5 January 2020

Paranoia, programming and password tools

by mo


What if…? - paranoia loop

I want to talk about Signal, Keybase, GPG, tutanota, protonmail and pass.

Signal

The Signal protocol was originally based on the OTR. The Signal protocol was incorporated into WhatsApp for e2e encryption. The Signal protocol was incorporated into Google Allow when incognito mode is enabled. The Signal protocol was incorporated into Facebook Messenger when Secret Conversations is enabled. The Signal protocol was incorporated into Skype when Private Converstations is enabled.

I use the Signal app that uses the Signal protocol made by Open Whisper Systems. You need to register a phone number with the network but for now this is the best option that I know of for peer-to-peer encrypted conversations with:

  • public key cryptography for authentication
  • Unique shared secret generated for communication between two parties.
  • Double ratchet algorithm to support forward secrecy.
  • Asynchronous messaging across multiple devices without a need for the devices to remain online.

I also like that this protocol is gaining more and more adoption and has been through several versions or improvement. Active development is funded by a 501c3 nonprofit and not owned by a commercial for profit entity.

It’s cross platform and does not require vendor lockin. The toughest part is convincing friends to give up iMessage in favour of the Signal app and the fact that you can’t replace the default SMS app on iOS.

iMessage is a proprietary binary protocol. I’m not certain of the level of peer review of this protocol but I can say that it requires membership in club Apple. The cost to join this exclusive club appears to be going up while they sell privacy as a luxury. Privacy is not a luxury item.

Please install Signal for Android or Signal for iOS. I’m not interested in letting Apple, Google, Facebook, Microsoft influence my digital conversations. The power of SMS was it’s ease of access across devices but it comes at the cost of sending cleartext messages to one another.

Still don’t believe me, then please read the surveillance self-defense from the EFF.

PGP via GPG

Alphabet soup, right? Let’s simplify this a bit… PGP is the standard and GPG is a specific tool that uses the standard. Simple, right?

PGP stands for Pretty Good Privacy. It’s a standard that provides:

  • encryption
  • decryption
  • signing
  • key management

PGP leans on public key cryptography for authenticating that a message came from the person it claims to originate from and to ensure only the intended recipient of the message can read it. It’s not perfect because once a person’s key is compromised all previous messages or emails that used that key is readable. Also, as compute speed increases messages from the past that were secured with a low bit key can now be attacked with sufficient compute power.

GPG stands for GNU Privacy Guard which implements the free parts of PGP.

I use GPG because it’s free and is available in most *nix based distros. It’s main purpose is for securing email but it has uses outside of that. For example, I use the pass program for managing my passwords, api keys and time based one time password secrets. This makes it really hand to export specify api keys into my shell from the pass program when I need it. It also makes it possible to store my gmail account password and share it with Mutt when I want to unlock my GPG keyring or share my IRC credentials with WeeChat when I want to sign in to a SASL authenticated node.

Programmers using git can also sign their commits using the private key component of a public/private key pair. Typically, programmers publish their public keys to keyservers so that other developers can fetch their public key and verify the integrity of signed commits.

We can check the integrity of git signed commits using git log --show-signature. By default git will attempt to chat with gpg. Integrity checks for signed commits will only work for any public keys that we have imported into our GPG keyring. I’m told that people have key sharing parties where people can share their public keys with one another. I have never been to a party but I have imported friends public keys from their website via.

$ gpg --fetch-keys https://www.mokhan.ca/mokha.asc

We can also go a step further and share our public keys with keyservers. Then we can configure gpg to fetch unknown keys from a specific keyserver.

Here’s an example $HOME/.gnupg/gpg.conf:

keyserver hkps://hkps.pool.sks-keyservers.net
keyserver-options auto-key-retrieve

This will allow us to run git log --show-signature and let gpg fetch any unknown keys to verify the authenticity of the signed commit.

$ git clone https://github.com/rails/rails.git
$ cd rails
$ git log --show-signature
commit f619ac91d33bd431d94726cc97092c3dbeb2afc6 (HEAD -> master, origin/master, origin/HEAD)
gpg: Signature made Sun 05 Jan 2020 06:09:48 AM MST
gpg:                using RSA key 4AEE18F83AFDEB23
gpg: Good signature from "GitHub (web-flow commit signing) <noreply@github.com>" [unknown]
gpg: WARNING: This key is not certified with a trusted signature!
gpg:          There is no indication that the signature belongs to the owner.
Primary key fingerprint: 5DE3 E050 9C47 EA3C F04A  42D3 4AEE 18F8 3AFD EB23
Merge: fb341bcea1 1a81b46f82
Author: ...

Above, we can see that a commit was signed with a key id of 4AEE18F83AFDEB23. The keyserver that I use was able to fetch the key. gpg was able to verify the signature of the commit but emitted a WARNING to tell me that I have not marked this key as a trusted public key. I omitted the email address of the author of the commit to respect their privacy.

We can get details of this keyid using:

モ gpg --search-keys 4AEE18F83AFDEB23
gpg: data source: https://209.244.105.201:443
(1)     GitHub (web-flow commit signing) <noreply@github.com>
          2048 bit RSA key 0x4AEE18F83AFDEB23, created: 2017-08-16

As we can see this keyid belongs to noreply@github.com. Which tells us that this commit was likely created by adding a merge commit from merging a pull request and signed using a GitHub owned signature. It sure would be nice to get my hands on that private key. Just imagine the types of fake commits someone could introduce that would appear as Verified in the GitHub UI. It also looks like that keyid has no expiration and was published in 2017-08-16.

If I scroll down a little further in the git log --show-signature output it’s likely that I will find a commit in the rails codebase with a signed commit from an author that has NOT published their public key to my keyserver pool. Let’s see if I can find one.

commit 8d58bdda2069ee57b8d5088cd936bcf70224a66c
gpg: Signature made Sat 04 Jan 2020 04:32:51 AM MST
gpg:                using RSA key F3B6F0EC857C7F380A06831D92BA66D80B19ADF2
gpg: requesting key 92BA66D80B19ADF2 from hkps server hkps.pool.sks-keyservers.net
gpg: Can't check signature: No public key
Author: ...

The commit above is signed but the public key was not found from the hkps.pool.sks-keyservers.net pool.

I can verify this by querying my preferred keyserver directly.

モ gpg --search-keys 92BA66D80B19ADF2
gpg: data source: https://209.244.105.201:443
gpg: key "92BA66D80B19ADF2" not found on keyserver
gpg: keyserver search failed: Not found

Can’t find it. Let’s try a different keyserver. This next one isn’t exactly a keyserver but it does provide an HTTP api for looking up public keys for registered users.

E.g.

モ curl -s https://keybase.io/mokha/key.asc | head -n3
-----BEGIN PGP PUBLIC KEY BLOCK-----

mQINBF3IqDrYcXoGYTa1Ko2pMixq4jD+2BpXQv5H4oKFEa+fKJ4wjEOK5wv

If I happen to know the username of the user I can import their public key directly into my gpg keychain via…

モ curl -s https://keybase.io/mokha/key.asc | gpg --import --
gpg: key 0x7DF9FD21A9D99A2E: "<snip>" not changed
gpg: Total number processed: 1
gpg:              unchanged: 1

If you followed along and specified a default keyserver with the auto-retrieve option you might notice a bunch of new public keys imported into your keychain if you run gpg --list-public-keys.

There are many more options that you can configure in your gpg.conf such as preferred ciphers and digest algorithms. I encourage you to read the GPG manual to learn more.

pass

Once you have a working gpg installation you can now leverage the pass program to store your passwords.

I love this program because it allows me to re-organize my password hierarchies just like I would re-organize files in a project tree. It’s very simple to use and has options to generate a password or copy a password to your clipboard for a specific amount of time before automatically removing it.

There are several extensions for this program and adding your own extension is as easy as writing a bash script. There are clients for this program available for mobile devices and browsers. It also integrates nicely with git and offers commands to automatically syncronize your pass tree with a remote git repository.

My dotfiles includes some bash functions that leverage fzf to perform a fuzzy find search against my credentials tree to quickly copy a password to my clipboard.

Here’s a snippet to get you started. This setup is heavily coupled to my personal organization of credentials but it should be enough for a curious person to tweak to match their own needs.

pass-files() {
  root_dir="$HOME/.password-store/"
  vault="${1:-default}"
  prefix="$root_dir${vault}/"
  find "$prefix" -name '*.gpg' | while read -r choice; do
    choice=${choice#$root_dir}
    choice=${choice%.gpg}
    echo "$choice"
  done
}

function export-access-token() {
  choice=$(pass-files api | fzf --select-1)
  name="$(pass show $choice | grep env | awk '{ print $NF }')"
  if [ -z "$name" ]; then
    echo "Env name not specified for $choice. Please add 'env' entry to file."
  else
    value=$(pass show $choice | head -n1)
    export $name=$value
    echo "exported $name to shell."
  fi
}

Also, if you haven’t heard of fzf before then you need to stop what you are doing right now and go read about it now. I’m serious I will wait.

Secure hosted email

tutanota and protonmail both offer secure email mailboxes.

Both services claim to encrypt everything and require that you download an use their clients in order to access email and calendars. This is a bit annoying if you prefer to use your own MUA but it’s a tradeoff I can live with.

Fin

I hope these tools and techniques help to aid your paranoia. For additional reading material I recommend Surveillance self-defense and Email self defense.

security unix