubikey ... John Roman Linux System Administrator RAND Corporation ... NFC option: here be dragons](https://reader031.fdocuments.in/reader031/viewer/2022022004/5aad8c167f8b9a2e088e63d6/html5/thumbnails/8.jpg)
conventional example, the CAC/PIV
Common Access Card, in service since 2005
FIPS201 PIV Federal Information Processing Standard (FIPS) 201,PersonalIdentity Verification
Roman, John PGP
![Page 9: Hardening PGP using GnuPG and Yubikey - SCALE · PDF fileHardening PGP using GnuPG and Yubikey ... John Roman Linux System Administrator RAND Corporation ... NFC option: here be dragons](https://reader031.fdocuments.in/reader031/viewer/2022022004/5aad8c167f8b9a2e088e63d6/html5/thumbnails/9.jpg)
conventional example, the CAC/PIV
Common Access Card, in service since 2005
FIPS201 PIV Federal Information Processing Standard (FIPS) 201,PersonalIdentity Verification
Roman, John PGP
![Page 10: Hardening PGP using GnuPG and Yubikey - SCALE · PDF fileHardening PGP using GnuPG and Yubikey ... John Roman Linux System Administrator RAND Corporation ... NFC option: here be dragons](https://reader031.fdocuments.in/reader031/viewer/2022022004/5aad8c167f8b9a2e088e63d6/html5/thumbnails/10.jpg)
OpenPGP: we we’re JUST thinking that!
OpenPGP Card: in service since 2004
9 different vendors, multiple form factors
relatively unknown outside of FSF Europe.
Roman, John PGP
![Page 11: Hardening PGP using GnuPG and Yubikey - SCALE · PDF fileHardening PGP using GnuPG and Yubikey ... John Roman Linux System Administrator RAND Corporation ... NFC option: here be dragons](https://reader031.fdocuments.in/reader031/viewer/2022022004/5aad8c167f8b9a2e088e63d6/html5/thumbnails/11.jpg)
OpenPGP: we we’re JUST thinking that!
OpenPGP Card: in service since 2004
9 different vendors, multiple form factors
relatively unknown outside of FSF Europe.
Roman, John PGP
![Page 12: Hardening PGP using GnuPG and Yubikey - SCALE · PDF fileHardening PGP using GnuPG and Yubikey ... John Roman Linux System Administrator RAND Corporation ... NFC option: here be dragons](https://reader031.fdocuments.in/reader031/viewer/2022022004/5aad8c167f8b9a2e088e63d6/html5/thumbnails/12.jpg)
OpenPGP: we we’re JUST thinking that!
OpenPGP Card: in service since 2004
9 different vendors, multiple form factors
relatively unknown outside of FSF Europe.
Roman, John PGP
![Page 13: Hardening PGP using GnuPG and Yubikey - SCALE · PDF fileHardening PGP using GnuPG and Yubikey ... John Roman Linux System Administrator RAND Corporation ... NFC option: here be dragons](https://reader031.fdocuments.in/reader031/viewer/2022022004/5aad8c167f8b9a2e088e63d6/html5/thumbnails/13.jpg)
Our focus: Yubikey
supports hybrid mode
hermetic, crushproof, scaleable pricing
NFC option.
Roman, John PGP
![Page 14: Hardening PGP using GnuPG and Yubikey - SCALE · PDF fileHardening PGP using GnuPG and Yubikey ... John Roman Linux System Administrator RAND Corporation ... NFC option: here be dragons](https://reader031.fdocuments.in/reader031/viewer/2022022004/5aad8c167f8b9a2e088e63d6/html5/thumbnails/14.jpg)
Our focus: Yubikey
supports hybrid mode
hermetic, crushproof, scaleable pricing
NFC option.
Roman, John PGP
![Page 15: Hardening PGP using GnuPG and Yubikey - SCALE · PDF fileHardening PGP using GnuPG and Yubikey ... John Roman Linux System Administrator RAND Corporation ... NFC option: here be dragons](https://reader031.fdocuments.in/reader031/viewer/2022022004/5aad8c167f8b9a2e088e63d6/html5/thumbnails/15.jpg)
Our focus: Yubikey
supports hybrid mode
hermetic, crushproof, scaleable pricing
NFC option.
Roman, John PGP
![Page 16: Hardening PGP using GnuPG and Yubikey - SCALE · PDF fileHardening PGP using GnuPG and Yubikey ... John Roman Linux System Administrator RAND Corporation ... NFC option: here be dragons](https://reader031.fdocuments.in/reader031/viewer/2022022004/5aad8c167f8b9a2e088e63d6/html5/thumbnails/16.jpg)
general concepts
card has a CPU, firmware.
keys are loaded into slots, or generated by the cardencryption, decryption, signature are all commandsonce loaded, private keys are sacrosanct.Yubikey only accepts commands, only returns data. NEVER KEYS.
Roman, John PGP
![Page 17: Hardening PGP using GnuPG and Yubikey - SCALE · PDF fileHardening PGP using GnuPG and Yubikey ... John Roman Linux System Administrator RAND Corporation ... NFC option: here be dragons](https://reader031.fdocuments.in/reader031/viewer/2022022004/5aad8c167f8b9a2e088e63d6/html5/thumbnails/17.jpg)
general concepts
card has a CPU, firmware.keys are loaded into slots, or generated by the card
encryption, decryption, signature are all commandsonce loaded, private keys are sacrosanct.Yubikey only accepts commands, only returns data. NEVER KEYS.
Roman, John PGP
![Page 18: Hardening PGP using GnuPG and Yubikey - SCALE · PDF fileHardening PGP using GnuPG and Yubikey ... John Roman Linux System Administrator RAND Corporation ... NFC option: here be dragons](https://reader031.fdocuments.in/reader031/viewer/2022022004/5aad8c167f8b9a2e088e63d6/html5/thumbnails/18.jpg)
general concepts
card has a CPU, firmware.keys are loaded into slots, or generated by the cardencryption, decryption, signature are all commands
once loaded, private keys are sacrosanct.Yubikey only accepts commands, only returns data. NEVER KEYS.
Roman, John PGP
![Page 19: Hardening PGP using GnuPG and Yubikey - SCALE · PDF fileHardening PGP using GnuPG and Yubikey ... John Roman Linux System Administrator RAND Corporation ... NFC option: here be dragons](https://reader031.fdocuments.in/reader031/viewer/2022022004/5aad8c167f8b9a2e088e63d6/html5/thumbnails/19.jpg)
general concepts
card has a CPU, firmware.keys are loaded into slots, or generated by the cardencryption, decryption, signature are all commandsonce loaded, private keys are sacrosanct.
Yubikey only accepts commands, only returns data. NEVER KEYS.
Roman, John PGP
![Page 20: Hardening PGP using GnuPG and Yubikey - SCALE · PDF fileHardening PGP using GnuPG and Yubikey ... John Roman Linux System Administrator RAND Corporation ... NFC option: here be dragons](https://reader031.fdocuments.in/reader031/viewer/2022022004/5aad8c167f8b9a2e088e63d6/html5/thumbnails/20.jpg)
general concepts
card has a CPU, firmware.keys are loaded into slots, or generated by the cardencryption, decryption, signature are all commandsonce loaded, private keys are sacrosanct.Yubikey only accepts commands, only returns data. NEVER KEYS.
Roman, John PGP
![Page 21: Hardening PGP using GnuPG and Yubikey - SCALE · PDF fileHardening PGP using GnuPG and Yubikey ... John Roman Linux System Administrator RAND Corporation ... NFC option: here be dragons](https://reader031.fdocuments.in/reader031/viewer/2022022004/5aad8c167f8b9a2e088e63d6/html5/thumbnails/21.jpg)
HSM Specific concepts
pin number similar to european credit cards
3 strikes, your pin is lockedpin can be unlocked with a security officer pin.3 strikes against the SO pin? card is bricked. keys lost. game over.pin length 6-8 characters, some implementations more than 128 char.
Roman, John PGP
![Page 22: Hardening PGP using GnuPG and Yubikey - SCALE · PDF fileHardening PGP using GnuPG and Yubikey ... John Roman Linux System Administrator RAND Corporation ... NFC option: here be dragons](https://reader031.fdocuments.in/reader031/viewer/2022022004/5aad8c167f8b9a2e088e63d6/html5/thumbnails/22.jpg)
HSM Specific concepts
pin number similar to european credit cards3 strikes, your pin is locked
pin can be unlocked with a security officer pin.3 strikes against the SO pin? card is bricked. keys lost. game over.pin length 6-8 characters, some implementations more than 128 char.
Roman, John PGP
![Page 23: Hardening PGP using GnuPG and Yubikey - SCALE · PDF fileHardening PGP using GnuPG and Yubikey ... John Roman Linux System Administrator RAND Corporation ... NFC option: here be dragons](https://reader031.fdocuments.in/reader031/viewer/2022022004/5aad8c167f8b9a2e088e63d6/html5/thumbnails/23.jpg)
HSM Specific concepts
pin number similar to european credit cards3 strikes, your pin is lockedpin can be unlocked with a security officer pin.
3 strikes against the SO pin? card is bricked. keys lost. game over.pin length 6-8 characters, some implementations more than 128 char.
Roman, John PGP
![Page 24: Hardening PGP using GnuPG and Yubikey - SCALE · PDF fileHardening PGP using GnuPG and Yubikey ... John Roman Linux System Administrator RAND Corporation ... NFC option: here be dragons](https://reader031.fdocuments.in/reader031/viewer/2022022004/5aad8c167f8b9a2e088e63d6/html5/thumbnails/24.jpg)
HSM Specific concepts
pin number similar to european credit cards3 strikes, your pin is lockedpin can be unlocked with a security officer pin.3 strikes against the SO pin? card is bricked. keys lost. game over.
pin length 6-8 characters, some implementations more than 128 char.
Roman, John PGP
![Page 25: Hardening PGP using GnuPG and Yubikey - SCALE · PDF fileHardening PGP using GnuPG and Yubikey ... John Roman Linux System Administrator RAND Corporation ... NFC option: here be dragons](https://reader031.fdocuments.in/reader031/viewer/2022022004/5aad8c167f8b9a2e088e63d6/html5/thumbnails/25.jpg)
HSM Specific concepts
pin number similar to european credit cards3 strikes, your pin is lockedpin can be unlocked with a security officer pin.3 strikes against the SO pin? card is bricked. keys lost. game over.pin length 6-8 characters, some implementations more than 128 char.
Roman, John PGP
![Page 26: Hardening PGP using GnuPG and Yubikey - SCALE · PDF fileHardening PGP using GnuPG and Yubikey ... John Roman Linux System Administrator RAND Corporation ... NFC option: here be dragons](https://reader031.fdocuments.in/reader031/viewer/2022022004/5aad8c167f8b9a2e088e63d6/html5/thumbnails/26.jpg)
placing the card into ’hybrid’ mode
ykpersonalize -d -m82
Firmware version 4.3.1 Touch level 527 Program sequence 3
The USB mode will be set to: 0x82
Commit? (y/n) [n]: n
Roman, John PGP
![Page 27: Hardening PGP using GnuPG and Yubikey - SCALE · PDF fileHardening PGP using GnuPG and Yubikey ... John Roman Linux System Administrator RAND Corporation ... NFC option: here be dragons](https://reader031.fdocuments.in/reader031/viewer/2022022004/5aad8c167f8b9a2e088e63d6/html5/thumbnails/27.jpg)
OpenPGP card overview
keys were loaded from an airgapped system using the keytocard command.
Roman, John PGP
![Page 28: Hardening PGP using GnuPG and Yubikey - SCALE · PDF fileHardening PGP using GnuPG and Yubikey ... John Roman Linux System Administrator RAND Corporation ... NFC option: here be dragons](https://reader031.fdocuments.in/reader031/viewer/2022022004/5aad8c167f8b9a2e088e63d6/html5/thumbnails/28.jpg)
OpenPGP card programming
gpg –card-edit mode, admin commands enabled
Roman, John PGP
![Page 29: Hardening PGP using GnuPG and Yubikey - SCALE · PDF fileHardening PGP using GnuPG and Yubikey ... John Roman Linux System Administrator RAND Corporation ... NFC option: here be dragons](https://reader031.fdocuments.in/reader031/viewer/2022022004/5aad8c167f8b9a2e088e63d6/html5/thumbnails/29.jpg)
applications
anything GPG enabled
anything PAM enabled
defense in depth: OTP/Cert/PW? sure
multiple cards per key, each has a unique subkey (code signing!)
Roman, John PGP
![Page 30: Hardening PGP using GnuPG and Yubikey - SCALE · PDF fileHardening PGP using GnuPG and Yubikey ... John Roman Linux System Administrator RAND Corporation ... NFC option: here be dragons](https://reader031.fdocuments.in/reader031/viewer/2022022004/5aad8c167f8b9a2e088e63d6/html5/thumbnails/30.jpg)
applications
anything GPG enabled
anything PAM enabled
defense in depth: OTP/Cert/PW? sure
multiple cards per key, each has a unique subkey (code signing!)
Roman, John PGP
![Page 31: Hardening PGP using GnuPG and Yubikey - SCALE · PDF fileHardening PGP using GnuPG and Yubikey ... John Roman Linux System Administrator RAND Corporation ... NFC option: here be dragons](https://reader031.fdocuments.in/reader031/viewer/2022022004/5aad8c167f8b9a2e088e63d6/html5/thumbnails/31.jpg)
applications
anything GPG enabled
anything PAM enabled
defense in depth: OTP/Cert/PW? sure
multiple cards per key, each has a unique subkey (code signing!)
Roman, John PGP
![Page 32: Hardening PGP using GnuPG and Yubikey - SCALE · PDF fileHardening PGP using GnuPG and Yubikey ... John Roman Linux System Administrator RAND Corporation ... NFC option: here be dragons](https://reader031.fdocuments.in/reader031/viewer/2022022004/5aad8c167f8b9a2e088e63d6/html5/thumbnails/32.jpg)
applications
anything GPG enabled
anything PAM enabled
defense in depth: OTP/Cert/PW? sure
multiple cards per key, each has a unique subkey (code signing!)
Roman, John PGP
![Page 33: Hardening PGP using GnuPG and Yubikey - SCALE · PDF fileHardening PGP using GnuPG and Yubikey ... John Roman Linux System Administrator RAND Corporation ... NFC option: here be dragons](https://reader031.fdocuments.in/reader031/viewer/2022022004/5aad8c167f8b9a2e088e63d6/html5/thumbnails/33.jpg)
applications
Roman, John PGP
![Page 34: Hardening PGP using GnuPG and Yubikey - SCALE · PDF fileHardening PGP using GnuPG and Yubikey ... John Roman Linux System Administrator RAND Corporation ... NFC option: here be dragons](https://reader031.fdocuments.in/reader031/viewer/2022022004/5aad8c167f8b9a2e088e63d6/html5/thumbnails/34.jpg)
NFC option: here be dragons
easy integration with Openkeychain in Android/IPhone
keys need to be generated by the user
only supports a 2048 bit key
Roman, John PGP
![Page 35: Hardening PGP using GnuPG and Yubikey - SCALE · PDF fileHardening PGP using GnuPG and Yubikey ... John Roman Linux System Administrator RAND Corporation ... NFC option: here be dragons](https://reader031.fdocuments.in/reader031/viewer/2022022004/5aad8c167f8b9a2e088e63d6/html5/thumbnails/35.jpg)
NFC option: here be dragons
easy integration with Openkeychain in Android/IPhone
keys need to be generated by the user
only supports a 2048 bit key
Roman, John PGP
![Page 36: Hardening PGP using GnuPG and Yubikey - SCALE · PDF fileHardening PGP using GnuPG and Yubikey ... John Roman Linux System Administrator RAND Corporation ... NFC option: here be dragons](https://reader031.fdocuments.in/reader031/viewer/2022022004/5aad8c167f8b9a2e088e63d6/html5/thumbnails/36.jpg)
NFC option: here be dragons
easy integration with Openkeychain in Android/IPhone
keys need to be generated by the user
only supports a 2048 bit key
Roman, John PGP
![Page 37: Hardening PGP using GnuPG and Yubikey - SCALE · PDF fileHardening PGP using GnuPG and Yubikey ... John Roman Linux System Administrator RAND Corporation ... NFC option: here be dragons](https://reader031.fdocuments.in/reader031/viewer/2022022004/5aad8c167f8b9a2e088e63d6/html5/thumbnails/37.jpg)
deploying 450 (thousand?) of these things.
Roman, John PGP
![Page 38: Hardening PGP using GnuPG and Yubikey - SCALE · PDF fileHardening PGP using GnuPG and Yubikey ... John Roman Linux System Administrator RAND Corporation ... NFC option: here be dragons](https://reader031.fdocuments.in/reader031/viewer/2022022004/5aad8c167f8b9a2e088e63d6/html5/thumbnails/38.jpg)
Entropy.
GPG relies on kernel, not userland entropy.- Flying Stone FST01 from the FSF store!
- RTL digital TV dongle and a tractor paper copy of phrack
Roman, John PGP
![Page 39: Hardening PGP using GnuPG and Yubikey - SCALE · PDF fileHardening PGP using GnuPG and Yubikey ... John Roman Linux System Administrator RAND Corporation ... NFC option: here be dragons](https://reader031.fdocuments.in/reader031/viewer/2022022004/5aad8c167f8b9a2e088e63d6/html5/thumbnails/39.jpg)
OpenPGP not included...
Red Hat Enterprise Linux 7 does not include opensc GnuPG
Roman, John PGP
![Page 40: Hardening PGP using GnuPG and Yubikey - SCALE · PDF fileHardening PGP using GnuPG and Yubikey ... John Roman Linux System Administrator RAND Corporation ... NFC option: here be dragons](https://reader031.fdocuments.in/reader031/viewer/2022022004/5aad8c167f8b9a2e088e63d6/html5/thumbnails/40.jpg)
y tho...
NFC user fatigue.not all NFC devices are “great” at picking up NFC
lack of a yubikey might cause lack of communication.
Roman, John PGP
![Page 41: Hardening PGP using GnuPG and Yubikey - SCALE · PDF fileHardening PGP using GnuPG and Yubikey ... John Roman Linux System Administrator RAND Corporation ... NFC option: here be dragons](https://reader031.fdocuments.in/reader031/viewer/2022022004/5aad8c167f8b9a2e088e63d6/html5/thumbnails/41.jpg)
“destroyed” cards...
– try not to trigger a SO/Reset pin lock!!– to reissue or reset?
Roman, John PGP
![Page 42: Hardening PGP using GnuPG and Yubikey - SCALE · PDF fileHardening PGP using GnuPG and Yubikey ... John Roman Linux System Administrator RAND Corporation ... NFC option: here be dragons](https://reader031.fdocuments.in/reader031/viewer/2022022004/5aad8c167f8b9a2e088e63d6/html5/thumbnails/42.jpg)
cardware considerations
processing rate is a function of USB IO and CPU. generating keys on the card =Entropy+CPU.
Roman, John PGP
![Page 43: Hardening PGP using GnuPG and Yubikey - SCALE · PDF fileHardening PGP using GnuPG and Yubikey ... John Roman Linux System Administrator RAND Corporation ... NFC option: here be dragons](https://reader031.fdocuments.in/reader031/viewer/2022022004/5aad8c167f8b9a2e088e63d6/html5/thumbnails/43.jpg)
Questions?
Roman, John PGP