OpenPGP digital signature best practices
In a recent post, we discussed the OpenPGP encryption best practices. Digital signatures on the other hand are also a vital part of OpenPGP which gets used both by advanced and entry level users. In this blogpost we would like to highlight all the best practices that you should follow while dealing with OpenPGP digital signatures.
What is a digital signature
A digital signature is a mathematical process that assures the following:
- Sender verification: the sender is indeed who he/she claims to be
- Integrity: The message has not been altered during transit
- Non-repudiation: the sender cannot deny having sent the message
It authenticates the sender and gives the recipient a fair amount of confidence to trust the source of the message.
Digital signing and verification in a nutshell!
Signing starts with simply taking a cryptographic hash of the original message, encrypting it with the sender’s private key and then sending it along with the original message.
The recipient receives the original message with its encrypted hash, decrypts the encrypted hash using the sender’s public key and then matches it with the hash of the original message.
Yes you got it! If both of the hashes match, the digital signature is verified.
OpenPGP Digital signature Best Practices
Following are some of the best practices that you should follow while digitally signing a message.
Key generation and Digital signing
– Use a strong key when digitally signing
Use a 4096 bit (or at least a 2048 bit) length-based private key to sign a digital message. Mailfence always generates a 4096bit RSA key by default.
– Use sub-key for signing
Protecting your keypair on a single device is not easy and it is always possible that your device gets stolen or lost. Encryption and signing are two different operations. They, therefore, demand two different key management approaches. You may want a signing key to be valid for a long time so people around the world can verify signatures from the past. As for your encryption key, though, you will want to rotate it earlier and easily revoke/expire the old one. Hence, keep your key-pair externally as a ‘master keypair’ (for e.g., in a flash drive) and use a sub-key as a ‘local-key’ for signing messages is a good practice.
This good article provides a list of steps that you should follow to achieve this using GPG. You can then import that local-keypair in your Mailfence account keystore to use it seamlessly around all of your devices.
Note: 1) Keypair containing only sub-keys (for signing and encryption) and a dummy private key packet (a GNU extension to OpenPGP) may not be supported by all OpenPGP compliant programs. 2) Keeping the primary secret key on removable media makes signing (or certifying) other GPG keys problematic since the primary secret key must be loaded in order to do the signing. 3) Using expiration dates with the subkeys (recommended) means that the subkeys must be extended prior to expiration, or new subkeys issued if they are allowed to expire. 4) Also, people who use your public key (i.e., to verify something you have signed) may receive errors about your key being expired if they do not regularly update their GPG keyrings with public key servers.
– Ask your friends and colleagues to sign your public key
Having trust signatures on your key will enhance its legitimacy. Ask your friends/colleagues to sign your key. You should sign their public key in exchange.
Alternatively, keybase.io is an operational model that maps your identity to your public keys, and vice versa.
– Sign your message for each of your recipients!
Yes, include the sender and recipient(s) email address with timestamps in your digital signature! (by adding it into the body of the message). You can also use a service that provides sufficient protection against replay attacks (nonce, session tokens, timestamp, etc).
– Pay caution while forwarding a digitally signed message
Lets take the case of a digitally signed message by Alice to Bob now forwarded to Carol. Only the identity of the original sender: Alice is proved to the recipient. No assumption can be made by Carol that Bob who forwarded the message is the owner of the digital signature/or is the right sender of the message. Unless the forwarded message is signed by Bob himself.
Verifying a Digital signature
– ‘Try’ to have the Fingerprint of your sender’s key in advance!
If possible, get the fingerprint of your sender’s key in advance! (preferably in person) – or if your sender is a known figure, then doing an online search (on his/her website, blog, social media accounts, keybase.io etc) may give you his/her fingerprint.
– Always verify the key-pair used for signing a message with the fingerprint!
Automatic verification (matching decrypted hash with hash of the original message) is one thing, but will not protect you from impersonation attacks, where an attacker may create a fake identity of the sender and use it to fool the recipients. Thus, a Fingerprint should always be your sole cryptographic factor for verifying the public keys of all your senders.
Never rely on short or even long key-ID’s !
– Make sure the signing key hasn’t been revoked or expired!
Make sure the key that has been used to sign a particular message is not revoked or expired! This is a big one! Applications often fail to display this clearly to the user. At Mailfence, every such case gets timely and properly displayed.
However, if the signing of a message happened before the expiration/or revocation date of the signing key – the digital signature still remains valid.
– Export messages locally with digital signatures on them!
Since account compromises are more common these days it’s better to keep a local copy of messages of high importance or value by exporting them to your machine.
In addition, you can improve their security by locally encrypting them as well.
– Legal value of digital signatures
A digital signature can be used to hold someone liable as the author of a certain message. However, the precise legal value of digital signatures depends on where the signature was been made and the local laws.
This good article sheds a fair amount of light on this subject.
Nonetheless, there are always certain terms that need to be agreed upon before using digital signatures in a legal context. One issue is the possibility that the private key of the signer gets compromised. What should be done in such a case to verify whether it was a real compromise or done deliberately?
Note: if you don’t want non-repudiation in exceptional cases, then use deniable authentication based schemes!
OpenPGP digital signatures are quite common because they do not require you to have the public key of the recipient. At Mailfence – the secure and private email service, we’ve made the process of digital signing very simple. If you use the above mentioned OpenPGP digital signature best practices, you will further leverage your usage of digital signing.
Note: If you presently do not keep your email account secure, then above mentioned OpenPGP signature best practices will not help you. We would advice you to check on how to keep your private email account secure.
Follow us on twitter/reddit and keep yourself posted at all times.
– Mailfence Team
Salman works as an Information security analyst for Mailfence. His areas of interests include cryptography, security architecture and design, access control and operations security. You can follow him on LinkedIn @mohammadsalmannadeem