I'm fairly new to the Red Hat and Fedora Linux eco-system. Therefore I just wanted to teach myself some details about RPM and YUM today, especially how to use the commands to handle package signatures and repository GPG keys.¹⁾ I noticed many unanswered forum postings during my research. That's why I decided to write this little blog entry, helping search-engine users to find more answers than questions.

• List all GPG keys on the RPM/YUM keyring:

  rpm -q 'gpg-pubkey-*' | sort

  The GPG keys are handled as gpg-pubkey-XXXXXXXX-YYYYYYYY packages. XXXXXXXX is the key ID in lowercase chars without 0x prefix. YYYYYYYY is the key creation time as unix timestamp in hex without 0x prefix.²⁾ Example usage:

  $ rpm -q 'gpg-pubkey-*' | sort
  gpg-pubkey-00a4d52b-4cb9dd70
  gpg-pubkey-069c8460-4d5067bf

  As you can see, my example RPM knows about the GPG keys 0x00A4D52B and 0x069C8460.

• List all GPG keys on the RPM/YUM keyring with a brief description:

   rpm -q 'gpg-pubkey-*' --qf '%{name}-%{version}-%{release} -> %{summary}\n'

  The GPG keys are handled as gpg-pubkey-XXXXXXXX-YYYYYYYY packages. XXXXXXXX is the key ID in lowercase chars without 0x prefix. YYYYYYYY is the key creation time as unix timestamp in hex without 0x prefix.³⁾ Example usage:

  $ rpm -q 'gpg-pubkey-*' --qf '%{name}-%{version}-%{release} -> %{summary}\n'
  gpg-pubkey-069c8460-4d5067bf -> gpg(Fedora (15) <fedora@fedoraproject.org>)
  gpg-pubkey-00a4d52b-4cb9dd70 -> gpg(RPM Fusion free repository for Fedora (15) <rpmfusion-buildsys@lists.rpmfusion.org>)

  As you can see, my example RPM knows about the GPG keys 0x00A4D52B and 0x069C8460.

• List all GPG keys on the RPM/YUM keyring with all details:

  rpm -qi 'gpg-pubkey-*'

• Check the fingerprint of a GPG key on the RPM/YUM keyring:

  rpm -q 'gpg-pubkey-XXXXXXXX-*' --qf '%{description}\n' | gpg --quiet --with-fingerprint

  XXXXXXXX is the key ID in lowercase chars without 0x prefix. Example usage:

  $ rpm -q 'gpg-pubkey-069c8460-*' --qf '%{description}\n' | gpg --quiet --with-fingerprint
  pub  4096R/069C8460 2011-02-07 Fedora (15) <fedora@fedoraproject.org>
        Key fingerprint = 25DB B54B DED7 0987 F4C1  0042 B4EB F579 069C 8460

• Remove / delete a GPG key from the the RPM/YUM keyring:

  rpm -e --allmatches 'gpg-pubkey-XXXXXXXX-*'

  XXXXXXXX is the key ID in lowercase chars without 0x prefix. Example usage:

  $ rpm -e --allmatches 'gpg-pubkey-00a4d52b-*'

  This command would remove the GPG key with ID 0x00A4D52B.

• Connect a GPG key to the RPM/YUM keyring:

  rpm --import '/path/to/public-key'

  Recent RPM versions can download keys via HTTP(S) and are even able to find ACSII-armored key blocks within HTML files. Example usage:

  $ rpm --import "http://pool.sks-keyservers.net:11371/pks/lookup?op=get&search=0x00A4D52B"

  This command would load the the GPG key 0x00A4D52B from a public keyserver and import it into RPM. Please note that SKS keyservers need working TCP connections on Port 11371.

Signatures ensure that the packages you install are what was produced by the software maintainer and have not been altered (accidentally or maliciously) by any mirror or third party. YUM should do these checks automatically when installing something out of a repository. However, you may want to check the GPG signature of a RPM package by yourself:

rpm -Kv /path/to/example.rpm

RPM needs the correct public key for this check. If you don't know how to get it, read on to learn what to do.

A perfect real-world example is the RPM Fusion setup to configure the RPM Fusion repositories on your Fedora system. They provide setup packages to install the needed .repo files and GPG keys without hassle. But you should verify them to make sure they are not altered and are really containing the original RPM Fusion keys instead the ones an attacker is using to sign it's malicious packages for his fake repository.

Let' start. RPM Fusion says we can configure everything with the following command:⁴⁾

Read more…

SSH provides the possibility to use Public Keys to log in to a target system (which is very likely more secure than a password). To make this possible:

1. The user has to create a Public/Private Key pair
2. The user's Public Key(s) has/have to be stored on the target system running the SSH Server (normally within ~/.ssh/authorized_keys)
3. The server's Public Key has to be stored on the local system running the SSH Client (normally within ~/.ssh/known_hosts)

Some popular services like GitHub do not even provide a password based authentication for data exchange, forcing you to use a SSH Public Key. Same for the Fedora Account System (FAS) where I created an account recently.

On a common Linux system, all needed SSH client tools should be installed by default. If not (e.g. because they were removed), simply install the openssh-clients package on Fedora or the openssh-client package on Debian/Ubuntu. After installation, the SSH tool for authentication, key generation, management and conversion is available via terminal: ssh-keygen

As already said, ssh-keygen is the tool for creating a key pair. It brings a lot of options, I'm going into detail on the most important ones:¹⁾

• -b <bits>:
  From the manpage: “Specifies the number of bits in the key to create. For RSA keys, the minimum size is 768 bits and the default is 2048 bits. Generally, 2048 bits is considered sufficient. DSA keys must be exactly 1024 bits[…]”.
• -t <type>:
  Specifies the type of key to create. The cryptographic algorithm to use will selected through specifying this parameter. For SSH2, you can choose between “rsa” and “dsa”.²⁾
• -C "<comment>":
  Provides a comment for the key. The comment is used as “name” for the key in most applications. If not given, username@host will be set by default. You can change the comment later without any problems.

Using a 2048bit long RSA key is a good choice for most use-cases. 1024bit RSA is no longer regarded as indisputably secure, 4096bit RSA is for paranoid person like me. Please make sure you set a passphrase to protect your key. Otherwise everyone who may gets access to it (e.g. because someone steals your laptop and copies the keyfile) is able to get instant access to all systems you used the key for logging in. In contrast, you should have enough time to change the keys on all affected system without any danger if you used a good passphrase for a leaked private key. Additionally, it is no problem to use multiple SSH keys. So if you need a SSH key without password (e.g. for a quickly hacked backup script), create a separate key for this special task but do not use it for logging in to important systems.

Now open a terminal and let's go:

user@local:~$ ssh-keygen -t rsa -b 2048 -C "user@local"
Generating public/private rsa key pair.
Enter file in which to save the key (/home/user/.ssh/id_rsa):

As you can see, the key will be stored into ~/.ssh/id_rsa by default. To choose another file, you have to provide the complete path (→ ~/ normally does not work to point to your home dir). I use the non-default path /home/user/.ssh/mykey in this example.

Enter file in which to save the key (/home/user/.ssh/id_rsa): /home/user/.ssh/mykey
Enter passphrase (empty for no passphrase): 
Enter same passphrase again: 
Your identification has been saved in /home/user/.ssh/mykey.
Your public key has been saved in /home/user/.ssh/mykey.pub.
The key fingerprint is:
10:af:1e:58:a3:a2:2a:7e:11:23:52:bf:c2:32:61:fa user@local
The key's randomart image is:
+--[ RSA 2048]----+
| ...     o       |
|     + o         |
|  . o = .        |
| ... o +         |
|.. .  . S        |
| o  .            |
|Bo.  .       .+  |
|E oo.            |
| +o+o            |
+-----------------+

Done. Now you got the needed key pair:

• /home/user/.ssh/mykey is the private key. Never share this one with someone else. Simply keep the Private Key… well, private.
• /home/user/.ssh/mykey.pub is the public key (also called “ID file” or “identity file”). This is the one you have to upload to the remote systems.

• If you never heard about the “randomart image”, you may have a look at ”What is randomart produced by ssh-keygen?”.
• If you need a GUI, have a look at GNOME Seahorse or PuTTY.
• Have a look at IBM: Shhh ... secrets about SSH and GitHub: Multiple SSH keys if you have trouble when using more than one SSH key.
• Close ssh if the session is not responding anymore: The command ~. closes the ssh client program if the server hangs (e.g. because it was unexpectedly shut down or your internet connection is not stable).
• Copy the Public Key(s) to a remote system: ssh-copy-id helps you to copy your SSH Public Key into the ~/.ssh/authorized_keys file of the remote system and/or copy the remote system's public key into your local ~/.ssh/known_hosts file. Usage:

  ssh-copy-id -i "~/.ssh/mykey.pub" remote-user@remote.example.com

• Change the passphrase of a SSH key: ssh-keygen is also the tool of choice to change a key's password. The -f parameter specifies the private key file you want to change. The -p parameter tells the program that you want to change the password of an existing key, preventing the generation of a new one:

  ssh-keygen -f /path/to/your_key -p

• Change the comment of a SSH key: ssh-keygen is also the tool of choice to change a key's comment. The -f parameter specifies the private key file you want to change. The -c parameter tells the program that you want to change the comment of an existing key, preventing the generation of a new one:

  ssh-keygen -f /path/to/your_key -c

• SSH
• LinuxWiki.org: OpenSSH
• Public-key Cryptography
• RSA Crypto System
• Digital Signature Algorithm (DSA)
• What is randomart produced by ssh-keygen?
• IBM: Shhh ... secrets about SSH
• GitHub: Multiple SSH keys

This article provides a step-by-step guide on how to install an Ubuntu Linux system with full disk encryption (new installation). However, you should take a relaxed day as topical newbie for further reading. You don't have to keep everything in mind but it is never an error to acquaint oneself with something new.

Read more…

Dieser Artikel beschreibt, wie ein vollverschlüsseltes System mit Hilfe von Ubuntu-Linux eingerichtet wird (Neuinstallation). Der gesamte Artikel kann dabei Schritt für Schritt nachvollzogen werden um ans Ziel zu kommen. Dennoch sollte man sich als Neuling einen ruhigen Tag Zeit nehmen, um die Thematik zu erfassen. Man muss sich bei weitem nicht alles merken, sich aber einmal eingelesen zu haben schadet nie.

Read more…

I'm using a separate¹⁾ email address for my Android 2.2 based mobile phone. This makes it possible for close friends and my family to write me when I'm on the road. For free and without the need for crappy SMS phone GUIs. Additionally, it is very handy to mail yourself a grocery list or a quick note before leaving the house. However: All unencrypted²⁾ mails for your phone are clear for the telco provider and others to see. But there are comfortable applications to change this.

Quick and superficial guide about the needed actions:

1. Install the needed applications on your phone (click on the app names for QR Codes containing an Android Market search query):
   • Android Privacy Guard (APG)
   • K-9 Mail
   • Astro File Manager (optional but recommended)
2. Generate a new key pair for your phone. IMHO, it is a bad idea to place your main private key on an unencrypted mobile device. The risk of theft/loosing it is too high. I created the new key pair on my PC (even it would be possible on Android) because I prefer some kind of key hierarchy and a keyboard makes the creation more comfortable. Additionally, it is not a bad idea to have a backup copy of the new key on your PC.
3. Export you new key pair into .asc files:

   gpg -ao ~/privkey.asc --export-secret-key KEY-ID
   gpg -ao ~/pubkey.asc --export KEY-ID

   If you don't like the terminal, use Enigmail or another GPG GUI for the export. It is also a good idea to export the public keys of the persons you want to write encrypted mails from your phone. Even APG provides the possibility to use keyservers, it makes no fun to search and import dozens of keys using that way.

4. Copy the .asc files on your phone (e.g. via USB), the location does not matter (you can delete these files after the import was done).
5. On your phone:
   1. Open APG→click Menu button→“Manage Public Keys”. The screen changes→click Menu button→“Import Key”. The program is asking where the .asc file containing your public key to import is located. Click on the file browser icon and run the action with “ASTRO”. Browse to the file and click on it. Check “Delete After Import” and click OK.
   2. Open APG→click Menu button→“Manage Private Keys”. The screen changes→click Menu button→“Import Key”. The program is asking where the .asc file to containing your private key to import is located. Click on the file browser icon and run the action with “ASTRO”. Browse to the file and click on it. Check “Delete After Import” and click OK.
   3. Open K-9-Mail→click Menu button→“More”→“Accounts”. The sceen changes→Click and hold on your account→“Advanced”→Cryptography→Select “APG” as the OpenPGP Provider. And check “Auto-sign” if it makes sense for you.

That's all. But you should know that K-9 Mail brings no support for PGP/MIME right now. This means you have to tell your friends to write Inline-PGP encoded mails, not PGP/MIME mails. But this should be default in most environments. If not: Enigmail provides a non-global select box for this setting at the “Per-Recipient Rules” menu.

I wrote a detailed guide on how to install an encrypted Ubuntu Linux:

• Full disk encryption with Ubuntu (9.04 Jaunty or newer), LVM and LUKS
• Vollverschlüsseltes System mit Ubuntu (ab 9.04 Jaunty), LVM und LUKS

The setup is using LUKS and Logical Volume Manager (LVM) to get a secure and flexible system. And to make nearly everybody succeed, there is even a crypt-setup bash script, making the installation faster and easier.

Have fun.

The ”Ebfe's Anti-B00TKIT Project” is a simple but effective protection against Bootkits, suitable for daily usage. It makes it possible to know if your bootloader was manipulated before booting from disk. A really interesting tool for high-security environments and paranoid persons.

Bootkits¹⁾ are used to attack a full disk encryption²⁾ (amongst other things). All “common” data is encrypted on such systems except a small, “special” part: the bootloader. Expressed in simplified terms, the bootloader is needed to store a program which prompts the user for the password to decipher the data and start the encrypted operating system. Bootkits are trying to manipulate the bootloader, making it possible to log the password the user enters and store it within the unencrypted part of the disk afterwards. The user does not see this, he simply gets the normal encryption password promt to start the system. This enables the attacker to come back later to read out the plain, unencrypted password the bootkit stored for him.

Ebfe's Anti-B00TKIT provides a CD to boot from before booting from disk. The program on CD reads out the Master Boot Record entries and displays their checksums (this does only need a few seconds). If all checksums are OK, you can going on to boot from disk by pressing a key. If the checksums are not the same as every day, your harddisk's bootloader was manipulated. To make this check more comfortable, you can create a custom CD containing your original MBR checksums. The CD is able to highlight non-matching checksums automatically then.

Visit the project website for screenshots, how-to and download.

• Mit Keykeriki v2 drahtlose Tastaturen abhören
  Open-Source-Gerät Keykeriki fängt Signale drahtloser Geräte ab
• EFF - List of Printers Which Do or Do Not Display Tracking Dots
• Speichert Facebook gelöschte Daten und Nutzerverhalten?
  Zitat: “Wir behalten alle Daten. Auch dann, wenn der Nutzer sie gelöscht hat.”
• HTTPS-DNS
  Interesting project: DNS traffic will be tunneled through a HTTPS-keyed connection to uncensored DNS-Servers.
• SSL for free - Setting up free certificates
  If CAcert is not right for you…
• SSL für lau - Kostenlose Zertifikate einrichten
  Falls CAcert nicht in Frage kommt…
• Please don't port philosophy with code!
  Quote: “One of my pet peeves is Linux installers for proprietary software requiring root permissions.”
• Wepawet
  Wepawet is a service for detecting and analyzing web-based malware. It currently handles Flash, JavaScript, and PDF files.
• 10 Immutable Laws of Security
  …linking a MS page seems strange to me in this context
• Rijndael chipher - 128bit version encryption
  Slides (Flash) about how AES is working
• The Six Dumbest Ideas in Computer Security
• Bitland.Net Security Notes
• Dancho Danchev's Blog - Mind Streams of Information Security Knowledge

Doing HTTP digest authentication with PHP is an easy task. The manual entry is providing all needed information as long as you do not skip the last note on the page:

Note: If safe mode is enabled, the uid of the script is added to the realm part of the WWW-Authenticate header.

I just talked to one of my friends who did not notice the safe mode behavior, he had problems because HTTP digest authentication simply did not work on his server where safe mode is active. Unfortunately, the manual is not providing an example working with both active and inactive safe mode, therefore I am releasing one here. You may use the function directly… or better build a nice auth-class for doing the job. However, I think the example should help in both cases providing all needed information for creating your own HTTP digest authentication. Have fun.

http-auth.php

<?php
/**
 * HTTP digest authentication
 *
 * @return true TRUE if everything worked/auth was successful.
 *         In case of errors and/or wrong credentials, the script will be killed
 *         (providing a message to the current client).
 * @author Andreas Haerter
 * @link http://en.wikipedia.org/wiki/Digest_access_authentication
 * @link http://de.wikipedia.org/wiki/HTTP-Authentifizierung
 * @link http://www.php.net/manual/features.http-auth.php
 * @link http://blog.andreas-haerter.com/2010/04/19/http-digest-authentication-with-php-safe-mode-enabled
 * @link http://www.php.net/manual/features.http-auth.php#93427
 */
function http_digest_authentication()
{
	//existing users/credentials
	$users = array("username1" => "password1",
	               "username2" => "password2");
 
	//message to show
	$realm = "Please enter your credentials";
 
	//send needed digest auth headers
	if (empty($_SERVER["PHP_AUTH_DIGEST"])) {
		header("HTTP/1.1 401 Unauthorized");
		header("WWW-Authenticate: Digest realm=\"".$realm."\",qop=\"auth\",nonce=\"".uniqid(mt_rand(), true)."\",opaque=\"".md5($realm."salt-for-opaque")."\"");
		die("unauthorized access");
	}
 
	//parse http digest (inspired through http://www.php.net/manual/features.http-auth.php#93427)
	$mandatory = array("nonce"    => true,
	                   "nc"       => true,
	                   "cnonce"   => true,
	                   "qop"      => true,
	                   "username" => true,
	                   "uri"      => true,
	                   "response" => true);
	$data = array();
	preg_match_all('@(\w+)=(?:(?:\'([^\']+)\'|"([^"]+)")|([^\s,]+))@', $_SERVER["PHP_AUTH_DIGEST"], $matches, PREG_SET_ORDER);
	foreach ($matches as $m) {
		$data[$m[1]] = $m[2] ? $m[2] : ($m[3] ? $m[3] : $m[4]);
		unset($mandatory[$m[1]]); //mandatory part was found, kick it out of the "to do" list (=$mandatory array)
	}
 
	//create valid digest to validate the credentials
	$digest = "";
	if (isset($users[$data["username"]])) {
		$realm_digest = $realm;
		//As mentioned at <http://www.php.net/manual/en/features.http-auth.php>:
		//If safe mode is enabled, the uid of the script is added to the realm part of
		//the WWW-Authenticate header (you cannot supress this!). Therefore we have to
		//do this here, too.
		if (6 > (int)PHP_VERSION //safe_mode will be removed in PHP 6.0
		    && (int)ini_get("safe_mode") !== 0) {
			$realm_digest .= "-".getmyuid();
		}
		$digest = md5(md5($data["username"].":".$realm_digest.":".$users[$data["username"]]) //A1
		              .":".$data["nonce"].":".$data["nc"].":".$data["cnonce"].":".$data["qop"].":"
		              .md5($_SERVER["REQUEST_METHOD"].":".$data["uri"]));                    //A2
	}
	if (empty($digest)
	    || $data["response"] !== $digest) {
		header("HTTP/1.1 401 Unauthorized");
		header("WWW-Authenticate: Digest realm=\"".$realm."\",qop=\"auth\",nonce=\"".uniqid(mt_rand(), true)."\",opaque=\"".md5($realm."salt-for-opaque")."\"");
		die("wrong credentials");
	}
	//if we are here, auth was successful
	return true;
}
?>

Read more…

Bruce Schneier hat einen neuen US-Standard zur Erzeugung von Zufallszahlen und den darin enthaltenen Generator Dual_EC_DRBG schon etwas länger im Visier, da er darin eine Backdoor für die NSA vermutet, die über die ggf. gar nicht so zufälligen Zahlen kryptographische Schlüssel angreifen könnte.

Nun ist Bruce Schneier ein bedeutender Krypto-Experte – um so unverständlicher (außer es ist etwas dran, an Schneiers Vermutung ) ist es, dass Microsoft Dual_EC_DRBG ohne Veränderung im SP1 für Vista eingebaut hat und damit bald an seine Kunden ausliefert. Schneier rät daher allen Programmieren einschlägiger Software ab, Dual_EC_DRBG in den eigenen Programmen zu nutzen. Ein Rat, den man befolgen sollte.