| 1 |
Foreword: |
| 2 |
This a wrap up of my previous email "RFC: Gentoo GPG key policies", from |
| 3 |
2013/02/18, incorporating all of the changes from the thread at the time. |
| 4 |
http://thread.gmane.org/gmane.linux.gentoo.devel/83996 |
| 5 |
This thread does contain other implementation suggestions for Repoman, but I |
| 6 |
think that is outside the scope of this GLEP. |
| 7 |
|
| 8 |
Apologies if my GLEP formatting is a bit rusty, it's been a while since I wrote |
| 9 |
one, and I wasn't sure how to combine many of the pieces of information here. |
| 10 |
Suggestions on breaking down the information differently welcomed. |
| 11 |
|
| 12 |
This should hopefully be a sufficient final proposal for the council to |
| 13 |
take as strongly guidelines and/or a GLEP. |
| 14 |
|
| 15 |
This was originally intended to be part of the tree-signing GLEP series, but |
| 16 |
was in one of the unpublished ones (GLEPxx+3 in the references). |
| 17 |
|
| 18 |
================================================ |
| 19 |
GLEP: xx |
| 20 |
Title: Gentoo GPG key policies |
| 21 |
Version: x |
| 22 |
Last-Modified: x |
| 23 |
Author: "Robin H. Johnson" <robbat2@g.o> |
| 24 |
Status: Draft |
| 25 |
Type: Standards Track |
| 26 |
Content-Type: text/x-rst |
| 27 |
Created: 2013/02/18 |
| 28 |
Post-History: 2013/11/10 |
| 29 |
|
| 30 |
Credits: |
| 31 |
======== |
| 32 |
Many developers and external sources helped in this GLEP. |
| 33 |
|
| 34 |
Abstract: |
| 35 |
========= |
| 36 |
|
| 37 |
This GLEP provides a both a minimum requirement and a recommended set of |
| 38 |
GPG key management policies for the Gentoo Linux distribution. |
| 39 |
|
| 40 |
Motivation: |
| 41 |
=========== |
| 42 |
|
| 43 |
... |
| 44 |
|
| 45 |
Specification: |
| 46 |
============== |
| 47 |
Bare minimum requirements: |
| 48 |
-------------------------- |
| 49 |
1. SHA2-series output digest (SHA1 digests internally permitted). |
| 50 |
"personal-digest-preferences SHA256" |
| 51 |
2. root key & signing subkey of EITHER: |
| 52 |
2.1. DSA, 2048-bit |
| 53 |
2.1.1. Exception: if your hardware token only supports 1024-bit, you may use it |
| 54 |
2.2. RSA, >=2048 bits, |
| 55 |
2.2.1. RSAv4 or later only: v3 and older are FORBIDDEN. |
| 56 |
3. Key expiry: 5 years max. |
| 57 |
|
| 58 |
Recommendations: |
| 59 |
---------------- |
| 60 |
0. Copy /usr/share/gnupg/gpg-conf.skel to ~/.gnupg/gpg.conf, append the |
| 61 |
block given in step 5 of the FAQ. |
| 62 |
TODO: The upstream skeleton config file has improved over the years, |
| 63 |
it would be useful for all users to get updates to it, but etc-update |
| 64 |
only works for /etc, since this is deployed per-user. Suggestions |
| 65 |
welcome on getting users to do this. |
| 66 |
|
| 67 |
1. SHA2-series digest on output & certifications: |
| 68 |
"personal-digest-preferences SHA256" |
| 69 |
"cert-digest-algo SHA256" |
| 70 |
|
| 71 |
2. Root key type of RSAv4, 4096 bits |
| 72 |
|
| 73 |
2.1. This may require creating an entirely new key. |
| 74 |
|
| 75 |
3. Dedicated signing subkey of EITHER: |
| 76 |
|
| 77 |
3.1. DSA 2048 bits exactly. |
| 78 |
|
| 79 |
3.2. RSA 4096 bits exactly. |
| 80 |
|
| 81 |
4. Key expiry: |
| 82 |
|
| 83 |
4.1. Root key: 3 year max, expiry renewed annually. |
| 84 |
|
| 85 |
4.2. Gentoo subkey: 1 year max, expiry renewed every 6 months. |
| 86 |
|
| 87 |
5. Create a revocation certificate & store it hardcopy offsite securely |
| 88 |
(it's about ~300 bytes). |
| 89 |
|
| 90 |
6. Encrypted backup of your secret keys. |
| 91 |
|
| 92 |
7. In your gpg.conf: |
| 93 |
:: |
| 94 |
# include an unambiguous indicator of which key made a signature: |
| 95 |
# (and http://www.ietf.org/mail-archive/web/openpgp/current/msg00405.html) |
| 96 |
# (see http://thread.gmane.org/gmane.mail.notmuch.general/3721/focus=7234) |
| 97 |
sig-notation issuer-fpr@×××××××××××××××××××××××××××××××.net=%g |
| 98 |
|
| 99 |
Notes/FAQ: |
| 100 |
---------- |
| 101 |
1. "Ok, so how do I follow this?" |
| 102 |
[#DEBIANGPG]_ |
| 103 |
[#EKAIA]_ |
| 104 |
|
| 105 |
2. "How can I be really sure/paranoid enough?" |
| 106 |
[#RISEUP]_. |
| 107 |
|
| 108 |
3. Every 3-6 months, and/or before key expiry and major keysigning |
| 109 |
events, you should update your key expiry date with the 'expire' |
| 110 |
command (remember to do all subkeys). Put it on your calendar! |
| 111 |
|
| 112 |
4. If you intend to sign on a very slow alternative-arch, you may find adding a |
| 113 |
DSA1024 subkey significantly speeds up the signing. |
| 114 |
TODO: should we codify this exception? |
| 115 |
|
| 116 |
5. Can you give me a full ~/.gnupg/gpg.conf file? |
| 117 |
:: |
| 118 |
keyserver pool.sks-keyservers.net |
| 119 |
emit-version |
| 120 |
default-recipient-self |
| 121 |
# -- All of the below portion from the RiseUp.net OpenPGP best practices, and |
| 122 |
# -- many of them are also in the Debian GPG documentation. |
| 123 |
# when outputting certificates, view user IDs distinctly from keys: |
| 124 |
fixed-list-mode |
| 125 |
# long keyids are more collision-resistant than short keyids (it's trivial to make a key with any desired short keyid) |
| 126 |
keyid-format 0xlong |
| 127 |
# when multiple digests are supported by all recipients, choose the strongest one: |
| 128 |
personal-digest-preferences SHA512 SHA384 SHA256 SHA224 |
| 129 |
# preferences chosen for new keys should prioritize stronger algorithms: |
| 130 |
default-preference-list SHA512 SHA384 SHA256 SHA224 AES256 AES192 AES CAST5 BZIP2 ZLIB ZIP Uncompressed |
| 131 |
# If you use a graphical environment (and even if you don't) you should be using an agent: |
| 132 |
# (similar arguments as https://www.debian-administration.org/users/dkg/weblog/64) |
| 133 |
use-agent |
| 134 |
# You should always know at a glance which User IDs gpg thinks are legitimately bound to the keys in your keyring: |
| 135 |
verify-options show-uid-validity |
| 136 |
list-options show-uid-validity |
| 137 |
# include an unambiguous indicator of which key made a signature: |
| 138 |
# (see http://thread.gmane.org/gmane.mail.notmuch.general/3721/focus=7234) |
| 139 |
sig-notation issuer-fpr@×××××××××××××××××××××××××××××××.net=%g |
| 140 |
# when making an OpenPGP certification, use a stronger digest than the default SHA1: |
| 141 |
cert-digest-algo SHA256 |
| 142 |
|
| 143 |
6. "What about elliptic-curve/ECC keys?" |
| 144 |
They are not used finalized in the OpenPGP draft specification, esp. |
| 145 |
in light of concerns that the NSA may have chosen some of the key |
| 146 |
values to be backdoor values; when the specification includes curves |
| 147 |
that are known to be free of this concern, this GLEP should be |
| 148 |
revised. |
| 149 |
|
| 150 |
7. RSA >4096 bits, and DSA >2048 bits are not supported in the OpenPGP |
| 151 |
specification, and there may be interoperability issues with them. |
| 152 |
|
| 153 |
8. make.conf settings: |
| 154 |
:: |
| 155 |
FEATURES="${FEATURES} sign" |
| 156 |
PORTAGE_GPG_DIR="/home/exampleuser/.gnupg" |
| 157 |
# You should use the full 16-character key handle to your signing |
| 158 |
# subkey, with a '!' on the end to ensure that subkey is used. |
| 159 |
PORTAGE_GPG_KEY="0x1234567890ABCDEF!" |
| 160 |
|
| 161 |
9. You MUST upload your key to the SKS keyserver rotation before usage! |
| 162 |
TODO: we had considered running an internal keyserver for developers only, |
| 163 |
is this still in demand, or not needing with a good public keyserver and the |
| 164 |
gentoo-keys project? |
| 165 |
|
| 166 |
Gentoo LDAP: |
| 167 |
============ |
| 168 |
All developers must list the complete GPG fingerprint for their root |
| 169 |
keys in the "gpgfingerprint" LDAP field. |
| 170 |
|
| 171 |
It should be exactly 40 hex digits, uppercase, with optional spaces |
| 172 |
every 8 hex digits. Regular expression for validation: ^[[:xdigit]]{8}( |
| 173 |
?[[:xdigit]]{8}){4}$ |
| 174 |
|
| 175 |
The prior "gpgkey" field will be removed, as it is a subset of the |
| 176 |
fingerprint field. In any place that presently displays the gpgkey |
| 177 |
field, the last 16 hex digits of the fingerprint should be displayed |
| 178 |
instead. |
| 179 |
|
| 180 |
Tools: |
| 181 |
====== |
| 182 |
We have most of the key-tracking in progress in the gentoo-keys project |
| 183 |
[#GENTOOKEYS]_. |
| 184 |
|
| 185 |
This toolset should also include easy-to-use tools for developers to generate |
| 186 |
new keys [#TOOLSET]_ (using the recommendations) and update expiry dates. |
| 187 |
|
| 188 |
This tool should generate a final user-formatted keyring, to be hosted on the |
| 189 |
Gentoo API site. |
| 190 |
|
| 191 |
Backwards Compatibility: |
| 192 |
======================== |
| 193 |
There is no consistent standard for GPG usage in Gentoo to date. |
| 194 |
There is conflicting information in the Devmanual [#DEVMANUAL-MANIFEST]_ |
| 195 |
and the GnuPG Gentoo user guide [#GNUPG-USER]_. As there is little |
| 196 |
enforcement of Manifest signing and very little commit signing to date, |
| 197 |
there are no backwards compatibility concerns. |
| 198 |
|
| 199 |
External documentation: |
| 200 |
======================= |
| 201 |
Much of the above was driven by the following: |
| 202 |
- NIST SP 800-57 recommendations [#NIST-SP800-57-1]_, |
| 203 |
[##NIST-SP800-57-2]_ |
| 204 |
- Debian GPG documentation [#DEBIANGPG]_ |
| 205 |
- RiseUp.net OpenPGP best practices [#RISEUP]_ |
| 206 |
|
| 207 |
References: |
| 208 |
=========== |
| 209 |
.. [#GENTOOKEYS] Gentoo Keys project |
| 210 |
(http://git.overlays.gentoo.org/gitweb/?p=proj/gentoo-keys.git) |
| 211 |
.. [#TOOLSET] http://thread.gmane.org/gmane.linux.gentoo.devel/83996/focus=84220 |
| 212 |
.. [#NIST-SP800-57-1] NIST SP 800-57: Recommendation for Key Management: Part 1: General (Revision 3) |
| 213 |
(http://csrc.nist.gov/publications/nistpubs/800-57/sp800-57_part1_rev3_general.pdf) |
| 214 |
.. [#NIST-SP800-57-2] NIST SP 800-57: Recommendation for Key Management: Part 2: Best Practices for Key Management Organization |
| 215 |
(http://csrc.nist.gov/publications/nistpubs/800-57/SP800-57-Part2.pdf) |
| 216 |
.. [#EKAIA] Ana's blog: Creating a new GPG key |
| 217 |
(http://ekaia.org/blog/2009/05/10/creating-new-gpgkey/) |
| 218 |
.. [#DEBIANGPG] Debian GPG documentation |
| 219 |
(https://wiki.debian.org/Keysigning) |
| 220 |
.. [#RISEUP] RiseUp.net OpenPGP best practices |
| 221 |
(https://we.riseup.net/riseuplabs+paow/openpgp-best-practices) |
| 222 |
.. [#DEVMANUAL-MANIFEST] Gentoo Development Guide: Manifest |
| 223 |
(http://devmanual.gentoo.org/general-concepts/manifest/index.html) |
| 224 |
.. [#GNUPG-USER] GnuPG Gentoo User Guide |
| 225 |
(http://www.gentoo.org/doc/en/gnupg-user.xml) |
| 226 |
|
| 227 |
-- |
| 228 |
Robin Hugh Johnson |
| 229 |
Gentoo Linux: Developer, Trustee & Infrastructure Lead |
| 230 |
E-Mail : robbat2@g.o |
| 231 |
GnuPG FP : 11ACBA4F 4778E3F6 E4EDF38E B27B944E 34884E85 |
Archives