Contents
Overview
- What:
- PGP Master key management workstation, boots from Live CD with networking disabled (Clean room)
- Debian-branded solution
- Uses two or three USB flash drives (mirrored) to store private master key
- Uses another USB flash drive to import and export public keys, in conjunction with a GUI application available in a package on a normal Debian workstation
- How:
Built using the DebianLive runnable CD creator
- Signed and distributed like other trusted Debian ISO images
- Who it is for:
- Debian Developers
- Free software developers
- GSoC students and other people new to the community/new to PGP
- Why:
- People only use the GnuPG command line irregularly and struggle to remember all the commands
- Lengthy blogs showing step-by-step GnuPG command sequences make it look difficult or time consuming and this deters people from improving their security practices
- Get everybody setting key expiry and creating revocation certificates by coding this into the workflow
- People new to the community can become bogged down in a full GnuPG setup
Quickstart / Testing it
You can easily build the ISO by cloning from Git and running the script
Run it from a CD, DVD, USB stick or in a virtual machine with VirtualBox
When it boots, you can login with the username pgp and the password live
- All the tools for managing PGP keys, X.509 certificates and smart cards should be accessible from the shell, you can use them immediately
There are also some helper scripts under /usr/local for managing filesystems of mirrored SD cards (for private key storage)
Code
The project is in Git, you can fetch it and run it like this to make a clean room CD/DVD:
sudo apt-get install git live-build debootstrap growisofs rsync git clone https://anonscm.debian.org/git/collab-maint/make-pgp-clean-room.git cd make-pgp-clean-room ./scripts/make-pgpcleanroom
and you can browse the repository online
Known risks
There is no perfect security. The proposed solution aims to provide strong security. There are known risks that users have to manage using their own knowledge and experience:
- verifying they have downloaded a genuine ISO and it has not been tampered with while producing the CD/DVD
- verifying the CD/DVD is not tampered with/swapped while in storage
- keystroke loggers detecting the passphrase or smartcard PIN
- use an external smartcard reader with PIN entry
- surveillance cameras monitoring passphrase and PIN entry
use a hood like Snowden
- chipsets with embedded network adapters, especially wireless ones, that are hard to disable or performing management functions even when disable in the OS
Packages
Packages to install
- haveged
- gnupg2
- gnupg-agent
- libpth20
- pinentry-curses
- libccid
- pcscd
- scdaemon
- libksba8
- paperkey
- opensc
- rng-tools
- libgfshare-bin [if one wanted to use an N-of-M share for keeping the secrets safe/redundant]
- python-newt ?
- usbguard
Packages to modify
- kernel package: compile without networking support
Packages to omit
- dhcp client
- Network manager
Parameters
Default parameters in a configuration file. Eventually offer an advanced menu for users to change the parameters at runtime.
- master key algorithm (RSA or ECC)
- master key size (4096)
- subkey algorithm (RSA or ECC)
- subkey size (2048)
- number of flash disks to RAID (2)
- RAID filesystem (BtrFS or MD/ext4)
- encrypt the master key (true)
- master key passphrase length (12)
- master key expiry (1 year)
- subkey expiry (6 months)
Flash card layout
Filesystem: ext4? btrfs?
Private key flash
master/${FINGERPRINT}/* -- GnuPG home directory for private key identified by ${FINGERPRINT}
Public key interchange flash
master/${FINGERPRINT}.asc -- Public key export for private key identified by ${FINGERPRINT} signing/pending/${FINGERPRINT}.asc -- key to be signed signing/done/${FINGERPRINT}.asc -- signed key
Alternative flash card layouts
Use Shamir secret sharing: libgfshare or keysafe (tutorial).
Workflow
- disable all networking
- blacklist the network modules?
- better: compile a kernel without networking?
- check for any interfaces other than lo:
ls /proc/sys/net/ipv4/conf | egrep -v '^(lo|all)$'
- verify that a smartcard is present
- printer setup (for printing secret key and revocation certificate)
- detect USB flash drives already prepared
ls /dev/disk/by-label/PGPMK*
- detect any other USB flash drives
ls /dev/disk/by-id/usb-*
- prompt user for passphrase
First time workflow
This workflow is used if there are no flash drives containing an existing master key.
- Identify if any flash drive contains public keys to be signed, if so, exclude it from the initialization procedure
- Ask user to confirm they want to wipe the USB flash drives
- show mount points and device details
partition and format the USB devices into a ?BtrFs RAID1
- mount flash drives at ~/.gnupg
- Ask user for full name
- Ask user for all UIDs
- Create ~/.gnupg/gpg.conf
$ cat > ~/.gnupg/gpg.conf << ! no-emit-version no-comments keyid-format 0xlong with-fingerprint personal-cipher-preferences AES256 AES192 AES CAST5 personal-digest-preferences SHA512 SHA384 SHA256 SHA224 cert-digest-algo SHA512 default-preference-list SHA512 SHA384 SHA256 SHA224 AES256 AES192 AES CAST5 ZLIB BZIP2 ZIP Uncompressed !
- Create master key (RSA - sign only)
- add the UIDs
- add the subkeys (signing, encryption, authentication)
- generate revocation certificate, save to USB
- print paperkey and revocation certificate, time stamped, with fingerprint
- user must verify printing successful before proceeding
- edit the user info and PINs for the smart card
- send the keys to the card
- copy public key to /tmp
Subsequent workflow
This workflow is used if a flash drive is detected with an existing master key on it.
- Mount USB flash at ~/.gnupg
- Ask user if any key has been compromised
- Automatically extend the expiry of each key that is not compromised
Finishing session
- Copy third party keys to sign from other USB flash
- Summarize all keys to be signed, ask user to confirm each?
- Sign the keys
- Export signed keys to USB flash
- Export public keys with newer expiry dates to USB flash
- unmount USB
- halt
wipe the memory on halt. see also the tails design
Networked application workflow
This application runs on a networked computer:
- read user's public key (which may have extended expiry) from USB flash, send to keyservers over a fresh Tor circuit
- read signed keys from USB flash
- email signed keys to recipients
- ask user for list of new keys to sign
- fetch new keys from keyserver
- write new keys to USB flash
- unmount USB flash
Smartcard initialization
- cardholder preferred language
- cardholder name
- cardholder login name
Implementation
- Shell or Python script to present the menus to the user and then run the GnuPG commands
whiptail or python-newt for user interface similar to the Debian installer and dpkg/debconf menus
debian-i18n query about whiptail/debconf-po from arbitrary scripts
Is the GPGME high-level API useful?
Actions required
- Create a meta-package for a Debian blend based on the packages used in the live image
- Investigate use of Ansible-based Live CD (live wrapper) instead of live_build
- Package memory wiping utility used by Tails
- write code/scripts to manage flash drive formatting/mounting/replication/mirroring
gnupg2 2.1.x into jessie-backports (if feasible)
- write code to control gnupg2 in batch mode or API
- develop a pinentry-whiptail UI for obtaining passphrase
- write strings for UI
- translate strings for UI
- develop UI
- investigate USB guard
- develop solution to filter OpenPGP message content, preferably not written in C
Other points for discussion and wishlist items
Should the smartcards be OpenPGP cards or PKCS#11 cards managed with gnupg-pkcs11-scd?
- Should the filesystems storing the secret keys be encrypted with LUKS?
Hardware
Multiple flash card readers
- Multiple Micro SD cards in a single USB reader:
Icy Box IB-880 - also a USB hub
Fang-Chun Tsai’s Collector USB Flash Drive (vaporware?)
- Multiple Micro SD cards in a CF-card device:
- Other
References
Mailing list for this project
- Original discussion of this project:
Simon Josefsson's blog about using the standard live CD for managing PGP master keys
Jeff Clement's blog about using the standard live CD for managing PGP master keys
Guardian Project wiki: Clean Room environment with Live CD
Repository - empty as of 2016-10-24
Updated version of those notes by Abel Luck of Guardian Project
Beware of trouble with GNOME Keyring Daemon when testing on a full desktop system