SLIDE 1
Hardening PGP using GnuPG and Yubikey
hybrid multifactor authentication and cryptography John Roman
Linux System Administrator RAND Corporation
SCALE 2017
Roman, John PGP
PGP 101
public/private keyrings
Roman, John PGP
Hardening PGP using GnuPG and Yubikey hybrid multifactor - - PowerPoint PPT Presentation
Hardening PGP using GnuPG and Yubikey hybrid multifactor - - PowerPoint PPT Presentation
Hardening PGP using GnuPG and Yubikey hybrid multifactor authentication and cryptography John Roman Linux System Administrator RAND Corporation SCALE 2017 Roman, John PGP PGP 101 public/private keyrings Roman, John PGP PGP 101
SLIDE 2
SLIDE 3
PGP 101
public/private keyrings public keys go to the world, generated on machine
Roman, John PGP
SLIDE 4
PGP 101
public/private keyrings public keys go to the world, generated on machine key types: signing, authentication, cryptography
Roman, John PGP
SLIDE 5
pitfalls
private keyring. . . but how private?
Roman, John PGP
SLIDE 6
pitfalls
private keyring. . . but how private? portability
Roman, John PGP
SLIDE 7
pitfalls
private keyring. . . but how private? portability standards compliance
Roman, John PGP
SLIDE 8
conventional example, the CAC/PIV
Common Access Card, in service since 2005
Roman, John PGP
SLIDE 9
conventional example, the CAC/PIV
Common Access Card, in service since 2005 FIPS201 PIV Federal Information Processing Standard (FIPS) 201,Personal Identity Verification
Roman, John PGP
SLIDE 10
OpenPGP: we we’re JUST thinking that!
OpenPGP Card: in service since 2004
Roman, John PGP
SLIDE 11
OpenPGP: we we’re JUST thinking that!
OpenPGP Card: in service since 2004 9 different vendors, multiple form factors
Roman, John PGP
SLIDE 12
OpenPGP: we we’re JUST thinking that!
OpenPGP Card: in service since 2004 9 different vendors, multiple form factors relatively unknown outside of FSF Europe.
Roman, John PGP
SLIDE 13
Our focus: Yubikey
supports hybrid mode
Roman, John PGP
SLIDE 14
Our focus: Yubikey
supports hybrid mode hermetic, crushproof, scaleable pricing
Roman, John PGP
SLIDE 15
Our focus: Yubikey
supports hybrid mode hermetic, crushproof, scaleable pricing NFC option.
Roman, John PGP
SLIDE 16
general concepts
card has a CPU, firmware.
Roman, John PGP
SLIDE 17
general concepts
card has a CPU, firmware. keys are loaded into slots, or generated by the card
Roman, John PGP
SLIDE 18
general concepts
card has a CPU, firmware. keys are loaded into slots, or generated by the card encryption, decryption, signature are all commands
Roman, John PGP
SLIDE 19
general concepts
card has a CPU, firmware. keys are loaded into slots, or generated by the card encryption, decryption, signature are all commands
- nce loaded, private keys are sacrosanct.
Roman, John PGP
SLIDE 20
general concepts
card has a CPU, firmware. keys are loaded into slots, or generated by the card encryption, decryption, signature are all commands
- nce loaded, private keys are sacrosanct.
Yubikey only accepts commands, only returns data. NEVER KEYS.
Roman, John PGP
SLIDE 21
HSM Specific concepts
pin number similar to european credit cards
Roman, John PGP
SLIDE 22
HSM Specific concepts
pin number similar to european credit cards 3 strikes, your pin is locked
Roman, John PGP
SLIDE 23
HSM Specific concepts
pin number similar to european credit cards 3 strikes, your pin is locked pin can be unlocked with a security officer pin.
Roman, John PGP
SLIDE 24
HSM Specific concepts
pin number similar to european credit cards 3 strikes, your pin is locked pin can be unlocked with a security officer pin. 3 strikes against the SO pin? card is bricked. keys lost. game over.
Roman, John PGP
SLIDE 25
HSM Specific concepts
pin number similar to european credit cards 3 strikes, your pin is locked pin can be unlocked with a security officer pin. 3 strikes against the SO pin? card is bricked. keys lost. game over. pin length 6-8 characters, some implementations more than 128 char.
Roman, John PGP
SLIDE 26
placing the card into ’hybrid’ mode
ykpersonalize -d -m82 Firmware version 4.3.1 Touch level 527 Program sequence 3 The USB mode will be set to: 0x82 Commit? (y/n) [n]: n
Roman, John PGP
SLIDE 27
OpenPGP card overview
keys were loaded from an airgapped system using the keytocard command.
Roman, John PGP
SLIDE 28
OpenPGP card programming
gpg –card-edit mode, admin commands enabled
Roman, John PGP
SLIDE 29
applications
anything GPG enabled
Roman, John PGP
SLIDE 30
applications
anything GPG enabled anything PAM enabled
Roman, John PGP
SLIDE 31
applications
anything GPG enabled anything PAM enabled defense in depth: OTP/Cert/PW? sure
Roman, John PGP
SLIDE 32
applications
anything GPG enabled anything PAM enabled defense in depth: OTP/Cert/PW? sure multiple cards per key, each has a unique subkey (code signing!)
Roman, John PGP
SLIDE 33
applications
Roman, John PGP
SLIDE 34
NFC option: here be dragons
easy integration with Openkeychain in Android/IPhone
Roman, John PGP
SLIDE 35
NFC option: here be dragons
easy integration with Openkeychain in Android/IPhone keys need to be generated by the user
Roman, John PGP
SLIDE 36
NFC option: here be dragons
easy integration with Openkeychain in Android/IPhone keys need to be generated by the user
- nly supports a 2048 bit key
Roman, John PGP
SLIDE 37
deploying 450 (thousand?) of these things.
Roman, John PGP
SLIDE 38
Entropy.
GPG relies on kernel, not userland entropy.
- Flying Stone FST01 from the FSF store!
- RTL digital TV dongle and a tractor paper copy of phrack
Roman, John PGP
SLIDE 39
OpenPGP not included...
Red Hat Enterprise Linux 7 does not include opensc GnuPG
Roman, John PGP
SLIDE 40
y tho...
NFC user fatigue. not all NFC devices are “great” at picking up NFC lack of a yubikey might cause lack of communication.
Roman, John PGP
SLIDE 41
“destroyed” cards...
– try not to trigger a SO/Reset pin lock!! – to reissue or reset?
Roman, John PGP
SLIDE 42
Questions?
Roman, John PGP