5.3.0-git
2014-10-22

[#12099] create gpg keys for the 21th century
Summary create gpg keys for the 21th century
Queue Horde Base
Queue Version Git master
Type Bug
State Resolved
Priority 2. Medium
Owners slusarz (at) horde (dot) org
Requester o+horde (at) immerda (dot) ch
Created 2013-03-07 (594 days ago)
Due
Updated 2013-04-08 (562 days ago)
Assigned 2013-03-18 (583 days ago)
Resolved 2013-03-24 (577 days ago)
Milestone
Patch Yes

History
2013-04-08 10:07:05 Git Commit Comment #15 Reply to this comment
Changes have been made in Git (master):

commit 5a49f1f5e248b677cdd3ed219e123e05370fc7f1
Author: Michael M Slusarz <slusarz@horde.org>
Date:   Sun Mar 24 15:44:25 2013 -0600

     [mms] Add PGP keylength configuration option (Request #12099).

  imp/config/conf.xml                        |   16 ++++++++++++++
  imp/docs/CHANGES                           |    1 +
  imp/docs/UPGRADING                         |    4 +++
  imp/lib/Prefs/Special/PgpPrivateKey.php    |   31 
+++++++++++++++++++---------
  imp/locale/en/help.xml                     |    7 ------
  imp/package.xml                            |    1 +
  imp/templates/prefs/pgpprivatekey.html.php |   14 ------------
  7 files changed, 43 insertions(+), 31 deletions(-)

http://git.horde.org/horde-git/-/commit/5a49f1f5e248b677cdd3ed219e123e05370fc7f1
2013-03-24 22:02:07 Michael Slusarz Comment #14
State ⇒ Resolved
Reply to this comment
IMP 6.1.0

http://lists.horde.org/archives/commits/2013-March/018887.html

Changes:
  - Added ability to disable key generation entirely for an installation.
  - No need to allow users to select key size in UI.  If an advanced 
user really wants a different size, they can create a PGP keypair 
using other methods.  For others, the default keypair is fine and 
displaying details about it is just another way to confuse the user.
2013-03-22 13:56:15 o+horde (at) immerda (dot) ch Comment #13 Reply to this comment
i can try to implement the feature again via conf.php, would you
consider to merge this? because e.g. in our setup we could easily
enable longer keys, since we have an entropy key.
Yes.  I think a conf.php setting would be appropriate.  Probably 
with 1024, 2048, and 4096 as options (although, as mentioned above, 
1024 still needs to be the default out-of-the box).
there you go:
https://github.com/horde/horde/pull/39

i hope this is all correct, since i never added a conf.php value before....
2013-03-18 19:40:03 Michael Slusarz Comment #12 Reply to this comment
I partly agree but i guess you could dos just as well using 1024 bit keys....
Sure.  But as a *default*, it makes more sense.  At a minimum, random 
generation is O(n).  But on some machines it's probably something more 
(O(log n)?) since there can be no guarantee what the random generation 
is on any particular system.
but indeed i first tried to make it configurable in this patch:
https://github.com/immrr/horde/commit/63315234f112e138e48b36b06e5e30c59bb7a7c8

but i reverted this patch, since it was suggested that 2048 could be 
set as hardcoded default and the patch wrongly put the option in 
prefs.php.
I guess this is just a disagreement with Jan about hardcoding the 
default into the template file.  Although I definitely agree with him 
that 1) a preference makes no sense (this is not the kind of thing to 
ever be changed by a user) and 2) there's probably zero reason to 
allow the user to choose the length - whatever the admin decides 
should be used.
i can try to implement the feature again via conf.php, would you 
consider to merge this? because e.g. in our setup we could easily 
enable longer keys, since we have an entropy key.
Yes.  I think a conf.php setting would be appropriate.  Probably with 
1024, 2048, and 4096 as options (although, as mentioned above, 1024 
still needs to be the default out-of-the box).
2013-03-18 19:34:19 Michael Slusarz Comment #11 Reply to this comment
Unless you have ultimate trust in the person who is administrating 
the webserver (ie, *you* are the one in charge), there is no 
guarantee that nobody has access to your private key.
Obviously.  But this is not newsworthy.  How is this any different 
from SSH keys stored on a remote *nix server?

Nobody is forcing you to use PGP.  If you think the security is 
insufficient, you can disable PGP entirely.
2013-03-18 11:25:04 o+horde (at) immerda (dot) ch Comment #10 Reply to this comment

[Show Quoted Text - 10 lines]
so your argument is like, why do you lock the door, the janitor has a 
key anyway...

i mean its all a question of your threat model and i agree that using 
pgp in horde is considerably less secure (as in applies to a weaker 
threat model) as using it locally, but that doesn't mean that you 
should just not care about the key.

if this does not convince you, why we should increase keylength, look 
up forward secrecy.
2013-03-18 11:19:36 o+horde (at) immerda (dot) ch Comment #9 Reply to this comment
          make default pgp keylength 2048
The issue is not security but performance -- generating sufficient 
random bits via a web request can take ages (minutes) on certain 
systems.  These kind of requests can block PHP and cause DoS 
problems if a user keeps reloading the page because the request is 
taking too long.
I partly agree but i guess you could dos just as well using 1024 bit keys....

but indeed i first tried to make it configurable in this patch:
https://github.com/immrr/horde/commit/63315234f112e138e48b36b06e5e30c59bb7a7c8

but i reverted this patch, since it was suggested that 2048 could be 
set as hardcoded default and the patch wrongly put the option in 
prefs.php.

i can try to implement the feature again via conf.php, would you 
consider to merge this? because e.g. in our setup we could easily 
enable longer keys, since we have an entropy key.
2013-03-18 10:02:16 arjen+horde (at) de-korte (dot) org Comment #8 Reply to this comment
IMHO the length of the key is the least of your worries here.

Unless you have ultimate trust in the person who is administrating the 
webserver (ie, *you* are the one in charge), there is no guarantee 
that nobody has access to your private key. As an administrator it 
would be trivial to log the passwords of private keys (if any) and the 
keys themselves are also present.

If confidentiality is really an issue, you shouldn't be using PGP (or 
S/MIME) in Horde in the first place.
2013-03-18 05:54:33 Michael Slusarz Comment #7
State ⇒ Feedback
Assigned to Michael Slusarz
Reply to this comment
Imported 3 of 4 patches.  However, I have serious concerns about this patch:

          make default pgp keylength 2048

The issue is not security but performance -- generating sufficient 
random bits via a web request can take ages (minutes) on certain 
systems.  These kind of requests can block PHP and cause DoS problems 
if a user keeps reloading the page because the request is taking too 
long.

I would rather see admin documentation regarding allowing key 
generation (and the server issues this may cause).  Maybe a config 
option disabling and/or allowing the admin to decide the appropriate 
default value.
2013-03-18 05:50:00 Git Commit Comment #6 Reply to this comment
Changes have been made in Git (master):

commit 3c19a3350872912038a6a49cfbc6bd4014efd841
Author: Michael M Slusarz <slusarz@horde.org>
Date:   Sun Mar 17 23:49:03 2013 -0600

     [mms] Improve security in PGP key generation (Request #12099).

  framework/Crypt/package.xml |   12 ++++++------
  1 files changed, 6 insertions(+), 6 deletions(-)

http://git.horde.org/horde-git/-/commit/3c19a3350872912038a6a49cfbc6bd4014efd841
2013-03-18 05:49:54 Git Commit Comment #5 Reply to this comment
Changes have been made in Git (master):

commit f9a9e74deb17f22fe1ad752b2d9e29272816986e
Author: o <o@immerda.ch>
Date:   Thu Mar 7 00:26:31 2013 +0100

     prefer sha-2 algos over sha-1 in key generation

     following the new defaults of gpg.

     see
     http://lists.gnupg.org/pipermail/gnupg-announce/2009q3/000291.html
     below "What's New"

     Signed-off-by: Michael M Slusarz <slusarz@horde.org>

     Bug #12099

  framework/Crypt/lib/Horde/Crypt/Pgp.php |    3 ++-
  1 files changed, 2 insertions(+), 1 deletions(-)

http://git.horde.org/horde-git/-/commit/f9a9e74deb17f22fe1ad752b2d9e29272816986e
2013-03-18 05:49:48 Git Commit Comment #4 Reply to this comment
Changes have been made in Git (master):

commit da180be80445347de1651191041a862b51e1de34
Author: o <o@immerda.ch>
Date:   Thu Mar 7 00:05:27 2013 +0100

     generate rsa/rsa keys instead of dsa

     in accordance with gnupg we should create rsa keys instead of
     deprecated dsa/el-gamal keys.

     see:
     http://lists.gnupg.org/pipermail/gnupg-devel/2009-May/025079.html

     Signed-off-by: Michael M Slusarz <slusarz@horde.org>

     Bug #12099

  framework/Crypt/lib/Horde/Crypt/Pgp.php |   23 +++++++++++++----------
  1 files changed, 13 insertions(+), 10 deletions(-)

http://git.horde.org/horde-git/-/commit/da180be80445347de1651191041a862b51e1de34
2013-03-18 05:49:42 Git Commit Comment #3 Reply to this comment
Changes have been made in Git (master):

commit 79cde5e1b28a97b8a87a9702fe1c3415e07af55e
Author: o <o@immerda.ch>
Date:   Wed Mar 6 23:53:34 2013 +0100

     make the primary gpg keylength == the subkey length

     Horde always generates 1024 bit primary keys. This should be considered
     a bug, since by the semantic of all other key generating tools, key
     length concerns primary and sub-key.

     Signed-off-by: Michael M Slusarz <slusarz@horde.org>

     Bug #12099

  framework/Crypt/lib/Horde/Crypt/Pgp.php |    2 +-
  1 files changed, 1 insertions(+), 1 deletions(-)

http://git.horde.org/horde-git/-/commit/79cde5e1b28a97b8a87a9702fe1c3415e07af55e
2013-03-07 20:48:36 Michael Slusarz Comment #2 Reply to this comment
A question: do you prefer me opening tickets in the bugracker for 
github pull requests or rather not?
This is appropriate.  Since these requests are easily reported via a 
Horde ticket # anyway in the changelog/commit messages.
2013-03-07 18:10:31 o+horde (at) immerda (dot) ch Comment #1
State ⇒ Unconfirmed
Patch ⇒ Yes
Milestone ⇒
Queue ⇒ Horde Base
Summary ⇒ create gpg keys for the 21th century
Type ⇒ Bug
Priority ⇒ 2. Medium
Reply to this comment
Unfortunately the gpg keys generated by horde are not in accordance 
with current crypto best practice. Particularly they do not follow the 
new recommendations for key-length and preferred hash algos 
established by gnupg in 2009.

I tried to address all the issues i found in the following patch:
  https://github.com/horde/horde/pull/35

A question: do you prefer me opening tickets in the bugracker for 
github pull requests or rather not?