| 1 |
Updated complete text after applying two more patches on k_f's request. |
| 2 |
|
| 3 |
--- |
| 4 |
GLEP: 63 |
| 5 |
Title: Gentoo OpenPGP policies |
| 6 |
Author: Robin H. Johnson <robbat2@g.o>, |
| 7 |
Andreas K. Hüttel <dilfridge@g.o>, |
| 8 |
Marissa Fischer <blogtodiffer@×××××.com> |
| 9 |
Type: Standards Track |
| 10 |
Status: Final |
| 11 |
Version: 2 |
| 12 |
Created: 2013-02-18 |
| 13 |
Last-Modified: 2018-07-04 |
| 14 |
Post-History: 2013-11-10 |
| 15 |
Content-Type: text/x-rst |
| 16 |
--- |
| 17 |
|
| 18 |
Credits |
| 19 |
======= |
| 20 |
|
| 21 |
Many developers and external sources helped in this GLEP. |
| 22 |
|
| 23 |
Abstract |
| 24 |
======== |
| 25 |
|
| 26 |
This GLEP provides both a minimum requirement and a recommended set of |
| 27 |
OpenPGP key management policies for the Gentoo Linux distribution. |
| 28 |
|
| 29 |
Changes |
| 30 |
======= |
| 31 |
|
| 32 |
v2 |
| 33 |
The recommended key expiration rules have been moved to the minimal |
| 34 |
specification. Changing the expiration date of existing keys is possible |
| 35 |
in-place so there is no need to provide for transitional 'minimum' value. |
| 36 |
|
| 37 |
An additional rule requesting key renewal 2 weeks before expiration |
| 38 |
has been added. This is in order to give services and other developers time |
| 39 |
to refresh the key. |
| 40 |
|
| 41 |
The usage of DSA keys has been disallowed. |
| 42 |
|
| 43 |
v1.1 |
| 44 |
The recommended RSA key size has been changed from 4096 bits |
| 45 |
to 2048 bits to match the GnuPG recommendations [#GNUPG-FAQ-11-4]_. |
| 46 |
The larger recommendation was unjustified and resulted in people |
| 47 |
unnecessarily replacing their RSA-2048 keys. |
| 48 |
|
| 49 |
Minimal specification has been amended to allow for ECC keys. |
| 50 |
|
| 51 |
The option of using DSA subkey has been removed from recommendations. |
| 52 |
The section now specifies a single recommendation of using RSA. |
| 53 |
|
| 54 |
Motivation |
| 55 |
========== |
| 56 |
|
| 57 |
Given the increasing use and importance of cryptographic protocols in internet |
| 58 |
transactions of any kind, unified requirements for OpenPGP keys used in Gentoo |
| 59 |
Linux development are sorely needed. This document provides both a set of |
| 60 |
bare minimum requirements and a set of best practice recommendations for |
| 61 |
the use of GnuPG (or other OpenPGP providers) by Gentoo Linux developers. |
| 62 |
It is intended to provide a basis for future improvements such as, e.g., |
| 63 |
consistent ebuild or package signing and verifying by end users. |
| 64 |
|
| 65 |
Specifications for OpenPGP keys |
| 66 |
=============================== |
| 67 |
|
| 68 |
Bare minimum requirements |
| 69 |
------------------------- |
| 70 |
This section specifies obligatory requirements for all OpenPGP keys used |
| 71 |
to commit to Gentoo. Keys that do not conform to those requirements can |
| 72 |
not be used to commit. |
| 73 |
|
| 74 |
1. SHA2-series output digest (SHA1 digests internally permitted), |
| 75 |
256bit or more:: |
| 76 |
|
| 77 |
personal-digest-preferences SHA256 |
| 78 |
|
| 79 |
2. Signing subkey that is different from the primary key, and does not |
| 80 |
have any other capabilities enabled. |
| 81 |
|
| 82 |
3. Primary key and the signing subkey are both of type EITHER: |
| 83 |
|
| 84 |
a. RSA, >=2048 bits (OpenPGP v4 key format or later only) |
| 85 |
|
| 86 |
b. ECC, curve 25519 |
| 87 |
|
| 88 |
4. Key expiration: |
| 89 |
|
| 90 |
a. Primary key: 3 years maximum |
| 91 |
|
| 92 |
b. Signing subkey: 1 year maximum |
| 93 |
|
| 94 |
5. Key expiration date renewed at least 2 weeks before the previous |
| 95 |
expiration date. |
| 96 |
|
| 97 |
6. Upload your key to the SKS keyserver rotation before usage! |
| 98 |
|
| 99 |
Recommendations |
| 100 |
--------------- |
| 101 |
This section specifies the best practices for Gentoo developers. |
| 102 |
The developers should follow those practices unless there is a strong |
| 103 |
technical reason not to (e.g. hardware limitations, necessity of replacing |
| 104 |
their primary key). |
| 105 |
|
| 106 |
1. Copy ``/usr/share/gnupg/gpg-conf.skel`` to ``~/.gnupg/gpg.conf``, append |
| 107 |
the following block:: |
| 108 |
|
| 109 |
keyserver pool.sks-keyservers.net |
| 110 |
|
| 111 |
emit-version |
| 112 |
|
| 113 |
default-recipient-self |
| 114 |
|
| 115 |
# -- All of the below portion from the RiseUp.net OpenPGP best practices, and |
| 116 |
# -- many of them are also in the Debian GPG documentation. |
| 117 |
|
| 118 |
# when outputting certificates, view user IDs distinctly from keys: |
| 119 |
fixed-list-mode |
| 120 |
|
| 121 |
# long keyids are more collision-resistant than short keyids (it's trivial to make a key |
| 122 |
# with any desired short keyid) |
| 123 |
# NOTE: this breaks kmail gnupg support! |
| 124 |
keyid-format 0xlong |
| 125 |
|
| 126 |
# when multiple digests are supported by all recipients, choose the strongest one: |
| 127 |
personal-digest-preferences SHA512 SHA384 SHA256 SHA224 |
| 128 |
|
| 129 |
# preferences chosen for new keys should prioritize stronger algorithms: |
| 130 |
default-preference-list SHA512 SHA384 SHA256 SHA224 AES256 AES192 AES CAST5 BZIP2 ZLIB ZIP Uncompressed |
| 131 |
|
| 132 |
# If you use a graphical environment (and even if you don't) you should be using an agent: |
| 133 |
# (similar arguments as https://www.debian-administration.org/users/dkg/weblog/64) |
| 134 |
use-agent |
| 135 |
|
| 136 |
# You should always know at a glance which User IDs gpg thinks are legitimately bound to |
| 137 |
# the keys in your keyring: |
| 138 |
verify-options show-uid-validity |
| 139 |
list-options show-uid-validity |
| 140 |
|
| 141 |
# include an unambiguous indicator of which key made a signature: |
| 142 |
# (see http://thread.gmane.org/gmane.mail.notmuch.general/3721/focus=7234) |
| 143 |
# (and http://www.ietf.org/mail-archive/web/openpgp/current/msg00405.html) |
| 144 |
sig-notation issuer-fpr@×××××××××××××××××××××××××××××××.net=%g |
| 145 |
|
| 146 |
# when making an OpenPGP certification, use a stronger digest than the default SHA1: |
| 147 |
cert-digest-algo SHA256 |
| 148 |
|
| 149 |
2. Primary key and the signing subkey are both of type RSA, 2048 bits |
| 150 |
(OpenPGP v4 key format or later) |
| 151 |
|
| 152 |
3. Key expiration renewal: |
| 153 |
|
| 154 |
a. Primary key: annual |
| 155 |
|
| 156 |
b. Signing subkey: every 6 months |
| 157 |
|
| 158 |
4. Create a revocation certificate & store it hardcopy offsite securely |
| 159 |
(it's about ~300 bytes). |
| 160 |
|
| 161 |
5. Encrypted backup of your secret keys. |
| 162 |
|
| 163 |
Gentoo LDAP |
| 164 |
=========== |
| 165 |
|
| 166 |
All Gentoo developers must list the complete fingerprint for their primary |
| 167 |
keys in the "``gpgfingerprint``" LDAP field. It must be exactly 40 hex digits, |
| 168 |
uppercase, with optional spaces every 8 hex digits. Regular expression for |
| 169 |
validation:: |
| 170 |
|
| 171 |
^([[:space:]]*[[:xdigit:]]{8}){5}$ |
| 172 |
|
| 173 |
The prior "``gpgkey``" field will be removed, as it is a subset |
| 174 |
of the fingerprint field. In any place that presently displays |
| 175 |
the "``gpgkey``" field, the last 16 hex digits of the fingerprint should |
| 176 |
be displayed instead. |
| 177 |
|
| 178 |
Backwards Compatibility |
| 179 |
======================= |
| 180 |
|
| 181 |
There is no consistent standard for GPG usage in Gentoo to date. There is |
| 182 |
conflicting information in the Devmanual [#DEVMANUAL-MANIFEST]_ and the GnuPG |
| 183 |
Gentoo user guide [#GNUPG-USER]_. As there is little enforcement of Manifest |
| 184 |
signing and very little commit signing to date, there are no backwards |
| 185 |
compatibility concerns. |
| 186 |
|
| 187 |
External documentation |
| 188 |
====================== |
| 189 |
|
| 190 |
Much of the above was driven by the following: |
| 191 |
|
| 192 |
* NIST SP 800-57 recommendations [#NISTSP800571]_, [#NISTSP800572]_ |
| 193 |
|
| 194 |
* Debian GPG documentation [#DEBIANGPG]_ |
| 195 |
|
| 196 |
* RiseUp.net OpenPGP best practices [#RISEUP]_ |
| 197 |
|
| 198 |
* ENISA Algorithms, Key Sizes and Parameters Report 2013 [#ENISA2013]_ |
| 199 |
|
| 200 |
References |
| 201 |
========== |
| 202 |
|
| 203 |
.. [#GNUPG-FAQ-11-4] GnuPG FAQ: Why doesn’t GnuPG default to using RSA-4096? |
| 204 |
(https://www.gnupg.org/faq/gnupg-faq.html#no_default_of_rsa4096) |
| 205 |
|
| 206 |
.. [#DEBIANGPG] Debian GPG documentation |
| 207 |
(https://wiki.debian.org/Keysigning) |
| 208 |
|
| 209 |
.. [#EKAIA] Ana's blog: Creating a new GPG key |
| 210 |
(http://ekaia.org/blog/2009/05/10/creating-new-gpgkey/) |
| 211 |
|
| 212 |
.. [#RISEUP] RiseUp.net OpenPGP best practices |
| 213 |
(https://help.riseup.net/en/security/message-security/openpgp/best-practices) |
| 214 |
|
| 215 |
.. [#DEVMANUAL-MANIFEST] Gentoo Development Guide: Manifest |
| 216 |
(http://devmanual.gentoo.org/general-concepts/manifest/index.html) |
| 217 |
|
| 218 |
.. [#GNUPG-USER] GnuPG Gentoo User Guide |
| 219 |
(http://www.gentoo.org/doc/en/gnupg-user.xml) |
| 220 |
|
| 221 |
.. [#NISTSP800571] NIST SP 800-57: Recommendation for Key Management: |
| 222 |
Part 1: General (Revision 3) |
| 223 |
(http://csrc.nist.gov/publications/nistpubs/800-57/sp800-57_part1_rev3_general.pdf) |
| 224 |
|
| 225 |
.. [#NISTSP800572] NIST SP 800-57: Recommendation for Key Management: |
| 226 |
Part 2: Best Practices for Key Management Organization |
| 227 |
(http://csrc.nist.gov/publications/nistpubs/800-57/SP800-57-Part2.pdf) |
| 228 |
|
| 229 |
.. [#ISSUER-ANNOTATE] Including the entire fingerprint of the issuer |
| 230 |
in an OpenPGP certification |
| 231 |
(http://thread.gmane.org/gmane.mail.notmuch.general/3721/focus=7234) |
| 232 |
|
| 233 |
.. [#ENISA2013] ENISA Algorithms, Key Sizes and Parameters Report, |
| 234 |
2013 recommendations, version 1.0 (October 2013) |
| 235 |
(https://www.enisa.europa.eu/activities/identity-and-trust/library/deliverables/algorithms-key-sizes-and-parameters-report) |
| 236 |
|
| 237 |
Copyright |
| 238 |
========= |
| 239 |
Copyright (c) 2013 by Robin Hugh Johnson, Andreas K. Hüttel, Marissa Fischer. |
| 240 |
|
| 241 |
This work is licensed under the Creative Commons Attribution-ShareAlike 3.0 |
| 242 |
Unported License. To view a copy of this license, visit |
| 243 |
http://creativecommons.org/licenses/by-sa/3.0/. |
| 244 |
|
| 245 |
-- |
| 246 |
Best regards, |
| 247 |
Michał Górny |
Archives