Skip to content

Instantly share code, notes, and snippets.

@rich0

rich0/glep-0063-v3.rst

Last active April 25, 2019 11:17
Show Gist options
  • Star 0 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
  • Save rich0/7d11e2297d8b8a5586997baec2a99e30 to your computer and use it in GitHub Desktop.
Save rich0/7d11e2297d8b8a5586997baec2a99e30 to your computer and use it in GitHub Desktop.
Download ZIP
Raw
glep-0063-v3.rst

Credits

Many developers and external sources helped in this GLEP.

Abstract

This GLEP provides both a minimum requirement and a recommended set of OpenPGP key management policies for the Gentoo Linux distribution.

Changes

v3

The requirement to have a separate signing and primary key was removed in the case of keys generated/stored on smartcards, to encourage the use of these keys, and acknowledging that the main use case for a separate primary key is largely fulfilled by having all the keys stay offline.

v2

The distinct minimal and recommended expirations have been replaced by a single requirement. The rules have been simplified to use the same maximum time of 900 days for both the primary key and subkeys.

An additional rule requesting key renewal 2 weeks before expiration has been added. This is in order to give services and other developers time to refresh the key.

The usage of DSA keys has been disallowed.

The gpgfingerprint LDAP field has been altered to remove optional whitespace.

The gpg.conf contents have been removed as they were seriously outdated and decreased security over the modern defaults.

The requirement of SHA-2 digest has been extended to apply to self-signatures made on subkeys.

An additional requirement for @gentoo.org UID has been added.

v1.1

The recommended RSA key size has been changed from 4096 bits to 2048 bits to match the GnuPG recommendations1. The larger recommendation was unjustified and resulted in people unnecessarily replacing their RSA-2048 keys.

Minimal specification has been amended to allow for ECC keys.

The option of using DSA subkey has been removed from recommendations. The section now specifies a single recommendation of using RSA.

Motivation

Given the increasing use and importance of cryptographic protocols in internet transactions of any kind, unified requirements for OpenPGP keys used in Gentoo Linux development are sorely needed. This document provides both a set of bare minimum requirements and a set of best practice recommendations for the use of GnuPG (or other OpenPGP providers) by Gentoo Linux developers. It is intended to provide a basis for future improvements such as, e.g., consistent ebuild or package signing and verifying by end users.

Specifications for OpenPGP keys

Bare minimum requirements

This section specifies obligatory requirements for all OpenPGP keys used to commit to Gentoo. Keys that do not conform to those requirements can not be used to commit.

  1. SHA-2 series output digest (SHA-1 digests internally permitted), at least 256-bit. All subkey self-signatures must use this digest.
  2. Signing subkey that is different from the primary key, and does not have any other capabilities enabled. This requirement does not apply if the primary key was generated on a smartcard.
  3. Primary key and the signing subkey are both of type EITHER:
    1. RSA, >=2048 bits (OpenPGP v4 key format or later only),
    2. ECC curve 25519.
  4. Expiration date on key and all subkeys set to no more than 900 days into the future.
  5. Key expiration date renewed at least 2 weeks before the previous expiration date.
  6. UID using your @gentoo.org e-mail included in the key.
  7. Upload your key to the SKS keyserver rotation before usage!

Recommendations

This section specifies the best practices for Gentoo developers. The developers should follow those practices unless there is a strong technical reason not to (e.g. hardware limitations, necessity of replacing their primary key).

  1. Primary key and the signing subkey are both of type RSA, 2048 bits (OpenPGP v4 key format or later).
  2. Key expiration renewed annually to a fixed day of the year.
  3. Create a revocation certificate & store it hardcopy offsite securely (it's about ~300 bytes).
  4. Encrypted backup of your secret keys.

Gentoo LDAP

All Gentoo developers must list the complete fingerprint for their primary keys in the "gpgfingerprint" LDAP field. It must be exactly 40 hex digits, uppercase, without whitespace.

The prior "gpgkey" field will be removed, as it is a subset of the fingerprint field. In any place that presently displays the "gpgkey" field, the last 16 hex digits of the fingerprint should be displayed instead.

Backwards Compatibility

There is no consistent standard for GPG usage in Gentoo to date. There is conflicting information in the Devmanual2 and the GnuPG Gentoo user guide3. As there is little enforcement of Manifest signing and very little commit signing to date, there are no backwards compatibility concerns.

External documentation

Much of the above was driven by the following:

  • NIST SP 800-57 recommendations4,5,
  • Debian GPG documentation6,
  • RiseUp.net OpenPGP best practices7,
  • ENISA Algorithms, Key Sizes and Parameters Report 20138.

References

Copyright

Copyright (c) 2013-2018 by Robin Hugh Johnson, Andreas K. Hüttel, Marissa Fischer, Michał Górny.

This work is licensed under the Creative Commons Attribution-ShareAlike 3.0 Unported License. To view a copy of this license, visit https://creativecommons.org/licenses/by-sa/3.0/.

  1. GnuPG FAQ: Why doesn't GnuPG default to using RSA-4096? (https://www.gnupg.org/faq/gnupg-faq.html#no_default_of_rsa4096)

  2. Gentoo Development Guide: Manifest (http://devmanual.gentoo.org/general-concepts/manifest/index.html)

  3. GnuPG Gentoo User Guide (http://www.gentoo.org/doc/en/gnupg-user.xml)

  4. NIST SP 800-57: Recommendation for Key Management: Part 1: General (Revision 3) (http://csrc.nist.gov/publications/nistpubs/800-57/sp800-57_part1_rev3_general.pdf)

  5. NIST SP 800-57: Recommendation for Key Management: Part 2: Best Practices for Key Management Organization (http://csrc.nist.gov/publications/nistpubs/800-57/SP800-57-Part2.pdf)

  6. Debian GPG documentation (https://wiki.debian.org/Keysigning)

  7. RiseUp.net OpenPGP best practices (https://help.riseup.net/en/security/message-security/openpgp/best-practices)

  8. ENISA Algorithms, Key Sizes and Parameters Report, 2013 recommendations, version 1.0 (October 2013) (https://www.enisa.europa.eu/activities/identity-and-trust/library/deliverables/algorithms-key-sizes-and-parameters-report)

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment