8

Today I learned about the basics of OpenPGP and tried to create my first OpenPGP key. However, I found a couple of options suspicious - in the GUI version of the program I downloaded there are fields like name or email or expiration date.

  1. Why am I asked for my name or email? From my very basic understanding to send and receive encrypted messages I only need my private and public key and a public key of another person, the key creation and encryption/decryption is just mathematics, so why the other options? My guess is that name and email can be send to some server and later if somebody wants to send me a message (and doesn't know my public key but knows my email address), they can look it up if there is a public key that matches a given email address. Am I right, and if no, what are they for? Can I just leave them blank?

  2. Another suspicious thing was after what time the key should expire. Is the information about expiration date contained within the key (I don't think it is)? So is the key stored on a server somewhere or what? How does it work?

The reason I ask is that this whole OpenPGP thing seems more centralized than I thought. Why can't the OpenPGP software just have a "Generate a new key" button which generates both the public and private key for me to copy and use (and of course an option to encrypt/decrypt text)?

Jens Erat
  • 23,816
  • 12
  • 75
  • 96
George
  • 271
  • 2
  • 6
  • 1. [web of trust](https://en.wikipedia.org/wiki/Web_of_trust) 2. [search before asking questions](http://security.stackexchange.com/questions/14718/does-openpgp-key-expiration-add-to-security) – cremefraiche Aug 23 '16 at 18:21
  • 2
    @cremefraiche: I think you're unfairly judging this to be a dupe based on the expiry date part, but the question is mainly about personal information. I did a quick search, and couldn't find anything on the site about that. – Luis Casillas Aug 23 '16 at 18:24
  • @LuisCasillas I never said this was a dupe, or flagged it. OP just clearly did not research either of his questions very well or else he would have found the answers, which is why I downvoted. For the second question you literally only have to google 'pgp expire' to find a plethora of answers. – cremefraiche Aug 23 '16 at 18:27

3 Answers3

8

First of all, you don't need to enter them, or you can enter false ones if you like, so go ahead and do so if you so prefer. (You may need to read up on the options to disable the fields.)

But the reason PGP asks for such information is that it's not just a tool for encrypting messages—it's also a tool for defeating impersonation, i.e., proving that message senders and recipients really are who they claim. The point is that, as long as you control your private key (nobody has stolen it from you), and other people are confident that your public key belongs to you (the web of trust has tied your public key to your identity), now:

  1. People who send messages to you can be confident that they're reaching you, and not an impersonator;
  2. People who receive signed messages from you can be sure they come from you, and not an impersonator.

Note also that it doesn't matter if the identity tied to your key is your real name, or an alias, or whatever—it just needs to be something that other people will recognize you by. It's just the answer to the question "whose key is this"? PGP doesn't care if the answer looks like "Jane Smith ", "John Doe" or "spaghettiman123"; only the people who try to use the public key will care.

Another suspicious thing was after what time the key should expire. Is the information about expiration date contained within the key (I don't think it is) ? So is the key stored on a server somewhere or what? How does it work?

The expiration date is stored in the key. The idea is to protect you if your private key gets stolen without you noticing—the expiration date means that the person who stole it only gets a limited time window during which they can impersonate you.

PGP doesn't automatically store keys in servers, and doesn't connect to any server as part of routine operations. But public keys can and often are uploaded to key servers so that people can download them off there.

The reason I ask is that this whole PGP thing seems more centralized than I thought. Why can't the PGP software just have a "Generate a new key" button which generates both the public and private key for me to copy and use (+ of course an option to encrypt/decrypt text) ?

It's not centralized, but it does want to interact with other systems—public or private—in order to work ideally. But you don't have to use any of that. You can just generate a key pair with no identity attached to it. You can manually give the public key to a counterparty in person, e.g. in a flash drive, and that will work fine.

The tricky issue here is: how do you securely get another person's public key over the Internet? If you just downloaded Jane Doe's public key from some web site, you have no way of knowing whether that's really her public key or an impersonator's. So all that extra functionality you're seeing is about providing tools to attack that problem. Again, read up on the web of trust, and on public key infrastructure.

Luis Casillas
  • 10,361
  • 2
  • 28
  • 42
8

OpenPGP Includes Key Management

From the introduction to RFC 4880, OpenPGP (highlighting added be me):

OpenPGP software uses a combination of strong public-key and symmetric cryptography to provide security services for electronic communications and data storage. These services include confidentiality, key management, authentication, and digital signatures.

With other words, OpenPGP is not just about sending encrypted messages, but provides a much larger feature set around key management. Key management means the possibility of looking up your key on the key servers (but they're not authenticated there!), but also users of OpenPGP issuing certifications in-between their OpenPGP keys to assure authenticity (for example, read up on keysigning parties). All this requires keys to have names attached.

"Anonymous" OpenPGP Keys

Why am I asked for my name or email?

You're not forced to do so (although some implementations of OpenPGP do): OpenPGP keys may exist without user IDs, and all dates can be set up rather arbitrarily (although a key creation timestamp must be provided, but you could just provide a timestamp of 0 equalling 1970-01-01).

Consider keys would not have any user information attached: you'd have to exchange the whole key composed by thousands of random bytes manually, and somehow connect it to an identity if you want to use it.

Another suspicious thing was after what time the key should expire. Is the information about expiration date contained within the key (I don't think it is) ? So is the key stored on a server somewhere or what? How does it work?

To expiry date is not required, you can have them be valid forever. Actually, the expiry date does not really add up to security at all, it might be reasonable nonetheless.

You have to distinguish between the actual public/private key pair (eg., the primes used for RSA) and an OpenPGP key. An OpenPGP key is composed by the numbers for the crypto works, but also additional information like user IDs, certifications and settings like the expiry date. You can easily have a look at all the information in an OpenPGP key by running

gpg --export [key-id] | gpg --list-packets

(some reading in RFC 4880 linked above might be required to get a reasonable understanding of the output).

OpenPGP is Distributed

The reason I ask is that this whole PGP thing seems more centralized than I thought.

There is no central instance in the OpenPGP environment. Keys are exchanged through a decentralized key server network, trust is validated through the OpenPGP web of trust instead of a hierarchical PKI system like known from X.509 (used for S/MIME, TLS, ...).

There are some rather central authorities in the OpenPGP community: certificate authorities like CAcert, the German Heise Verlag and Governikus issuing certifications for holders of the new German digital identity card exist, but you don't need to use (or trust) them. There is some rather central coordination in the key server network (the SKS pool), but you can also choose an arbitrary server, not use key servers at all or even host your own!

OpenPGP is an Open Standard

Why can't the PGP software just have a "Generate a new key" button which generates both the public and private key for me to copy and use (+ of course an option to encrypt/decrypt text)?

OpenPGP is an open standard. If somebody wishes software that does exactly this (and as I already mentioned, the OpenPGP standard allows rather "plain" keys without a lot of meta information), you're welcome to do so. The reason such software does not exist (or is not widely known) is that people don't see a good reason to write or have such software.

If you just want to use RSA and AES without any key management and the advanced OpenPGP capabilities, you're probably better of just using more primitive standards.

Jens Erat
  • 23,816
  • 12
  • 75
  • 96
3

Public key technologies exist to address three main things:

  1. Data confidentiality (encryption): only the intended recipient can read the message.

  2. Data integrity (signing): that the message was not tampered in transit.

  3. Authentication: that the recipient is in fact who you think they are.

It's possibly to build cryptosystems with only a subset of this list (disk encryption, for example, usually only cares about 1. and sometimes 3.)

For something like email encryption it doesn't make sense to have two of these without the third. What good is a public key if I have no idea who it belongs to?


From a technical standpoint, you are correct: these fields are optional and can be left blank; your PGP key will be perfectly usable without it.

From a social standpoint they are essential. The idea of the PGP Web of Trust is for each person / email address to have a public key associated with it - you post your public key on public key servers and have your friends sign your public key to say "I know this person in real life, and this public key does belong to him". The more people who cross-sign each other's keys, the bigger the web of trust. In this context, anonymous keys make no sense.

Finally, expiration date is completely optional, but there if you know at the beginning that you will only use this key for X months - for example if you are on a short-term contract with a company.

Mike Ounsworth
  • 58,107
  • 21
  • 154
  • 209