It's time to step it up with security when signing emails digitally with your GnuPG/OpenPGP key. For the longest time, SHA-1 has been the default hash for signing text documents. However, SHA-1, a 160-bit strength hashing algorithm has been broken. The tough thing, is there have been plenty of collisions with SHA-1 and MD5 hashes. Consider the following links from Slashdot:
- SHA-1 Broken
- More on Newly Broken SHA-1
- PGP Moving To Stronger SHA Algorithms
- Meaningful MD5 Collisions
- New, Faster Attack against SHA-1 Revealed
- SHA-1 Collisions for Meaningful Messages
- Chinese Prof Cracks SHA-1 Data Encryption Scheme
So, basically, if you have read any of those articles, it's time to leave SHA-1 for signing your text, and move to a stronger hashing algorithm. If you're like me, and use GPG daily (I sign ALL my email with it), you have a few options available to you for signing your text that is not SHA-1. However, if you are also like me, you used GPG defaults when setting up your key. As such, you're not left with as many options as you should be.
By default, GPG sets you up with an ElGamal encryption key and a DSA signing key. This means that you are only able to use 160-bit maximum strength signing algorithms. There are only 2 choices: SHA-1 (which is now successfully broken) and RIPEMD160 (which has yet to be broken, but it's only a matter of time). If you would like to take advantage of higher hashing strengths, you need to generate a new subkey. Luckily, this isn't difficult.
But, before I get into that, as mentioned, RIPEMD160 has not been broken, or weakened, as far as I know. This means that it is still a safe algorithm for signing your text, and it also means that you don't need to generate a new subkey. In order to take advantage of RIPEMD160, pull up your ~/.gnupg/gpg.conf file (or ~/.gnupg/options file if using < gpg v. 1.3), and add the following text to the file:
From there on out, you will be signing your text with that hashing algorithm. However, if you want to use something stronger than 160-bit hashing, you will need to generate a new subkey as I mentioned before. So, without further ado, let's get into it. First, pull up a terminal, and type:
gpg --edit-key 'name'
Where 'name' is your name, email address, keyid, or anything that uniquely identifies your key. This will pull up the GPG command interface. If you type 'help' here, you will get all the commands that are available with a brief intro to what they do. As you have probably figured out, we want to 'addkey'. So do that at the command prompt:
You will be given a little menu as to what subkey to add. For example, here is the menu that I was presented with:
Command> addkey Key is protected. You need a passphrase to unlock the secret key for user: "Aaron Toponce <aaron .firstname.lastname@example.org>" 1024-bit DSA key, ID 8086060F, created 2004-09-18 Please select what kind of key you want: (2) DSA (sign only) (4) Elgamal (encrypt only) (5) RSA (sign only) (6) RSA (encrypt only) Your selection?
The selection you want is 'RSA (sign only)'. When selected, you want to make sure it's a tough key, so I would recommend at least a 2048-bit key strength. It may take a minute or two to generate the subkey, but it's worth it. Now that your new subkey is added to your key-pair, you need to get your public key out to keyservers. It is important that your friends and such have your new public key. If not, they will not be able to verify your newly created signatures.
Now that you have an RSA subkey added, you can now take advantage of SHA-256, SHA-384 & SHA-512 hashing algorithms. In order to take advantage of them, you just need to add it to your ~/.gnupg/gpg.conf file as you did with the RIPEMD160 (you'll have to remove any digest algorithm that you already had in the file. You can only have one).
I always sign my emails with SHA-512. I want them to stand as long as possible showing validity from me. I don't want tampering with my digitally signed text later in life. And because I am using Enigmail with Thunderbird, I can have Thunderbird automatically sign my email when I send it, and I never have to think twice.
Anyway, I hope those of you who are using GPG to sign your email, or hash your text, that you are abandoning SHA-1 in favor for stronger algorithms. With the release of GPG 2, and 1.4.6, and the recent news of breaking SHA-1, I'm sure it's only a matter of time before the default hashing changes. But, before that time breaks, you should make the changes manually yourself.