A quick guide to getting started with PGP on Athena.

How it works
Getting started ... making keys
Reading a message encrypted for you
Sending an encrypted message to someone
Athena Security (very important to read!)
Other help and other features

How it works

If you're familiar at all with conventional cryptography systems you're probably familiar with the idea of a cryptographic key. The key is just a piece of data that is needed to encrypt or decrypt the message. Most conventional cryptography systems are designed so that a message is encrypted using the key and anyone else who has the same key can decrypt and read the message. For this reason it's very important that the key be kept a secret and only the sender and intended recipient of the message have a copy of this secret key.

PGP, however, is based on a public key cryptography system, which means that it works quite differently. Instead of having one key that needs to be kept a secret, everyone has two different keys, only one of which is a secret. One key is called your private key and one key is called your public key. Your private key is secret, known only to you. Your public key you show to the world, you give it away to everyone. Then, when you want to send an encrypted message to someone you first encrypt it in their public key (which they've let you and anyone else see). Then you give them the encrypted message and they decrypt it using their own secret key, the key that only they know about. So for example if Matthew wants to send Stan an encrypted message Matthew first encrypts his message with Stan's public key and sends that encrypted message to Stan. Stan then uses his own private key to decrypt the message and can read what Matthew sent him.

Getting started ... making keys

To use the pgp commands on athena you must first type

add pgp

at the athena prompt. You'll want to do this any time you want to read or send encrypted messages, but you only need to do it once per login session. To make yourself a set of pgp keys (a public and private key pair) type:

cd
mkdir .pgp
echo TMP = \"/var/tmp\" > $HOME/.pgp/config.txt
fs sa .pgp system:anyuser none

pgp -kg

After that last command you'll be asked a number of questions.

RSA key size. It's up to you, the bigger the key the harder it is to crack. PGP is pretty fast so you probably just want to go with 1024 bits.

User ID. Follow the example given. For me it's: James M. Kretchmar <kretch@mit.edu>

Pass phrase. This will be used to protect your secret key in your home directory (see section on athena security below). Pick something you'll remember but that isn't easy to guess. Words from the dictionary and names are particulary bad. You can also look at the sipb document ``How to Choose a Good Password'' Also note that you should never type your PGP password over an unencrypted connection. If you're remotely logged in to a machine, for example, and not using the encrypted connection that can be provided by kerberized telnet or ssh then others may be able to steal your PGP password. If you're actually sitting at the console of the machine your're working on then it should be ok to type the password. See the Athena Security section below for further details.
Random bits In order to make your key fairly random you'll be asked to press keys on the keyboard. Just hit random keys with random amounts of time between the keypresses. The key is being generated in part by timing the gaps between keypresses.

Now that your keys are generated the one other thing you need to do in order to receive encrypted messages is put your public key somewhere where people can find it. Many people like to put their public key in their .plan file so that others may find it by fingering them (try finger kretch@monk.mit.edu, for example). You can do this by typing:

pgp -kxa $USER $HOME/Public/plan
cd $HOME/Public
mv plan.asc plan
ln -s $HOME/Public/plan $HOME/.plan

Another option is to place your key on a pgp public key server. There is a popular one at http://pgp.ai.mit.edu. The instructions there should explain how to use it.

Reading a message encrypted for you

So now lets say that someone has a secret message to send you, they've looked up your key and encrypted a message for you (which we'll cover in the next section) and you'd like to read it. This is pretty simple. If you have the encrypted message stored in a file called smeorb all you need to type is:

pgp -f smeorb | more

You will be asked for your passphrase so your secret key can be used to decrypt the message. (Remember not to type your PGP password over an unencrypted connection).

If you receive the file as email and you use mh (inc, show, etc.), xmh, or exmh to read your email then you may view the message by typing:

show | pgp -f | more

If you use emacs to read your mail there is a program called mailcrypt that you can use, but it is not covered in this version of this document.

Sending an encrypted message to someone

To encrypt a message to someone you need to get a copy of their public key and store it with the other public keys you use (called your public keyring). How you get the other person's key will depend on how they've stored it. You may be able to get it by fingering them, or by finding it in their home directory if they're on athena. You also may get it from a public key server or by asking them where they have their key. There is the problem that you have to have a way to trust the key that you're told is theirs. This problem can be solved by key signing which will be covered in the next version of this document. For now we'll assume you have their key stored in a file called coppetish. If you need to get their key into a file from finger information you can type:

finger kretch@monk.mit.edu > coppetish

where you substitute their username for kretch.

Their public key can be added to your keyring by typing:

pgp -ka coppetish

You will be asked if you want to certify the key yourself. Answer "no" for now -- that's the default.

Now their key should be on your key ring. You can check the contents of your key ring by typing:

pgp -kv

Let's say you've added the key for Fred F. Sipb <sipbtest@mit.edu>. Now you may encrypt the file called hoffmannesque for Fred Sipb by typing:

pgp -ea hoffmannesque sipbtest

and an encrypted version of the file will be stored in hoffmannesque.asc. For reasons described in the Athena security section you should compose the unencrypted text file on the local disk of the machine you're using and not in your AFS home directory. This means calling the file something like /var/tmp/message or /tmp/message but not /mit/user/message. The encrypted file you may store in your AFS home directory if you feel like keeping it. Do not forget to erase the unencrypted file you wrote on the local machine when you're done or others may be able to read it later!

If you wish to send the encrypted file in email you may place it in an emacs buffer with the C-x i command.

Athena Security

A couple of things you should know about the way Athena and computers in general work.

The MIT network is divided up into many subnets. Each of these subnets usually corresponds to a set of IP addresses that start with 18.xxx. For example all the addresses that start with 18.239 belong to the same subnet. These subnets are usually ethernet networks and because of the way ethernet is designed, any computer on an ethernet subnet can read the all the traffic on that subnet. This means that if I have a computer on the network in MacGregor I can read all the information that goes to or from any other computer on the MacGregor network.

Becuase many Athena services are run on servers on non-local subnets, lots of data that you use is sent across your local subnet so that it can get to you. For example, because the files in my home directory are stored on a server in building 37, they need to be sent across the MacGregor subnet for me to read them in my room at MacGregor.

Athena uses a system called Kerberos to provide security in a situation like this. Kerberos can make sure that the person who claims to be sending data is actually that person and it can also encrypt data so that it can not be read by a malicious user. Many applications however do not make use of the encryption that kerberos can provide. These include:

Your files. AFS does not currently encrypt files as they are transported across the network. This means that other computers on your subnet may watch your files as they are transported across your local subnet. This is why you must not store the decrytped version of a message in your home directory. If the file is stored in your home directory it will be sent across your local subnet and can be read by others. This is also the reason for storing files you will be encrypting on local disk while writing them. If they're stored on the local machine (like in /tmp or /var/tmp) they won't be sent across the network.
Your e-mail. Even if you don't store your email in your AFS home directory (perhaps you have your own machine and get the mail sent directly to a local disk on the machine) the email is still sent across the network unencrypted when being delivered to your machine. Mail you send from your machine is also sent unencrypted to the mail hubs.
Unencrypted logins. If you're using an unencrypted telnet or some other unencrypted method to login to a machine, your password and everything else you type and see on the screen will be sent across the network in the clear. This lets a mailcious attacker steal your password, read everything you type and see (including PGP messages you decrypt) and also steal your PGP password which will let them decrypt your encrypted messages using your secret key. For this reason it is important to never type your PGP password over an unencrypted connection.
Your zephyrs. Your zephyrs are also sent across the network unencrypted, which means that your conversations may be read by a malicious user on your subnet.
X connections. If you use remote X connections (i.e. running a program on one machine while it displays on another machine) you should realize that that connection is also unencrypted. Any text you type or see is sent over the network in the clear. Non text data is also sent in the clear but requires a little more work for the attacker to make sense of it.

For these reasons it's important not to keep material that you seriously do not want seen by others unencrypted in your AFS home directory. It is however safe to store the material there encrypted, which is the reason to use pgp. Aside from encrypting messgaes to other users you may encrypt messages for yourself so that they can be stored safely. You can then go back and decrypt them when you need to look at them.

Other help and other features

You can look at help for pgp commands by typing:

 pgp -h

and you can get help for key mangement commands by typing:

 pgp -k

These are also good ways to find out about some of the other pgp features. You can also look at the pgp man page by typing:

 man pgp

and there are also books available on PGP. Additionally you can stop by the SIPB office (w20-557) to ask questions.

Written by kretch@mit.edu.

This document is: http://www.mit.edu/afs/sipb/project/doc/pgp/pgp.html
See other SIPB documents at http://www.mit.edu/sipb/docs.html