Les meilleures pratiques de signature numérique OpenPGP

In a recent post, we discussed OpenPGP encryption best practices . On the other hand, digital signatures are also an essential part of OpenPGP that is used by both advanced users and more casual users. In this post, we will discuss OpenPGP digital signature best practices, which are all the practices you should adopt when using digital signatures according to the OpenPGP standard.meilleures pratiques de cryptage OpenPGP

 

What is a digital signature?

digital signature is a mathematical process that ensures the following:

  • Verification of the sender: the sender is the one he / she claims to be
  • Integrity: The message was not modified during sending
  • Non-repudiation: the sender can not deny that he has sent the message.

It authenticates the sender and gives the recipient guarantees that allow him to trust the source of the message.

Digital signature and verification in a few words

OpenPGP Mailfence Digital Signature Best Practices

Source: https://wikipedia.org/wiki/Electronic_signature

The signature simply starts with a cryptographic hash of the original message, its encryption with the private key of the sender and its sending with the original message .

The recipient receives the original message with its encrypted hash, decrypts the encrypted hash using the sender’s public key, and then matches it with the hash of the original message.

You understood ! If both hashes match, the digital signature is verified.

OpenPGP Digital Signature Best Practices

Here are some of the practices you should follow when digitally signing a message:

Key generation and digital signature

– Use a strong key to digitally sign a message

Use a 4096-bit (or at least 2048-bit) private key to sign a digital message. Mailfence always generates an RSA key of 4096bits by default.

– Use subkeys for signing

Protecting your key pair on a single device is not easy and stealing or losing your device is always possible. Encryption and signing are two different operations. They therefore require two different key management approaches. You may want your signature key to remain valid for a long time so that people around the world can check the signatures of the past. However, with respect to your encryption key, you may wish to change the key more quickly and revoke / or expire the old key very simply. Therefore, keep your key pair on the outside as your « key pair » (for example, in a flash drive – link in English) and using a subkey as « local key » for message signing is good practice.

This  interesting article  provides a list of the steps you should follow to achieve this using GPG. You then import the local key pair into your integrated Mailfence keychain for easy use from all your devices.

Note: Keeping the primary secret key on removable media makes signing other GPG keys difficult, because the primary secret key must be loaded to complete the signature. In addition, using subkey expiration dates (as recommended) means that subkeys must be extended before they expire, or new subkeys issued if allowed to expire. In addition, people who use your public key (for example to verify an item you have signed) may receive errors due to the expiration of your key if they do not regularly update their GPG keychains with the servers. public key.

– Ask your friends and colleagues to sign your public key

Having trusted signatures on your key will strengthen its legitimacy. Ask your friends / colleagues to sign your key (link in English). In exchange, you should  sign their public key .

Otherwise, keybase.io is an operational model that associates your identity with your public keys, and vice versa.

– Sign your message for each of your recipients!

Yes, attach the email address of the sender and recipient (s) with a timestamp in your digital signature! (by adding it to the body of the message). You can also use a service that provides sufficient protection against replay attacks (IPSec, session tokens, timestamp, etc.).

– Be careful when transmitting a digitally signed message

Take the case of a message digitally signed by Alice to Bob now transferred to Carol. Only the identity of the original sender, Alice, is proven to the recipient. Carol can not see that Bob, who has relayed the message, is the owner of the digital signature / or is the actual sender of the message. Unless the transferred message is signed by the Bob himself.

Check a digital signature

– Try to have the fingerprint of your sender’s key in advance!

If possible, get the fingerprint of your sender’s key in advance! (Preferably in person) – or, if your emitter is a known figure, do an online search (on his / her website, blog, social media accounts, keybase.io, etc.), you may be able to know thus his / her fingerprints.

– Always check the key pair used for signing a message with the fingerprint!

Automatic checking (by hashing the decrypted hash with the hash of the original message) is important, but it will not protect you from identity theft attacks, in which an attacker can create a false identity of the sender and use it to deceive the recipients. As a result, your only cryptographic factor for verifying the public keys of all your senders should always be the fingerprint.

Never trust the short ID of the key, or even its long ID!

– Make sure the signing key has not been revoked or expired!

Assurez-vous que la clé qui a été utilisée pour signer un message particulier n’est pas révoquée ou expirée ! Il s’agit d’un point très important ! Les applications n’affichent pas toujours ce détail clairement pour l’utilisateur. Chez Mailfence, toutes ces situations sont clairement affichées en temps opportun.

Toutefois, si la signature d’un message s’est produite avant la date d’expiration/ou de révocation de la clé de signature, la signature numérique reste valide.

– Exportez des messages localement qui comportent des signatures numériques !

Étant donné que les piratages de compte sont plus fréquents de nos jours, il est préférable de conserver une copie locale des messages de grande importance ou valeur en les exportant sur votre machine.

De plus, vous pouvez améliorer leur sécurité en les cryptant localement également.

– La valeur juridique des signatures numériques

Une signature numérique peut être utilisée pour tenir une personne responsable en tant qu’auteur d’un certain message. Cependant, la valeur juridique précise des signatures numériques dépend de l’endroit où la signature a été faite et de la législation locale.

Ce bon article (en anglais) est très éclairant à ce sujet.

Néanmoins, il faut toujours s’entendre sur certaines conditions avant d’utiliser les signatures numériques dans un contexte légal. La possible compromission de la clé privée du signataire est un problème qui peut se poser. Que faut-il faire dans ce cas pour déterminer si elle a été réellement compromise, ou cela a été fait délibérément ?

Remarque : si vous ne voulez pas de non-répudiation dans des cas exceptionnels, utilisez alors un système de « deniable authentification » (lien en anglais).

Les signatures numériques OpenPGP sont assez courantes, car elles ne nécessitent pas que vous disposiez de la clé publique du destinataire. Mailfence, le service de messagerie électronique sécurisé et privé, a beaucoup simplifié le processus de signature numérique. Si vous mettez en œuvre  les meilleures pratiques de signature numérique OpenPGP mentionnées ci-dessus, vous tirerez encore plus grand parti de la signature numérique.

Note: If you do not ensure that your email account is secure, the OpenPGP Digital Signature Best Practices described above will not help you. We recommend that you check how to maintain the security of your private email account .

Enregistrer

En savoir plus


Spread the message !

Vous aimerez aussi...