GPG, web-of-trust and the encipherment of the world

My friends cathfie and vegalyra requested me to translate the GPG-tutorial into IRC-English. So, here is a rough one! I also made a static version in mudkip colors for easier copypasta.

In the genealogy of cipherspace there is a classic software – Pretty Good Privacy. That was so nineties, and today we use GNU Privacy Guardinstead, which is basically the same stuff but with the open GPL-license.

In the cryptographic tool-box, GPG comes in handy especially when sending e-mails. Sometimes it is good to know that the FRA or NSA can’t listen in, or that Google wont make profit out of your super-sekrit diary that you sent over to your friend for a good read-up. However, GPG is a bit complicated to use, at least for an average computer user like me. To remedy this threshold of complicatedness, I’m writing this tutorial! But don’t expect it to be super simple. Solely by the will to cipherspace and the will to join the key-party, you are able to work your way through this tutorial!

This is what you need to encipher the internet with GPG (using this tutorial):

1. A computer running Linux. Or a computer running MacOSX, but then you don’t have GPG pre-installed so you will need to download MacGPG. The Mac version is a bit older and clumsier, but on the other hand all famous people use Macs. I have no clue how to to this in windows, but I’m sure there are other tutorials out there in interweb.

2. Coffee.

3. Friends with whom you can organize a meatspace key-party with. The party itself can be organized in any way, preferably involving caek.

Is you ready. Yalla lets go!

The first step involves generating a cryptographic key. Since GPG is already installed in your average Linux distribution, you may easily invoke it from the command line terminal. On your Mac, see above. Run the command gpg –gen-key and then press enter. First you choose which type of cipher you want to use. RSA and RSA is preset and probably your best choice, even though Elgamal sounds cooler and more Egyptian.

Then you are asked for the length of the key. The recommended is 2048 bits, but since I’m really serious about this and want to generate even more cipher lulz, I selected 4096 bits. Let the CPU work in the service of ciphers!

The whole idea with a GPG-key is that you share it with your friends. This is why you also give your name and e-mail for other people to be able to find it.

Now your computer has begun to generate the key. Behold, the amazing power of the computer! In order to generate entropy into the static machine, you are instructed to move the mouse. The electric sparks of your fractal synapses instruct your finger to move in an unpredictable way. You are the ciphercat now, and there is no model that may predict your behavior! You may also throw yourself into an organic bittorrent swarm, the entropy of the network interface adds to the strength of the cipher! Internet is in your body, connected with multiplicities of other bodies, and for every millisecond you compute the surveillance away!

After about 15 minutes we see this pikshur.

Almost done! Now you are able to run the gpg -k to list your keys. By default you have the keys to the Tor repositories in order to download that software securely, but you also see your own key. The key has an ID-number, in my case B3BA295C. You will soon be using that one!

To use your key, you need to find your friends. Yesterday I was hanging out with jaywalk, lillmacho and ludens, who were present in meatspace, thus able to instantly sign my key.

So I find jaywalk’s key by using the command gpg –search-keys followed by name or e-mail. Forget Google, now we do this hard core style. Jay had many keys, but when you have the right one you just press the number key and then it will be downloaded to your computer. As you can see, also Jay’s key has an ID-number, that we are about to use.

So, to secure jay’s key, i type gpg –sign-key followed by his ID-number 46DEFA7. Now the critical moment involving the meatspace party. This is the away-from-keyboard look:

Even though jay is hiding behind the pot plant on the table, he is easily accessible to be able to read his fingerprint to me, thus verifying securely that his key is authentic. The fingerprint is the series of numbers beginning with CBD5 in the picture above. Now I am certain that the key is authentic, by folding internet in a post-digital environment. You will have to type the password that you gave in the beginning when generating the key. If then jaywalk wants to sign my key, which is a doubling of the strength and the first creation of the web of trust, I just show him my fingerprint with the command gpg –fingerprint and my ID-number.

In Ubuntu Linux there is an e-mail program called Evolution. It supports GPG by default, after all we are talking real operating systems with awesome bundled applications. To use GPG I just enter my ID-number, and then I’m ready to send and receive next level encrypted e-mails.

To send an encrypted e-mail to jay, I simply select ”PGP encrypt” from the ”Security” menu. Then I enter my password, and all of a sudden my short message is encrypted heavier than banks, beyond military grade, and using the power of mathematics and friends.

Jaywalk replies, and since I have signed his key, I’m able to read his message. But what about all other people on interweb?

By exporting my key with the command gpg –export –armor nyckel-ID>filename.asc I am printing my public key, which I’m then able to upload to interwebs (In the pikshur above I forgot to enter .asc as a filename, but I just renamed the file later on). Now anyone is able to send an encrypted message to me, where I am the only one in the multiverse that is able to read it. The laws of mathematics have leveled up over the human wiretapping laws!

The method of GPG achieves great security. However, as you all know, there is no completely secure system. GPG is still sensitive to traffic-data analysis, so anyone tapping into your wires is able to see to whom you are e-mailing. The method pre-supposes the web-of-trust, but I like it very much, since it involves yet another opportunity to party!

4 reaktioner till “GPG, web-of-trust and the encipherment of the world”

Kommentera

E-postadressen publiceras inte. Obligatoriska fält är märkta *

Time limit is exhausted. Please reload CAPTCHA.