Hacking Linux Exposed





previous article
next article
Sign Everything, My Friends
By Bri Hatch.

Summary: By including a digital signature on your emails, you establish a concrete accounting system for all emails you send and verify to recipients that the emails are actually being sent by you.

I annoy a lot of people. Headhunters constantly tell me to re-send my resume because they couldn't read it; folks using certain versions of Eudora crash when they try to read my email; outlook users claiming the icons "don't look right" for my emails or the message requires several clicks to read at all.

Why? Because I electronically sign each and every email I send with PGP. No, I'm not sending you a resume my dear persistent headhunters. I'm sorry that particular version of Eudora can't handle a completely valid MIME message, but it's not my fault. You're using Outlook? I offer my condolences.

Each email I create is automatically digitally signed. This signature, generated by gpg (the Gnu Privacy Guard[1]), is sent as an attachment, the presence (and unreadabilty) of which confuses some people the first time they encounter it. They mistake it for a corrupted file, an unreadable image, or a virus.

Some folks ask me why I sign everything I write, and the answer is simple: I need to. I'm in the computer security business, and, as such, I send a boatload of emails such as directives to users, administrators, and co-workers. Because of this, messages appearing to be from me have a good chance of being acted upon. By digitally signing everything, even stupid jokes I send my sister, I've established a pattern that says, "If it ain't signed, it ain't me." Those with whom I discuss important topics can read and verify the PGP signature automatically and know when the signature is valid. If it's not, then the message is not authentic, they'll contact me to let me know something is amiss, and won't act on the information therein.

On several occasions, people have attempted to impersonate me to get others to perform questionable actions on their systems, and the lack of a valid PGP signature has prevented them from being carried out. In other cases, I've had people claim I'd said one thing, providing me (and higher-management) with copies of my alleged emails. While the email address and other data are trivial to forge, forging a PGP signature without my key and passphrase is impossible. Instead of getting me in trouble, the forger landed in the hot water he'd boiled for me.

I encourage folks to sign everything they write. It provides a verifiable trail, imposes accountability, and means you'll never be able to claim that something with a valid sig was forged. Anyone used to weaseling out of situations will find this problematic, but those who are willing to stick by what they write will find that the authentication aspects are worth being...well, honorable.

Since I hate having an article with no code, let me provide you with the relevant snippets from my mutt[2] settings:

    # Sign everything
    set pgp_autosign
    # encrypt replies to encrypted messages
    set pgp_replyencrypt

    # Sign encrypted replies too
    set pgp_replysignencrypted

    # How long to cache PGP passphrase, in seconds (40 min)
    set pgp_timeout=4800
    # Weed out extraneous keys
    set pgp_ignore_subkeys=yes
    # Encode the text part at quoted-printable, for best
    # compatibility and verification-ability
    set pgp_strict_enc=yes
    # Verify signatures on all emails by default
    set pgp_verify_sig=yes
    # Use MIME, not inline PGP signing.  This creates
    # a pgp attachment.  Traditional signing can break
    # certain mailers, and isn't verified correctly in
    # others
    set pgp_create_traditional=no
    # You can set pgp_sign_as, ala
    #   set pgp_sign_as="0x01234567"
    # to set the key you use to sign your emails.  However
    # I prefer to put this in ~/.gnupg/options, like:
    #   default-key "Joe Schmoe "
    #   encrypt-to "Joe Schmoe "
    # s.t. it's available to all gpg functions.

A variety of pgp command variables can be set as well that tell mutt how to look up keys, sign the mails, and all other pgp functions; however, these variables vary depending on the version of pgp you have and how it's installed. Luckily, most Linux distributions will include proper values for these variables for you in /etc/Muttrc and you don't need to touch them at all.

If you find some addresses that you should not pgp sign your messages (pagers and other non-pgp-friendly low-bandwidth devices, for example), then you can add this to your .muttrc as well:

    send-hook '~t .'                      'set pgp_autosign'
    send-hook '~t addr1@example.com'      'unset pgp_autosign'
    send-hook '~t addr2@example.net'      'unset pgp_autosign'

The first line forces pgp_autosign to be set by default (to all users whose email address matches the '.' wildcard, which would be all messages); however, it immediately unsets pgp_autosign for the two addresses listed. Thus, mail to all users except those two will be signed.

Happy signing!


[1] GPG is available at http://www.gnupg.org It's got full support for the OpenPGP standard and has the greatest compatibility with old encrypted/signed files and keyrings.

[2] Mutt, the best email client in the universe, is available at www.mutt.org I suggest you use the 1.3 branch. Technically it's beta, but it's damned stable and has the best IMAP support if you need it.

Bri Hatch is Chief Hacker at Onsight, Inc, and author of Hacking Linux Exposed and Building Linux VPNs. He's been PGP signing all emails for more than ten years. His current keys are available at http://www.ifokr.org/bri/pgp. Encrypted email is always prefered. Bri can be reached at bri@hackinglinuxexposed.com.

Copyright Bri Hatch, 2002.

This article was first published here in ITworld.com Inc., 118 Turnpike Rd., Southborough, MA 01772  on 28-May-2002.

previous article
next article