Linux - SecurityThis forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
Distribution: Debian Sid AMD64, Raspbian Wheezy, various VMs
Posts: 7,680
Rep:
Quote:
Originally Posted by YesItsMe
MailDroid can do GPG.
Looks nice, though I'd prefer to keep my BlackBerry Hub as a store. [Edit: meant email client]
I still need to get everyone I want to email to download and use it.
I didn't see their Open Source mention, I take it they provide the source?
For bonus points, has Bruce Schneier looked at it?
Last edited by 273; 07-18-2017 at 12:43 PM.
Reason: Word completion error, I think.
Another equally-good alternative, which is usually supported without plugins, is S/MIME.
Yes, the various parties who intend to communicate securely (and/or with message signing) must go to a certain amount of "cooperative trouble" to one-time set up their certificates and to exchange them. But this is true of any such arrangement. (If they use web-mail, they must also use a web-mail client that supports S/MIME, and be mindful that the web-mail host can also do what they do.)
Obviously, the entire purpose is that the individuals who wish to exchange information securely with one another must individually prepare secrets that will be used to encrypt their mail, and the derivative public keys that will decrypt them. But this is hardly a "noisome chore."
Even if you do not encrypt a single thing, the ability to automatically sign your messages, and to verify the signature of incoming messages, is "worth the price of admission" by itself. [Only ...] Now you know with whom you are speaking. And, you know that the message you received is, in fact, the one that was sent. Otherwise, you have absolutely no way to know this.
And, I really do subscribe to what Phil Zimmerman said, all those years ago now: "It's nobody's business but yours." I might be discussing things of family-sensitive nature with my wife while she's on a business trip, and it's none of your business. If the FBI shows up with a search-warrant, sure, no problem. But it's none of Google's business, say.
As I've related, we conducted a little experiment. Invented a sick uncle. Exchanged unencrypted email messages where we discussed his imminent death and the troubles of care-giving. Then, the poor geezer went belly-up and we pretended to be discussing funeral issues. Within hours, the mix and focus of our "junk mail" had changed. Someone out there was reading and analyzing our e-mail communications in real time.
(We also were exchanging secure communications in which we discussed and coordinated our experiment.)
Last edited by sundialsvcs; 07-18-2017 at 02:46 PM.
Distribution: Debian Sid AMD64, Raspbian Wheezy, various VMs
Posts: 7,680
Rep:
Quote:
Originally Posted by sundialsvcs
Obviously, the entire purpose is that the individuals who wish to exchange information securely with one another must individually prepare secrets that will be used to encrypt their mail, and the derivative public keys that will decrypt them. But this is hardly a "noisome chore."
So how, for example, do I exchange public keys with my blind friend in Austria and the people in the US I can speak to every night on Skype?
Do I visit every single person I have met in my life and offer a USB stick?
Do I then instruct them to install "some random app"* so that they can use it?
Heck, slight aside, every time I look at setting up a home VPN I note the guide is set up for people with domains they own and run with static IP addresses and hardly a thought to a guy wanting to let his friends attach to his network in an easy and encrypted way.
*I am aware I could likely find something trustworthy but, even then, how do I insist they need it?
There's many public key servers with two notable ones being the MIT key server and the Debian key server where you can post your public key (which contains your name and email address).. You can sign your public key with your private key so that people will know the key does truly belong to you, since only you have access to your private key.. You can also revoke a subkey that's been compromised using your master key pair (this master key pair should be safely guarded; many people store it on a smart card, never copying it to their work station). Btw keys don't mean a thing if you haven't taken extra measures to secure either your host or your private key as anyone with access to the local host can type gpg --export-secret-key -a to get all your private keys in clear text. Be sure to use scp when transferring keys to others machines, use shred -fuz when deleting messages, etc, etc.. If forced to give law enforcement access to one encrypted message (not all just one) the --show-session-key and --override-session-key options are literally there for such purposes.. Some useful links on using gpg:
Distribution: Debian Sid AMD64, Raspbian Wheezy, various VMs
Posts: 7,680
Rep:
Thanks, justmy2cents, I did forget about public key servers and may run with that.
However, I do still think that any encrypted traffic is going to raise eyebrows and flags. I also wonder about the possibility of man-in-the-middle atacks.
This may also become academic as the UK government are pushing for all encryption keys to be given to the government and all internet trafic be monitored in real time by any government agency which sees fit, no warrant needed.
It's fortunate I live in Switzerland and I made sure I'm not infected.
A quote from Atlas Shrugged which is getting more and more applicable today:
"From each according to his ability, to each according to his needs"
Ayn Rand
For those not familiar with the book it means that the more you create, the more will be taken away from you and given to someone who doesn't deserve it.
Thanks, justmy2cents, I did forget about public key servers and may run with that.
However, I do still think that any encrypted traffic is going to raise eyebrows and flags. I also wonder about the possibility of man-in-the-middle atacks.
This may also become academic as the UK government are pushing for all encryption keys to be given to the government and all internet trafic be monitored in real time by any government agency which sees fit, no warrant needed.
The various public techniques are protected against man-in-the-middle because all messages (whether or not digitally encrypted) are digitally signed.
Every government has loud-mouthed people in it who don't understand the very fundamental importance of cryptography in communication over a public network. These are the same people who believe that wholesale harvesting (and sale) of personally identifiable information ... your fingerprint, your face, your voice, your location every minute of the day ... is also a "legitimate 'marketing' pursuit" with no possible negative repercussions.
This is a "national security" issue. And, paradoxically, the way to maintain that security is by providing access to (and expertise in)strong encryption for ordinary citizens and corporations. If their communications cannot be strongly and meaningfully protected, those communications will be exploited. And, in today's society where a computer is carried in every pocket and built into every car and toaster-oven, the implications are extreme.
The NSA's contribution to the original DES = Data Encryption Standard algorithm is a good example. They provided the "S-box" values and specifically said that they should be used, but didn't say why. Of course some people smelled a rat, but it turned out that the opposite was true. "Differential cryptography" was still unknown to the public at that time. When, in time, it was understood, it was found that the [j]particular values[/i] provided offered good protection against it. Thus, the US Government leveraged its understanding of what was at that time a government secret, to make a civilian cipher system better.
Today, we live in "nations of individuals," and individuals are potential targets of attacks coming from tens of thousands of miles away ... or, next door. Lawmakers haven't caught up yet. American laws such as HIPAA make draconian strictures regarding "personally-identifiable health information," but no one y-e-t has any objections to Google. This will change.
Last edited by sundialsvcs; 07-20-2017 at 07:58 AM.
Distribution: Debian Sid AMD64, Raspbian Wheezy, various VMs
Posts: 7,680
Rep:
Quote:
Originally Posted by sundialsvcs
The various public techniques are protected against man-in-the-middle because all messages (whether or not digitally encrypted) are digitally signed.
but how does my friend know that the key they see on the server they see is mine? For all we know there's a MITM proxy between the UK and US and it's just passing messages along...
I'll admit that I don't think this is likely to be true and the main reasons I have for not encrypting are to do with likely not being able to convince everyone I communicate with to jump through hoops to do so.
As to govenments -- have you heard of a country called "North Korea?" or, indeed, one of the scum holding people hostage's friends "China"? I don't see much from them regarding democracy, privacy or freedom.
@273 - Valid point. This was recognized as an issue almost from the start. I'm not too familiar with the specifics, but that's precisely what the web of trust is for. People carefully choose others who they trust and sign their keys verifying their authenticity. Then you can accept a new key because it has already been accepted by someone else you trust.
Some groups have key signing parties where you meet physically with people you can identify and trust and sign each other's keys. This gradually makes it more likely that someone considering your key will know and trust someone else who has already signed it.
@sundialsvcs - from what I can see, HIPPA, like so many other laws, is named for exactly the opposite of what it does.
From what I understand, it does in fact make it harder for individuals to access other people's health information. I have to fill out a new form for every single heath provider I ever access so my spouse can see my records (annoying, but I can see where some people would value this.)
But, it also makes it very easy for the government to access my records and for certain health care entities to do so with impunity - sometimes without my permission or even knowledge.
As for Google, that's why services like duckduckgo.com and browsers like Brave and Vivaldi are gaining some traction (Firefox too, but not as pure because they offer Bing as the default search engine - and derive significant revenue from doing so. Previously, they did the same with Google.)
Last edited by josephj; 07-21-2017 at 03:49 AM.
Reason: addressed another facet of the post
but how does my friend know that the key they see on the server they see is mine?
Because a hash is calculated and then signed with the private key, which also means it's encrypted with the private key, and only your public key can decrypt your private key's hash signature.. There are also verify command options in gpg, for verifying stuff.
Distribution: Debian Sid AMD64, Raspbian Wheezy, various VMs
Posts: 7,680
Rep:
Quote:
Originally Posted by justmy2cents
Because a hash is calculated and then signed with the private key, which also means it's encrypted with the private key, and only your public key can decrypt your private key's hash signature.. There are also verify command options in gpg, for verifying stuff.
Perhaps I misunderstand but how does that prove to my friend that it's mine and not somebody else's? If somebody else, a man in the middle for example, were to post a public key they'd also publish a hash signed with their private key.
How do I direct my friend to the precise server and key since I can't communicate with them securely?
You're right my bad, what I said in my previous post was to ensure message integrity.. But like Josephj said there's this web of trust thing where multiple people would sign eachother public keys.. For example when you go to use another person's public key it should prompt you saying "This key is not trusted, are you sure you want to use this key?". But if multiple people had signed it then that message would go away... BTW I'll admit I only been learning about gpg in the last month or so, and haven't actually used it in practice with other people.. But it's not so complicated I think once you watch a few videos explaining the basics of public key infrastructure (or PKI), Diffie-Hellamn key exchange, and asymmetric/symmetric crypto..
Last edited by justmy2cents; 07-21-2017 at 02:06 PM.
Distribution: Debian Sid AMD64, Raspbian Wheezy, various VMs
Posts: 7,680
Rep:
I suppose I am conflating two of the issues that I have with encrypting everything:
How to get my Auntie Beryl to use PGP on the odd occasion she will email me?
How to get the crypto to work when the actual government has declared its citizens terrorists and vowed to do everything possible to read everything they type?
In the UK, now, "This is not a drill!!!" -- we're in the same situation as the people of the PRC (albeit with admittedly better human rights and less likelihood of arrest for browsing the wrong site). This is actual state-level no-holds-barred "We will read everything.".
I used to use GPG, a couple of decades or so ago, and joke about how the NSA read everything (turns out they mostly did, and we kind-of knew that at the time) but this isn't a joke any more.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.