Featured Articles

Hardening Guide for phpList
Crowdfunding on Crowd Supply (Review of my experience)
WordPress Multisite on the Darknet (Mercator .onion alias)
Detecting (Malicious) Unicode in GitHub PRs
Nightmare on Lemmy Street (A Fediverse GDPR Horror Story)
Continuous Documentation: Hosting Read the Docs on GitHub Pages (2/2)
Trusted Boot (Anti-Evil-Maid, Heads, and PureBoot)
Introducing BusKill: A Kill Cord for your Laptop
WordPress Profiling with XHProf (Debugging & Optimizing Speed)
previous arrow
next arrow

How to check the Public Key Algorithm used for a given gpg key (ie: RSA vs DSA)

Today I discovered how to validate the Public Key Algorithm that's used for a given gpg key. Unfortunately, it's extremely unintuitive & took quite a bit of digging to figure out how. So I'm leaving this here in hopes it helps someone in their future searches.

Michael Altfield

Hi, I’m Michael Altfield. I write articles about opsec, privacy, and devops ➡

About Michael


. . . → Read More: How to check the Public Key Algorithm used for a given gpg key (ie: RSA vs DSA)

Eavesdropping Analysis of PGP Metadata

This post attempts to answer the following question: If an evesdropper intercepts a message encrypted with gpg, how much information will they be able to extract from the message without a decryption key?

I will show the unencrypted metadata added to a GPG-encypted message, and I will present commands that can be used to extract this unencrypted metadata.

Michael Altfield

Hi, I’m Michael Altfield. I write articles about opsec, privacy, and devops ➡

About Michael


. . . → Read More: Eavesdropping Analysis of PGP Metadata

Extend GPG Key Expiration

I came back from my "cross-country bicycle trip":http://1guy2biketrips.michaelaltfield.net to discover I could no longer send signed email because my key expired! I've also changed colleges from "SPSU":http://www.spsu.edu/ to "UCF":http://www.ucf.edu, and my old college is expiring my email address, so here's what I need to do:

# Extend my key's expiration another year # Add new email address to subkey # Save updates to key # Export a new public key

Background Information GPG

"GPG (GNU Privacy Guard)":http://www.gnupg.org/ (used here) is a popular, cross-platform implementation of "OpenPGP (Pretty Good Privacy)":http://en.wikipedia.org/wiki/Pretty_Good_Privacy defined in "RFC 4880":http://tools.ietf.org/html/rfc4880. OpenPGP outlines a standard, open message format for maintaining the "confidentiality":http://en.wikipedia.org/wiki/Information_security#Confidentiality and "integrity":http://en.wikipedia.org/wiki/Information_security#Integrity of electronic messages.

Why Subkeys?

"Public Key Cryptography":http://en.wikipedia.org/wiki/Public-key_cryptography is long, complicated, and well outside the scope of this post. However, one thing I never fully understood was the functional purpose of subkeys. Thankfully, "the GPG documentation":http://www.gnupg.org/gph/en/manual.html is excellent.

So, there's 2 major things I want to accomplish by using GPG with my email

# Confidentiality through encryption # Integrity through signatures

The designers of PGP viewed the signature role as indefinitely important while the encryption role as dynamic overtime. Therefore, when we first generate a keypair, 2 keys are created: 1 primary key for
. . . → Read More: Extend GPG Key Expiration

Sabayon, KDE, and Evolution

I recently reformatted my hard drive--switching from pure Gentoo to the Sabayon fork. Sabayon did for Gentoo what Ubuntu did for Debian. It's generally a lot easier to use, but--unlike Ubuntu--it doesn't sacrifice functionality for ease-of-use.

Michael Altfield

Hi, I’m Michael Altfield. I write articles about opsec, privacy, and devops ➡

About Michael


. . . → Read More: Sabayon, KDE, and Evolution

New GPG Key

I went to send an email the other day and I was halted when I discovered that my key had expired. I can't believe that I've been using GPG for 6 months, but the time had come to generate a new keypair.

This post outlines the process to gererate a new keypair once your old keypair has expired.

Michael Altfield

Hi, I’m Michael Altfield. I write articles about opsec, privacy, and devops ➡

About Michael


. . . → Read More: New GPG Key