PGP and Linux

It really only makes sense that you would enjoy encryption if you enjoy Linux--you're a geek and you can't help yourself. You love complexity.

While the basics of using PGP (Pretty Good Privacy) encryption are not all that difficult, Linux's multi-user environment can sometimes challenge your security habits. PGP was originally designed for the masses who use standalone machines rather than networked workstations in their homes. Because you could easily be running your own Internet Service Provider business right from your living room, with numerous users logged into your Linux box, you have to take a few extra precautions to protect your PGP keys.

The Risks

PGP security depends on no one being able to get an unencrypted copy of your secret key. Hopefully, they will never even be able to get an encrypted copy either. But being in a networked environment means you have ``guests'' in the house who could possibly be nosey enough to sneak a peak at your secret key unless you're careful.

There are several times when your secret key is ``in the open'':

  1. After you've typed your passphrase, your unencrypted key is stored in volatile memory (RAM).
  2. After you've typed your passphrase, your system or a graphical front-end to PGP could have swapped either your passphrase or unencrypted secret key out to your swap partition, or could be storing your plaintext message in a temporary buffer.
  3. Someone could have sneaked a trojan horse program onto your system that is designed to capture your unencrypted secret key or passphrase (this is a greater risk on a networked computer than on a standalone with occasional network access).
  4. If your your PGP information is stored on a Unix computer, someone (with root privileges) could be running a program like ttysnoop that captures to a log all keystrokes you type in your session. There goes your passphrase!
  5. You could have done something silly like change your PGPPASS variable to ``persistent'' while on a networked computer.

I don't know of any, but there might be tools that enable people to take a snapshot of your RAM and read the contents at their leisure. If that snapshot contained either your unencrypted secret key or your passphrase, PGP's high-powered encryption would be worthless for you.

Further, tools could exist to edit/view your swapfile partition after a similar snapshot has been taken of it. Your secret key and passphrase are sometimes vulnerable to these attacks also. This is just the insidious type of ``garbage collecting'' attack that would appeal to a very smart cracker. I don't know of any tools currently able to do this however.

Some ``front ends'' to PGP will create a temporary buffer where your plaintext information may be stored, or where your passphrase may be stored. This is dangerous, because this information might possibly wind up in a temporary file that doesn't get properly deleted from the system, and it could compromise your passphrase.

As far as someone sneaking a trojan horse program onto your system, this attack usually requires an attacker to gain root access, or some other kind of privileged access. This attack challenges your normal system security measures and threatens far more than just your PGP passphrase and secret key. If your normal system security precautions are up to snuff, this attack has a low percentage probability of succeeding--but, we're talking about sophisticated attacks, now, by competent crackers. The odds for success go up.

If someone hacks root on your system, you have bigger problems than just your PGP key. And if you're using PGP on someone else's remote computer, I would say you should stop using PGP there. Don't use PGP on anyone's computer but your own. If you must use PGP at work, keep your public and secret keyrings on a floppy disk, or download your company's email to a laptop computer, and read your email offline. Do not use PGP on a system that you don't have 24 hour physical control over each day.

Some people don't like to retype their passphrase very much and set the variable PGPPASS to ``persistent'' on their system. This stores the passphrase to a temporary file, and it makes it easier to obtain that person's passphrase. I recommend that you do not set this variable under any circumstances. Absolutely do not set this variable to ``persistent'' if you are using a networked computer.

What You Can Do

First of all, I've said we're talking about fairly sophisticated attacks. Tools for reading your RAM disk and swap files are not commonplace in every user's home directory, and possibly non-existent at all. Gaining root and planting trojans likewise requires some sophistication. So, if your system is only accessed by a few people whom you personally know, these risks may not apply to you.

Second, if you're running an ISP business from one or more Linux boxes, keep your users on a separate box from your gateway(s). You probably would want a sort of defensive perimeter insulating your users and application servers from the outside Internet. Even if you're running a very small ISP, this is a good idea.

Another good idea for a single Linux box that connects for long periods of time to the Internet might be to keep your secret keys on a floppy disk rather than in your pgp directory. (Adjust your PGPPATH variable accordingly.) When you read your mail, you'll want your floppy disk mounted, but remove it when you're done. Keep a console open that pipes various log files, such as /var/log/messages and /var/log/secure, to it so you know immediately whenever someone logs into your machine. When someone logs in whom you don't know, or from an untrusted host, watch them! Don't use PGP in front of them!

The moral here is keep your sensitive information disconnected from the public. If this means bringing down your link to the outside while you do sensitive work, so be it. If it means putting sensitive data on a disconnected machine, so be that! It all depends on how paranoid you feel you need to be. Not everyone needs to act like the NSA is after them! But as the Internet becomes more and more a part of our computing lives, your security habits are increasingly important. As technology grows, even TEMPEST attacks become cheaper! (Those are attacks using equipment designed to retrieve the electronic emmissions from your keystrokes and store them for future analysis.)

Third, PGP 2.6.x and beyond resist swapping the secret key to a swap file, so it may not happen in every session. Still, it is conceivable. The odds go up if you're using some sort of PGP shell or graphical interface for PGP. Many of these PGP shells make use of temporary files or your swap file for temporarily storing your secret key. My best advice is to stay away from these if you're in doubt. Just learn the command line version of PGP; use scripts that interface with your email software or use software that carefully incorporates PGP functionality such as XFmail, emxh, or mailcrypt for emacs' mail readers. The PGP 5.x version of Linux is supposed to be even smarter about this anti-swapping behavior than previous versions, though some 5.x versions of PGP don't write RSA keys and are therefore incompatable with earlier versions.

Fourth, you should routinely be checking for unfamiliar daemons running. At times like this, a packaging program like RPM (Red Hat Package Manager) can be very helpful. This program can go through and verify the installation of all your critical security software. (See man rpm for more details, especially the verify option.) I use the rpm -Va command as part of my nightly cron jobs. It checks for discrepancies in my RPM database and investigates according to my level of paranoia.

You can check running daemons by looking through the top command. You can also check /etc/inittab and your /etc/rc.d directory for your startup scripts to see what daemons are actually getting started at boot time. You should have tripwire or dailyscript or a similar program running, so if anyone alters your system logs you have a better chance of discovering the changes they were trying to cover up.

Conclusion

If you're just a casual PGP user, many of these concerns are probably overkill. But it's just a matter of time before the Internet will likely become a more fundamental part of your day-to-day computing life. If you're using PGP, you're already interested in protecting your privacy. Enterprising spammers and crackers are already exploiting common security weaknesses on connected Linux boxes, including connections with dynamically assigned IPs, and they will grab whatever private information they can, including your unencrypted secret key. In fact, an unencrypted copy of your secret key would be the most valuable nugget from your privacy they could have!



David S. Jackson
Created: Sun Nov 29 1998 17:14:33 EST