Using the OpenPGP card with subkeys

[HOWTO] Use the OpenPGP smartcard with subkeys

We are working with the OpenPGP cryptocard. We will create three subkeys: an authentication key (used for things like ssh, pam/gdm/login), a signature subkey for signing things, and an encryption subkey. The first two will be generated on the card itself, and the encryption subkey will be generated on your machine, and then transferred to the card. This is vital, because as soon as you put keys on the smartcard, you cannot copy them off and if you create the encryption key on the card itself, you cannot make a backup of this key onto another medium. If the card breaks, then you are out of luck.

We are working with an existing gpg key that already has an encryption subkey which we will be replacing with this newer one that can be used on the card. But what about people who already have your key? Do not worry, we are replacing the subkey, not the primary key, which is what the general public knows about.

First a little instruction on how to know your keys.

What is your keyID? To find out do a gpg —list-keys or , it will spit out some possible matches, find the one that is yours and your keyID will be listed after the pub part of the first line, like as follows:

pub  1024D/646C2E0C  2005-03-01

In this example, the keyID is 646C2E0C.

Now you need to be able to identify the subkeys, and what kind of subkeys they are. To do that, you need to edit your keyID:

$ gpg --edit-key 646C2E0C
pub  1024D/646C2E0C created: 2000-12-31  expires: never       usage: SC  
                     trust: ultimate      validity: ultimate
sub 2048g/ABC605D5  created: 2005-03-01  expires: never   usage: E

This shows one primary key (646C2E0C) and one encryption subkey (ABC605D5). You will notice here that the encryption subkey is actually a 2048 bit subkey, and the primary is a 1024, isn’t that cool. Well this subkey wont work on the OpenPGP card, because its limited to 1024 bits. But thats fine, we are going to yank that out and replace it with something else. You can do this, thats whats great about subkeys!

The steps are as follows:

1. Initialise the smartcard to reflect the key owner, change first to admin mode, and then issue the ‘name’, ‘passwd’, etc. commands. NOTE: The admin pin must be at least 8 characters, the regular pin can be any length, and it doesn’t have to be numbers.

$ gpg --card-edit

Command> admin
Admin commands are allowed
Command> name
...

2. kill any gpg-agent that may be running, if you do not, you will get strange errors as you continue with the steps below, such as the following errors:

gpg: sending command `SCD SETATTR' to agent failed: ec=6.32769
gpg: error clearing forced signature PIN flag: general error

3. add the authentication subkey, do this one first, even though it is listed as the last selection (supposedly some older versions of gpg have issues if you do them out of order):

$ gpg --edit-key $KEYID

Command> addcardkey 
Please select the type of key to generate:
   (1) Signature key
   (2) Encryption key
   (3) Authentication key
Your selection? 3
gpg: 3 Admin PIN attempts remaining before card is permanently locked

Admin PIN: ********

PIN: ******
Key is protected.
Please specify how long the key should be valid.
         0 = key does not expire
         <n>  = key expires in n days
         <n>w = key expires in n weeks
         <n>m = key expires in n months
         <n>y = key expires in n years
Key is valid for? (0) 0
Key does not expire at all
Is this correct? (y/N) y
Really create? (y/N) y
gpg: existing key will be replaced
gpg: please wait while key is being generated ...
gpg: key generation completed (27 seconds)
Command> 

4. add the signature subkey by repeating the above process, but instead selecting signature (option 1).

5. Now we want to add an encryption subkey, but we want to generate it off of the card, so we can make a backup of it, and then we will push that encryption subkey to the card. NOTE: If you have a pgp key already, you might be able to push the entire thing on to the card if your key is 1024 bits and RSA, otherwise you need to make a new encryption subkey (it may be good to make a subkey anyways because…?)

6. add an encryption subkey, chose the RSA (encrypt only) option and keysize 1024 (since this is the only type and size the card supports):

Command> addkey
You need a passphrase to unlock the secret key for
user: "Some User <user@userplace.org>"
1024-bit DSA key, ID XXXXXXX, created 2000-05-07

Please select what kind of key you want:
   (2) DSA (sign only)
   (4) Elgamal (encrypt only)
   (5) RSA (sign only)
   (6) RSA (encrypt only)
Your selection? 6
RSA keys may be between 1024 and 4096 bits long.
What keysize do you want? (2048) 1024
We need to generate a lot of random bytes. It is a good idea to perform
some other action (type on the keyboard, move the mouse, utilize the
disks) during the prime generation; this gives the random number
generator a better chance to gain enough entropy.
+++++
..+++++

7. move the encryption key above to the card:

$ gpg --edit-key $KEYID
Command> toggle [this sets you into secret key mode]
Command> key $NUMBER [select the encryption key above, it'll be the last one if you just generated it, and this command puts a * next to it]
Command> keytocard
Please select where to store the key:
   (2) Encryption key
Your selection? 2
Command> save

After doing all this, your keys should look something like this (with your own keyids, of course):

pub  1024D/646C2E0C  created: 2005-03-01  expires: never   usage: CS
trust: ultimate  validity: ultimate
sub  2048g/9E3605D5  created: 2005-03-01  expires: never   usage: E
sub  1024R/A8578EFE  created: 2005-08-09  expires: never   usage: A
sub  1024R/6530037B  created: 2005-08-09  expires: never   usage: S
sub  1024R/13EF00D0  created: 2005-08-09  expires: never   usage: E

8. Backup your whole keyring! Or you might loose it all:

$ cp ~/.gnupg/secring.gpg ~/.gnupg/secring.gpg.backup
$ cp ~/.gnupg/pubring.gpg ~/.gnupg/pubring.gpg.backup

9. Move secring.gpg and pubring.gpg onto a separate medium (such as an encrypted USB stick).

10. Now remove your main encryption key. This way, it will not be compromised if your computer is stolen or if somebody compromises your machine. Your encryption will be only available on your card (and wherever else you may have backed up your key to).

$ gpg --edit-key <yourkeyID>
Command> key 1

pub  1024D/72FC2E0C  created: 2005-03-01  expires: never   usage: CS
trust: ultimate  validity: ultimate
sub* 2048g/ABC605D5  created: 2005-03-01  expires: never   usage: E
sub  1024R/A8578EFE  created: 2005-08-09  expires: never   usage: A
sub  1024R/2FA0037B  created: 2005-08-09  expires: never   usage: S
sub  1024R/FEFF00D0  created: 2005-08-09  expires: never   usage: E

Command> delkey

Do you really want to delete this key? (y/N) y

pub  1024D/72FC2E0C  created: 2005-03-01  expires: never   usage: CS
trust: ultimate  validity: ultimate
sub  1024R/A8578EFE  created: 2005-08-09  expires: never   usage: A
sub  1024R/2FA0037B  created: 2005-08-09  expires: never   usage: S
sub  1024R/FEFF00D0  created: 2005-08-09  expires: never   usage: E
Command> save

11. Now export secret subkeys to file

$ gpg --export-secret-subkeys <yourkeyID> >sub.secring

12. Now remove your secret master key from the secret keyring:

$ gpg --delete-secret-keys <yourkeyID>

gpg (GnuPG) 1.4.2; Copyright (C) 2005 Free Software Foundation, Inc.
This program comes with ABSOLUTELY NO WARRANTY.
This is free software, and you are welcome to redistribute it
under certain conditions. See the file COPYING for details.

sec  1024D/72FC2E0C 2005-03-01 Bird Warrior <Birds@riseup.net>

Delete this key from the keyring? (y/N) y
This is a secret key! - really delete? (y/N) y

13. reimport your subkey stubs:

$ gpg --import sub.secring

14. Reimport your complete public keyring:

$ gpg --import .gnupg/pubring.gpg.backup

15. Your key should now look like this:

$ gpg --edit-key 72FC2E0C

gpg (GnuPG) 1.4.2; Copyright (C) 2005 Free Software Foundation, Inc.
This program comes with ABSOLUTELY NO WARRANTY.
This is free software, and you are welcome to redistribute it
under certain conditions. See the file COPYING for details.

pub  1024D/72FC2E0C  created: 2005-03-01  expires: never   usage: CS
trust: ultimate  validity: ultimate
sub  1024R/A8578EFE  created: 2005-08-09  expires: never   usage: A
sub  1024R/2FA0037B  created: 2005-08-09  expires: never   usage: S
sub  1024R/FEFF00D0  created: 2005-08-09  expires: never   usage: E
sub  2048g/ABC605D5  created: 2005-03-01  expires: never   usage: E

16. Dont forget to remove sub.secring and the backups you created earlier:

$ rm sub.secring
$ rm *.backup

17. Now you are going to want to make sure that you can decrypt your own files if the smartcard is lost or broken, so you want to make sure to always encrypt all your files for both of your encryption subkeys (the one on the card, and the one on your master key). To do that, you need to make a couple changes to your gpg configuration to add the encryption subkeys. Add the following lines, replaing the key IDs with the encryption subkey IDs, which are the ones listed with the ‘E’ above.

codetitle. ~/.gnupg/gpg.conf

hidden-encrypt-to 0xABC605D5

default-recipient 0xFEFF00D0!
default-recipient 0xABC605D5

Note: make sure you dont have ‘default-key’ and ‘encrypt-to’ set to something else in your gpg.conf

18. Now lets test it! First try encrypting a file, with the card inserted:

$ gpg -e <filename>

this will create .gpg, lets try to decrypt it:

$ gpg -d <filename>.gpg

It should be asking you for your PIN and when you enter it, it will display the encrypted contents.

Now try removing the card and then try to decrypt it again. It shouldn’t work if you actually removed your keys from your local drive and instead it will ask you to insert the card and try again. If it works, even without the card, then your secret master subkey has not been properly removed.

19. Now, test to make sure you can decrypt this file with your key, to do this we need to get gnupg to use the backup secret keyring that we have stored on the encrypted USB stick, instead of the clean keyring that we are using for the card.

To do this we must move our clean keyring out of the way:

$ mv ~/.gnupg/secring.gpg ~/.gnupg/secring.gpg.clean

Then create a symlink from the backup secring.gpg to the .gnupg directory:

$ cd .gnupg
$ ln -s <path/of/backup>/secring.gpg .

Not try to decrypt the file you encrypted earlier. If you properly encrypted it to your card and your offline backup, you should be able to see the contents of the file using this secret key, without the card inserted.

Once you have verified this, return to a clean state:

$ rm ~/.gnupg/secring.gpg
$ mv ~/.gnupg/secring.gpg.clean ~/.gnupg/secring.gpg

20. Now you need to get others to start using your new subkey, to do that you will need to send to the keyservers your new encryption subkey:

$ gpg --send-keys <EncryptionSubKeyID>

You can also put the make the key available on a website, or send it via email by generating a text-file representation:


$ gpg --export --armor <EncryptionSubkeyID> > publickey.asc

21. So, now you will need to go through a process of re-encrypting files that you previously have encrypted to your off-line key to be also encrypted with your smartcard subkey.

Hey you are done!

If your card is lost/stolen, then just revoke the subkeys stored on it and restart the process with a new card.