1 |
Foreword: |
2 |
This a wrap up of my previous email "RFC: Gentoo GPG key policies", from |
3 |
2013/02/18, incorporating all of the changes from the thread at the time. |
4 |
http://thread.gmane.org/gmane.linux.gentoo.devel/83996 |
5 |
This thread does contain other implementation suggestions for Repoman, but I |
6 |
think that is outside the scope of this GLEP. |
7 |
|
8 |
Apologies if my GLEP formatting is a bit rusty, it's been a while since I wrote |
9 |
one, and I wasn't sure how to combine many of the pieces of information here. |
10 |
Suggestions on breaking down the information differently welcomed. |
11 |
|
12 |
This should hopefully be a sufficient final proposal for the council to |
13 |
take as strongly guidelines and/or a GLEP. |
14 |
|
15 |
This was originally intended to be part of the tree-signing GLEP series, but |
16 |
was in one of the unpublished ones (GLEPxx+3 in the references). |
17 |
|
18 |
================================================ |
19 |
GLEP: xx |
20 |
Title: Gentoo GPG key policies |
21 |
Version: x |
22 |
Last-Modified: x |
23 |
Author: "Robin H. Johnson" <robbat2@g.o> |
24 |
Status: Draft |
25 |
Type: Standards Track |
26 |
Content-Type: text/x-rst |
27 |
Created: 2013/02/18 |
28 |
Post-History: 2013/11/10 |
29 |
|
30 |
Credits: |
31 |
======== |
32 |
Many developers and external sources helped in this GLEP. |
33 |
|
34 |
Abstract: |
35 |
========= |
36 |
|
37 |
This GLEP provides a both a minimum requirement and a recommended set of |
38 |
GPG key management policies for the Gentoo Linux distribution. |
39 |
|
40 |
Motivation: |
41 |
=========== |
42 |
|
43 |
... |
44 |
|
45 |
Specification: |
46 |
============== |
47 |
Bare minimum requirements: |
48 |
-------------------------- |
49 |
1. SHA2-series output digest (SHA1 digests internally permitted). |
50 |
"personal-digest-preferences SHA256" |
51 |
2. root key & signing subkey of EITHER: |
52 |
2.1. DSA, 2048-bit |
53 |
2.1.1. Exception: if your hardware token only supports 1024-bit, you may use it |
54 |
2.2. RSA, >=2048 bits, |
55 |
2.2.1. RSAv4 or later only: v3 and older are FORBIDDEN. |
56 |
3. Key expiry: 5 years max. |
57 |
|
58 |
Recommendations: |
59 |
---------------- |
60 |
0. Copy /usr/share/gnupg/gpg-conf.skel to ~/.gnupg/gpg.conf, append the |
61 |
block given in step 5 of the FAQ. |
62 |
TODO: The upstream skeleton config file has improved over the years, |
63 |
it would be useful for all users to get updates to it, but etc-update |
64 |
only works for /etc, since this is deployed per-user. Suggestions |
65 |
welcome on getting users to do this. |
66 |
|
67 |
1. SHA2-series digest on output & certifications: |
68 |
"personal-digest-preferences SHA256" |
69 |
"cert-digest-algo SHA256" |
70 |
|
71 |
2. Root key type of RSAv4, 4096 bits |
72 |
|
73 |
2.1. This may require creating an entirely new key. |
74 |
|
75 |
3. Dedicated signing subkey of EITHER: |
76 |
|
77 |
3.1. DSA 2048 bits exactly. |
78 |
|
79 |
3.2. RSA 4096 bits exactly. |
80 |
|
81 |
4. Key expiry: |
82 |
|
83 |
4.1. Root key: 3 year max, expiry renewed annually. |
84 |
|
85 |
4.2. Gentoo subkey: 1 year max, expiry renewed every 6 months. |
86 |
|
87 |
5. Create a revocation certificate & store it hardcopy offsite securely |
88 |
(it's about ~300 bytes). |
89 |
|
90 |
6. Encrypted backup of your secret keys. |
91 |
|
92 |
7. In your gpg.conf: |
93 |
:: |
94 |
# include an unambiguous indicator of which key made a signature: |
95 |
# (and http://www.ietf.org/mail-archive/web/openpgp/current/msg00405.html) |
96 |
# (see http://thread.gmane.org/gmane.mail.notmuch.general/3721/focus=7234) |
97 |
sig-notation issuer-fpr@×××××××××××××××××××××××××××××××.net=%g |
98 |
|
99 |
Notes/FAQ: |
100 |
---------- |
101 |
1. "Ok, so how do I follow this?" |
102 |
[#DEBIANGPG]_ |
103 |
[#EKAIA]_ |
104 |
|
105 |
2. "How can I be really sure/paranoid enough?" |
106 |
[#RISEUP]_. |
107 |
|
108 |
3. Every 3-6 months, and/or before key expiry and major keysigning |
109 |
events, you should update your key expiry date with the 'expire' |
110 |
command (remember to do all subkeys). Put it on your calendar! |
111 |
|
112 |
4. If you intend to sign on a very slow alternative-arch, you may find adding a |
113 |
DSA1024 subkey significantly speeds up the signing. |
114 |
TODO: should we codify this exception? |
115 |
|
116 |
5. Can you give me a full ~/.gnupg/gpg.conf file? |
117 |
:: |
118 |
keyserver pool.sks-keyservers.net |
119 |
emit-version |
120 |
default-recipient-self |
121 |
# -- All of the below portion from the RiseUp.net OpenPGP best practices, and |
122 |
# -- many of them are also in the Debian GPG documentation. |
123 |
# when outputting certificates, view user IDs distinctly from keys: |
124 |
fixed-list-mode |
125 |
# long keyids are more collision-resistant than short keyids (it's trivial to make a key with any desired short keyid) |
126 |
keyid-format 0xlong |
127 |
# when multiple digests are supported by all recipients, choose the strongest one: |
128 |
personal-digest-preferences SHA512 SHA384 SHA256 SHA224 |
129 |
# preferences chosen for new keys should prioritize stronger algorithms: |
130 |
default-preference-list SHA512 SHA384 SHA256 SHA224 AES256 AES192 AES CAST5 BZIP2 ZLIB ZIP Uncompressed |
131 |
# If you use a graphical environment (and even if you don't) you should be using an agent: |
132 |
# (similar arguments as https://www.debian-administration.org/users/dkg/weblog/64) |
133 |
use-agent |
134 |
# You should always know at a glance which User IDs gpg thinks are legitimately bound to the keys in your keyring: |
135 |
verify-options show-uid-validity |
136 |
list-options show-uid-validity |
137 |
# include an unambiguous indicator of which key made a signature: |
138 |
# (see http://thread.gmane.org/gmane.mail.notmuch.general/3721/focus=7234) |
139 |
sig-notation issuer-fpr@×××××××××××××××××××××××××××××××.net=%g |
140 |
# when making an OpenPGP certification, use a stronger digest than the default SHA1: |
141 |
cert-digest-algo SHA256 |
142 |
|
143 |
6. "What about elliptic-curve/ECC keys?" |
144 |
They are not used finalized in the OpenPGP draft specification, esp. |
145 |
in light of concerns that the NSA may have chosen some of the key |
146 |
values to be backdoor values; when the specification includes curves |
147 |
that are known to be free of this concern, this GLEP should be |
148 |
revised. |
149 |
|
150 |
7. RSA >4096 bits, and DSA >2048 bits are not supported in the OpenPGP |
151 |
specification, and there may be interoperability issues with them. |
152 |
|
153 |
8. make.conf settings: |
154 |
:: |
155 |
FEATURES="${FEATURES} sign" |
156 |
PORTAGE_GPG_DIR="/home/exampleuser/.gnupg" |
157 |
# You should use the full 16-character key handle to your signing |
158 |
# subkey, with a '!' on the end to ensure that subkey is used. |
159 |
PORTAGE_GPG_KEY="0x1234567890ABCDEF!" |
160 |
|
161 |
9. You MUST upload your key to the SKS keyserver rotation before usage! |
162 |
TODO: we had considered running an internal keyserver for developers only, |
163 |
is this still in demand, or not needing with a good public keyserver and the |
164 |
gentoo-keys project? |
165 |
|
166 |
Gentoo LDAP: |
167 |
============ |
168 |
All developers must list the complete GPG fingerprint for their root |
169 |
keys in the "gpgfingerprint" LDAP field. |
170 |
|
171 |
It should be exactly 40 hex digits, uppercase, with optional spaces |
172 |
every 8 hex digits. Regular expression for validation: ^[[:xdigit]]{8}( |
173 |
?[[:xdigit]]{8}){4}$ |
174 |
|
175 |
The prior "gpgkey" field will be removed, as it is a subset of the |
176 |
fingerprint field. In any place that presently displays the gpgkey |
177 |
field, the last 16 hex digits of the fingerprint should be displayed |
178 |
instead. |
179 |
|
180 |
Tools: |
181 |
====== |
182 |
We have most of the key-tracking in progress in the gentoo-keys project |
183 |
[#GENTOOKEYS]_. |
184 |
|
185 |
This toolset should also include easy-to-use tools for developers to generate |
186 |
new keys [#TOOLSET]_ (using the recommendations) and update expiry dates. |
187 |
|
188 |
This tool should generate a final user-formatted keyring, to be hosted on the |
189 |
Gentoo API site. |
190 |
|
191 |
Backwards Compatibility: |
192 |
======================== |
193 |
There is no consistent standard for GPG usage in Gentoo to date. |
194 |
There is conflicting information in the Devmanual [#DEVMANUAL-MANIFEST]_ |
195 |
and the GnuPG Gentoo user guide [#GNUPG-USER]_. As there is little |
196 |
enforcement of Manifest signing and very little commit signing to date, |
197 |
there are no backwards compatibility concerns. |
198 |
|
199 |
External documentation: |
200 |
======================= |
201 |
Much of the above was driven by the following: |
202 |
- NIST SP 800-57 recommendations [#NIST-SP800-57-1]_, |
203 |
[##NIST-SP800-57-2]_ |
204 |
- Debian GPG documentation [#DEBIANGPG]_ |
205 |
- RiseUp.net OpenPGP best practices [#RISEUP]_ |
206 |
|
207 |
References: |
208 |
=========== |
209 |
.. [#GENTOOKEYS] Gentoo Keys project |
210 |
(http://git.overlays.gentoo.org/gitweb/?p=proj/gentoo-keys.git) |
211 |
.. [#TOOLSET] http://thread.gmane.org/gmane.linux.gentoo.devel/83996/focus=84220 |
212 |
.. [#NIST-SP800-57-1] NIST SP 800-57: Recommendation for Key Management: Part 1: General (Revision 3) |
213 |
(http://csrc.nist.gov/publications/nistpubs/800-57/sp800-57_part1_rev3_general.pdf) |
214 |
.. [#NIST-SP800-57-2] NIST SP 800-57: Recommendation for Key Management: Part 2: Best Practices for Key Management Organization |
215 |
(http://csrc.nist.gov/publications/nistpubs/800-57/SP800-57-Part2.pdf) |
216 |
.. [#EKAIA] Ana's blog: Creating a new GPG key |
217 |
(http://ekaia.org/blog/2009/05/10/creating-new-gpgkey/) |
218 |
.. [#DEBIANGPG] Debian GPG documentation |
219 |
(https://wiki.debian.org/Keysigning) |
220 |
.. [#RISEUP] RiseUp.net OpenPGP best practices |
221 |
(https://we.riseup.net/riseuplabs+paow/openpgp-best-practices) |
222 |
.. [#DEVMANUAL-MANIFEST] Gentoo Development Guide: Manifest |
223 |
(http://devmanual.gentoo.org/general-concepts/manifest/index.html) |
224 |
.. [#GNUPG-USER] GnuPG Gentoo User Guide |
225 |
(http://www.gentoo.org/doc/en/gnupg-user.xml) |
226 |
|
227 |
-- |
228 |
Robin Hugh Johnson |
229 |
Gentoo Linux: Developer, Trustee & Infrastructure Lead |
230 |
E-Mail : robbat2@g.o |
231 |
GnuPG FP : 11ACBA4F 4778E3F6 E4EDF38E B27B944E 34884E85 |