Monday, February 27. 2012
I've had an OpenPGP smartcard for quite some time now. I recently acquired a Crypto Stick as well thanks to rcvalle. Using these things with GnuPG isn't very clear and took a lot of work to figure out. Rather than let others struggle through all this, I'll document the procedure here.
The basic idea behind using a smartcard to hold your GPG keys is that an attacker can't steal the key. The worst they could do is to sign or decrypt something while you have the card inserted.
Please take the time to understand what's going on here. I have lots of examples to make this all work, but be sure you understand what's happening. Public key cryptography is hard, you should at least have a basic grasp of what's happening here. This howto should be treated as an example, not a cookie cutter recipe to follow.
This is a rather long post, more after the fold.
Get your card working
My focus here is going to be Fedora. I suspect instructions for other variants of Linux won't be all that different. The cryptostick is supported by pcsc. This means that you don't have to worry about any silly permissions issues (which used to be an issue with some cardreaders). To install pcsc you'll want to install the pcsc-lite, pcsc-lite-ccid, and pcsc-tools packages.
Once those are all installed, make sure you enable the pcscd daemon to start on boot. If you're using systemd, pcscd also comes with a magic sock to autostart pcscd on demand. To enable it use:
If you now plugin your cryptostick and run pcsc_scan, you should get some output like this:
You can double check the card by trying the command 'gpg --card-status'. It will give an output that we don't need to worry about just yet.
Generate a primary key
We're going to generate our keys on a computer, then import them into the card. It's possible to generate the keys directly on card but then if you ever lose the card, or it breaks, you have no way to access your keys. It's of course up to you how to do this. We're going to generate a primary key which will never touch a networked computer, then a signing subkey, an encryption subkey, and an authentication subkey. There are lots of documents out there that describe using this approach and why it's useful. Rather than try to rehash them here, I'll leave it up to the reader to understand this method. In short, you want to do this.
First we need a computer that's a fresh install and has never seen the internet. We're going to shred the disk once we're done so don't bother tweaking it to death. I'd suggest against trying to use a liveimage here. Anything that could get written to the drive could possible be read off later due to the way flash drives work (you can't reliably wipe them).
Once you have a clean install, we want to create a directory for gpg to work out of.
Then we should generate the keys. Initially we're going to end up with a primary key and an encryption subkey. This is what we want. To generate the key:
Choose the option "(1) RSA and RSA (default)". The cryptostick can do a keysize of 3072, obviously use whatever you want, I'd suggest nothing less than 2048.
Once that's done, we can see our key:
Now we want to generate our signing subkey. As you can see above, my primary key id is B186836A. So we need to issue the command:
At the gpg> prompt, issue the command 'addkey'. We want an 'RSA (sign only)' key. Once you get the gpg> prompt back, type 'save'. Now we can see our new key:
At this point you want to backup your /tmp/gnupg directory. Keep this copy safe. It should never ever be used on a network connected computer. Ideally you want to lock it away somewhere nobody can get it. If this directory ever falls into the wrong hands, it's game over for your keys.
Import the keys
Now that the /tmp/gnupg directory is backed up (right), we can put our keys in the card. We're also going to generate the authentication key (we didn't forget about it). Issue the edit-key command again. This time at the gpg> prompt, issue the command 'toggle' to operate on the private keys. Next you want to issue the command 'key 2' probably to select the signing subkey. Your screen should end up looking like this (pay attention to the asterisk)
Now that the signing subkey is selected, we want to issue the 'keytocard' command. We pick the '(1) Signature key' option. Enter the various passwords and PINs it will prompt you for. Once the operation is done, you should see this:
Notice the bit about 'card-no:'. That means the key is now stored on the card. Do the same for the encryption key now (You'll need to use the command 'key 2' to deselect the signing key, then 'key 1' to select the encryption key). Now we should see this:
Note the encryption key now has the 'card-no:' tag.
Generate the authentication key
Now it's time to generate an authentication key. We'll do this one in card since we don't really want a backup. I've never been able to generate this key offcard, so it may not even be possible (I've also not tried very hard). Presuming you left off from the previous step and are still at a gpg> prompt, you likely need to issue the 'toggle' command again. Now issue the command 'addcardkey' and select '(3) Authentication key'. The rest of the steps should make sense at this point. Generating a large key will take the cryptostick a long time, be patient. Once it's done running this is what you should see:
Just type 'save' at the gpg> prompt, and we're almost done!
Remove the primary key
So at this point, we have a keyring that has the primary private key on disk, and three subkeys in the card. We need to extract the three subkeys, but not the primary key. Obviously we didn't put the primary key on the card, and we have a safe backup (RIGHT!).
First we need to save a copy of the public keys (it will make sense later).
gpg has an option called '--export-secret-subkeys'. We just have to run
At this point, you can transfer the public and subkeys to a computer where you plan to do your real gpg work. You could import it into an existing keyring, or start a new one.
Change your card PIN
If you've not already done so, you need to change your card PINs. There is an admin PIN, and and the key PIN. Issue this command
You'll then need to issue 'admin', then 'passwd'. The prompts are pretty clear.
Now you're pretty much set as far as protected keys go. Be sure to keep that backup safe. I'll leave the topic of revocation certificates up to you. There's plenty of information out there and I'd rather you understand how it works than follow a tutorial (it's pretty important stuff).
Don't forget to shred the disk on the computer you did all this work. The last thing you want is your key staying on the disk for a long period of time.
Setup the GnuPG agent
If we use the GnuPG agent, we cal use our authentication key for SSH authentication. This is quite handy as it makes it quite hard for someone to steal your SSH key.
First, run the gpg-agent as such
The --enable-ssh-support option is key. It's possible your desktop environment tried running a gpg-agent and ssh-agent for you. You may need to unset the GPG_AGENT_INFO, SSH_AUTH_SOCK, and SSH_AGENT_PID environment variables before trying to run gpg-agent yourself.
Now we can extract a SSH public key
Add that to your ~/.ssh/authorized_keys file and you're all set (probably change the COMMENT bit to something like 'GPG_TOKEN_KEY').
Obviously there's a lot of reasons for the various steps we take to properly handle GPG keys. Most of that information is outside the scope of this tutorial. I encourage you to read up on it and understand how to best handle things like subkeys and smart cards. This is really just meant as an exercise to get things moving along quickly. Try this out a few times before you generate your real keys. Get a feel for what's going on and if you don't understand a step, spend some time reading the documentation. Unfortunately public key cryptography is difficult.
Display comments as (Linear | Threaded)
Syndicate This Blog