GPG clarification

[David Smith]

Robert wrote:
> Hi, we're using GnuPG 1.4.5 to encrypt and store sensitive files at
> work. We have been given some requirements to comply with, spawning some
> general questions. I tried searching in help files but haven't found
> answers to everything so I'm trying here. If this questions are asked
> somewhere in documentation, I would be glad to get a link there.
> 
> When I choose to generate a key, gpg --gen-key, I am asked what kind of
> key I want. If I go with default (DSA and Elgamal) I get a message
> saying "DSA keypair will have 1024 bits".
> 
> 1) What does this mean? Is it some kind of 'key-encrypting' to secure
> the actual keys? It is not involved in the actual encryption of data?
> 
> After this, I get to choose the size of the ELG-E key. I go with default
> of 2048.

(by default) GnuPG uses a hybrid encryption system.  The actual data is
encrypted using a symmetric algorithm (where the keys for encrypting and
decrypting are the same) using a randomly-generated "session" key, and
this session key is then encrypted using an asymmetric (or public-key)
algorithm.  In this case, you are being given the opportunity to use DSA
or ElGamal algorithms for the public-key encryption algorithm.

> 2) Is this the actual 'data-encrypting' keys that will now be elgamal
> and size of 2048 bits?

No. See above.  The algorithms used for encrypting the data are
typically AES or TDES, and the key length is normally much shorter -
e.g. AES-256.  The fact that the key is apparently shorter is not a
security risk - symmetric algorithms are much stronger for the same
keylength.

> If so, is it the same for both public and secret key?

Yes.  Public and secret keys in the same keypair have the same length.
In reality, they are each "halves" of the same key, as they are
generated together.

> Now, when I use the command to list my public keys, gpg
> --list-public-keys, I see my key in the list. Top row lists: pub,
> 1024D/2D*****7.
> 
> 3) This, as I guessed in question 1, is not the actual data-encrypting
> key but more like a key-encrypting key?

Yes.

BTW, you don't have to censor the key ID (2D*****7) - it can safely be
made public without risk of giving away the key value itself.

> The next row shows uid which should be user id, nothing strange there.
> Then I get a row called 'sub'.
> 
> 4) what does 'sub' mean? Is this the actual data encrypting key?

Your "key" can actually contain multiple keys.  Typically, a user will
have one "master" signing key (which is used to prove their identity),
and multiple encryption subkeys.  The advantage of this is that each
subkey can be set to expire (become unusable for encrypting data) after
a certain period of time, at which point the user generates and
publishes a new subkey.  Because it is still a subkey of the master
signing key, the user does not have to prove his/her identity to all of
his/her correspondents, as it will be signed by the master key which
remains valid and unexpired

> Now, if I choose to list my secret keys, gpg --list-secret-keys, I get
> the exact same output but 'sec' is replaced with 'pub'. This should
> verify the 'key-encrypting-key' -thingy. But the rest of the output
> confuses me:
> 
> 5) Is my secret and public key the same?? They both have the same id,
> it's just 'sub' in one place and 'ssb' in the other.

As I said, the public and secret parts are just two "halves" of the same
key.  The public part is given away to everyone so that they can use it
for encrypting data, you keep the secret part so that you can decrypt
the data they've encrypted.

> 6) What does 'ssb' mean?

"Secret sub".  Your "key" record in the keyring has a master key
(denoted by "pub" for the public part and "sec" for the secret part),
plus one or more sub-keys (denoted by "sub" for the public part and
"ssb" for the secret part).

> I can see that the different commands use different files, 'pubring.gpg'
> and 'secring.gpg', still they seem to list the same key? Is the secret
> and public key displayed as one in the key ring? If so, is it possible
> to separate these somehow to put the private key in a safe for example?

The public halves of keys (both yours and everyone else's) are kept in
pubring.gpg; the secret halves are kept in "secring.gpg".  So yes, you
could remove secring.gpg if you wish.  However, if you want this level
of security, you might want to consider using a GPG smartcard.

> My final question:
> 
> 7) I assume the key rings themselves, holding the keys, are encrypted.
> How strong is this encryption in GPG? What algorithm is used, etc? One
> requirement is about compromising the machine with the keys, how easy it
> would be to export the keys. Since the keyring is physically located on
> the machine.

Sorry, I don't know.  That's a question for the GPG maintainers.