Ask HN: Is there a “ground-up” explanation of PGP/GnuPG?
Understanding how git works internally "from the ground up" has been incredibly helpful in my everyday work; things like blobs, commit objects, hashes and how they connect to form the git experience as I know it. Where I had been cargo-culting along previously, it all became clear once I understood the fundamental model of what was going on underneath the interface.
I feel like the same thing could apply to PGP/GnuPG. I am cargo culting my way along but I feel like I would feel much, much, much more comfortable if I knew how it worked from the ground up.
I have loose ideas of asymmetric cryptography and trust circles and such, but nothing concrete to hinge my actions upon, so I mostly try different permutations of command line arguments until GPG appears to do what I want it to do.
Is there a "from the ground up" good guide to PGP that allows me to break out of this pattern?
29 comments
[ 2.8 ms ] story [ 74.2 ms ] threadIf you want to really understand what's going on at low level, one option is to just read the RFC and follow the references.
This way, knowing the raw data structures makes it easier for me to figure out which command line arguments I want, if you will.
To understand the low level you have to learn enough of cryptography. For example, to understand the logic of RSA algorithm, read:
https://simple.wikipedia.org/wiki/RSA_(algorithm)
https://en.wikipedia.org/wiki/Advanced_Encryption_Standard
but note that older GPG's used less strong symmetric ciphers by default.
There's the RFC about the format of the OpenPGP message:
https://tools.ietf.org/html/rfc4880
My work demanded me to read the ITK and VTK parts. Git and GDB are also very nice.
http://aosabook.org/en/index.html
https://begriffs.com/posts/2016-11-05-advanced-intro-gnupg.h...
https://www.amazon.com/PGP-Internals-Philip-R-Zimmermann/dp/...
(prz is very particular about his n's)
http://eagain.net/articles/git-for-computer-scientists/
https://git-scm.com/book/en/v2/ scroll to Chapter 10 "Git Internals"
(Direct link: https://git-scm.com/book/en/v2/Git-Internals-Plumbing-and-Po... but it only shows you the first page among nine.)
Discussion: https://news.ycombinator.com/item?id=12802949
Introduction to Git - talk by Scott Chacon https://www.youtube.com/watch?v=xbLVvrb2-fY
Introduction to Git with Scott Chacon of GitHub https://www.youtube.com/watch?v=ZDR433b0HJY
The latter is newer but a bit longer.
Don't be fooled by the video names, these are introductions to the internals not just the interface.
A random symmetric key is chosen to encrypt the message, since it would be silly to encrypt the whole message for each recipient again and again. And even if there's only one recipient, random key generation plus symmetric key encryption is typically faster than encrypting the whole message with asymmetric crypto (unless the message is just a few bytes, in which case it's fast regardless).
File encryption probably works the same way, except you're typically the sole recipient.
Signatures are done by encrypting a hash of the message with your private key, which everyone can decrypt with your public key to verify the hash. Since you're the only person with the private key, you are the only person who could have encrypted that hash, and since hashes are unique, you must have wanted to sign this text. (N.B. Both keys, public and private, can be used for both encryption and decryption, you just can't use the same key to decrypt if it was already used to encrypt and vice versa.) The hash is used rather than the full message for both speed and because it makes your signature a lot shorter.
Did I miss anything, at least from a crypto standpoint (since I don't know details of the file structure)?
This is something I have done some work on (I wrote a basic implementation in an attempt to understand a while ago [1]), but I don't have a nice writeup.
An OpenPGP file, whether it is a public key or encrypted file, consists of a list of packets. Generally it is a binary file, but an armored file consists of this binary in base64 and then a checksum. You can get these packets with gpg --list-packets <file>
Example output from a signed and encrypted file
The pubkey encrypted packets contain a key used to encrypt the data. The encrypted data packet includes that symmetrically encrypted data.When I have more time, I may do a more useful writeup on my site, but currently I am too busy.
[0] https://www.ietf.org/rfc/rfc4880.txt [1] All I could find was my file parsing code, I dumped it at https://github.com/artemist/mupg
https://davesteele.github.io/gpg/2014/09/20/anatomy-of-a-gpg... https://davesteele.github.io/gpg/2015/08/01/intermediate-gpg...
I'm a very competent git user and don't know how blobs work (nor care). I haven't hit a problem scenario so far in which I had to dissect a blob.
> I feel like the same thing could apply to PGP/GnuPG.
If you don't know crypto, the internals of GNUPG are a bad way to learn it.
I would recommend reading a book, such as Applied Cryptography by Bruce Schneier.
Someone who reads that should be a much better informed, much more sophisticated user of crypto, whether it be an application like GNUPG or a some cryptographic programming library or communication protocol. A developer who reads that book should have the know-how to implement some crypto and spot some crypto-related security flaws.
How GNUPG stores things in various formats is less important than the semantics of those things: like what is a private key, what is a signature and so on. You need to understand what is happening when you, say, verify a signature; just not necessarily at the bit level.
"Public key cryptography - Diffie-Hellman Key Exchange" https://www.youtube.com/watch?v=YEBfamv-_do
"Public Key Cryptography: RSA Encryption Algorithm" https://www.youtube.com/watch?v=wXB-V_Keiu8
Good coverage of the fundamentals before attempting a deeper understanding of PGP specifically.