How to choose a good passphrase

The passphrase is the last line of defense to your private key, should your key pair fall in the hands of an adversary. This might happen more easily than you think, by means of someone stealing your laptop, a malware uploading your private documents from your infected computer to a rogue server, or simply by your momentary carelessness when mistakenly distributing your whole key pair instead of your public key. With your secret key and your passphrase, anyone can impersonate you by signing messages on your behalf, and decrypt messages that were intended for your eyes only.

Luckily, the passphrase provides a quite good protection, since it encrypts the private key with a strong cipher. It is important that you choose a strong passphrase that could not be easily cracked by password guessing or brute-force programs. In this section we illustrate some criterion to do so. GnuPG/Enigmail also allow you to not set a passphrase on your key pair. This is not recommended and should be done only in exceptional circumstances, for instance when non-interactive processing is needed.

Do not use the following as your passphrase:

  • Any information related to you, such as your name, address, age, date or place of birth, car license plate, name of your spouse/children/parents/pets;
  • Words in any language/dialect (either past or present, real or fictional);
  • Names of people or places (real or fictional), books, movies, songs, music bands, etc.;
  • Trivial sequences of letters and/or numbers e.g. abc123, qwerty, YYYYYYYY
  • Numerical constants e.g. 2.718281828459 (it's the mathematical constant e)
  • Any of the above transformed in all uppercase, all lowercase, alternated case, or leetspeak e.g. ShAkEsPeArE, 5h4k35p34r3
  • Any of the above prefixed or suffixed by a single character e.g. Shakespeare+, 1Shakespeare
  • Anything that's less than eight characters long (Enigmail will not even let you choose a passphrase that's shorter than that);
  • A password that you already use for something else (e.g. on web sites or for your email account)

Instead, do use one or more of these criteria to create a passphrase:

  • Use always a mix of at least 3 of the following characters in your passphrase: uppercase letters, lowercase letters, numbers, symbols such as # * ! ? + - ( & / etc.;
  • Choose a long password: the longer, the safer. Eight characters is the bare minimum, and the recommended length nowadays is at least twelve;
  • Add two characters or more in front and/or at the end of a word or name e.g. !6Stevenson!2X
  • Insert two characters or more inside a word or name e.g. St+.-evenson, Dic45ke67n8s
  • Join two words or names by two or more characters e.g. Stevenson#%Dickens
  • Nest one word or name inside another e.g. SteDickensvenson
  • Condensate a proverb, a quote, a verse from a poem, a phrase from a movie, or any sentence you could have fixed in your mind e.g. 15motdmc-Y&abor!

This last example might seem impossible to remember but is in fact quite easy, if you know the old sea song in the first page of Robert Louis Stevenson's Treasure Island:

"Fifteen men on the dead man's chest --
Yo-ho-ho, and a bottle of rum!"

Each letter of the passphrase is the first letter of each word, with appropriate use of some capital letters and numbers. You can make up the rules as you prefer.

Another example could be Iw20yat/SPttbtp/thbgiaoos/btagtras.

This comes from the lyrics of the song Sgt. Pepper's Lonely Hearts Club Band by Lennon/McCartney:

"It was twenty years ago today
Sgt. Pepper taught the band to play
They've been going in and out of style
But they're guaranteed to raise a smile."

You can use an existing quote from a book or a song, so should you ever forget it, a quick lookup on the source will solve the problem. For maximum security you may also invent your own quote, although in this case you must be absolutely sure not to forget it.

Instead of a quote you can use as mnemonics a remarkable event of your life. Let's say that you and John Smith hiked the Mont Blanc in 2005; your passphrase could be me&JS:05->MtB

These three last examples are particularly strong passphrases while being not excessively difficult to remember.

Protection of the local machine

You should be aware of the truth that your encrypted mails are as safe as the computer you use Enigmail on. This point can never be stressed enough. If your computer is infected with a malware that grants an intruder full remote access on your files, all the cryptographic robustness of OpenPGP and the strongest passphrase won't protect your messages from being snooped or falsified. In a similar way, if you leave your computer unattended and unlocked with your passphrase cached on, any passer-by could send secret messages on your behalf. In fact, even using cryptography, your communications cannot be secure if your computer isn't; even worse, cryptography could lure you into a false sense of security, making you more prone to share sensitive information via email.

The ciphers OpenPGP uses are the strongest known, and OpenPGP encryption is virtually unbreakable if done in the right way. However, there are a lot of other things that can go wrong. The well-established fact that OpenPGP is the strongest link in the chain of security simply means that an attacker that wishes to read your encrypted messages won't try to brute-force the encryption (which could take millions of years) but will focus on other weaknesses instead:

  • He might break into your computer and infect your computer with a spyware to record all your messages.
  • If he has got physical access to your machine, he could insert a hardware keylogger between your keyboard and the computer, or install a hacked bootloader.
  • He could record your messages by means of a hidden camera pointed towards your screen.
  • Once he gets his hands on the contents of your computer, either physically or from a remote location over the network, he may search for any plaintext remnants in nonvolatile storage devices or RAM.
  • Your copy of GnuPG and Enigmail might have been tampered with. For this reason you should only trust software downloaded from the official web sites. Copies obtained from other sources might contain viruses, backdoors, or trojans.
  • Finally, an attacker might persuade, force, or delude you (e.g. by impersonation) to surrender your passphrase, your secret key, or your messages.

And all these attacks can be carried over your correspondents, too. The possibilities are endless.

Basic protection

You must follow these golden rules in order to keep your computer reasonably safe:

  • Don't install, run, or open software of dubious origin (e.g. warez found on peer-to-peer networks, or programs hosted on untrusted web sites). This includes suspicious email attachments and macros on word processing programs.
  • Use an antivirus/antimalware software, updated daily. Make frequent scans of your computer and external hard drives.
  • Use a firewall to filter unwanted incoming connections, as malware can infect your computer from the network, too.
  • Install OS vendor patches. Keep all your software up-to-date, and keep yourself informed of the latest vulnerabilities.
  • Use a screen lock when you are not physically in front of your computer, and lock it immediately when strangers are around.
  • Use strong passwords. Don't write them down in easy-to-find places.
  • Use only WPA2-secured Wi-Fi connections.

Increased protection

If your communications involve critically sensitive information, you should not leave your computer physically accessible at all – even when turned off. If stolen, the thief would have access to all your files, including your secret key. The private key will still be protected by the passphrase but, by performing analysis and forensics on the filesystem, the thief will have access to a lot of plaintext data (temporary files, memory swap files, and such) that could include information you thought was encrypted. Windows leaves a lot of data around, and other OSes aren't much better with respect to this.
For this reason you should consider using whole disk encryption which is offered by all modern operating systems, such as Bitlocker on MS Windows, LUKS on Linux, FileVault on Mac OS X, or VeraCrypt on various OSes.

It is also worth noting that a technically skilled intruder having physical access to a turned-off computer could infect it, leaving no traces, by replacing the bootloader with an infected one (the so-called evil maid attack).

Keeping your key pair in a safer place

To increase the security of your secret key you may decide to store your key pair in a different location than the default directory chosen by GnuPG, which for Windows is C:\Documents and Settings\your_username\Application Data\GnuPG in the local computer. The easier solution is to keep the GnuPG files in an external USB drive, or an encrypted volume in the local hard disk. A more complex solution involves the use of a smart card.

External USB drive

First, mount the external drive and move there all GnuPG files (your keyring, the random seed file, and configuration files) that were contained in the default directory. Your mail client must not be running while you move the files.

Then, you must tell GnuPG where the new location is, by passing the additional parameter --homedir new_location to the GnuPG executable. This is done directly inside the Enigmail configuration, via the menu command Enigmail → Preferences → Advanced, in the field Additional parameters for GnuPG.

Once you have done this, you can use Enigmail in the usual way. Remember to have your external drive mounted before running Enigmail or GnuPG.

Encrypted volume

Instead of an external drive, you may choose to store the GnuPG files on an encrypted virtual volume in the local hard disk (or even, for extra protection, on an encrypted virtual volume in an external drive itself).

Software that provides on-the-fly (OTF) encryption automatically encrypts or decrypts the data as it is saved or loaded from disk, transparently for the user. There are several OTF enctyption programs available; however, a lot has changed during the last years, so that we cannot give a long standing recommendation.

The encrypted virtual volume will behave just like an external drive. Once you have installed the encryption program of your choice, created the encrypted virtual volume, and mounted it, do the necessary setup by following the same steps explained previously.

You also may want to use whole disk encryption, as already suggested.

OpenPGP card

Enigmail supports the OpenPGP card, a smart cart compatible with ISO standards 7816-4 and 7816-8. The figures below show front and back of an OpenPGP card:

8-01.png

8-02.png

OpenPGP cards are distributed by Kernel Concepts. It is also possible to obtain a OpenPGP card by becoming a Fellow of the Free Software Foundation Europe.

OpenPGP v2.0 cards feature three independent RSA keys, for signing, encryption, and authentication, of up to 4096 bits each. Some older gnupg versions might support shorter key lengths. The card is used to store the actual secret key. A secret key stub remains within the secret keyring so that gnupg knows about the key on the card and can prompt you to insert the card if it is needed and perform key operations.

The purpose of using a smart card is that the secrets it contains cannot be copied from the card. Therefore, as long as the card stays physically in your possession, you know that your secret key is safe.

There are two methods to initialize a card. Following the first method, the key is generated on-card, i.e. the card calculates the key using its built-in random generator; in this way the secret key never leaves the card. Otherwise, a standard RSA key can be generated in a safe environment, e.g. a clean Linux workstation not connected to any network and booted from a CD-ROM. The secret key is then moved to the card. This key can later be stored to another OpenPGP card if the original card gets lost or broken. However, the new card will have new signing and authentication keys.

For advanced users: the method that guarantees the maximum availability of the keys, at the expense of secrecy, is to create a compatible key. This is done by creating via the GnuPG command line (use the --expert flag) keys with distinct functionalities (1024-4096 bit, RSA only). These keys allow you to backup a fully functional key, for which no card is needed, which is helpful in case you revoke your card key but still want your mail archive to be readable.

You can also create a full clone of that key on another card if availability is vital. As long as you protect your original backup key appropriately, this allows you to leave your card in a system managed by someone else without the fear that your secret key could be stolen unnoticed. In fact, since the secret key cannot be copied from the card, the only way to pick up the key is to physically steal the card – which you'll notice.

From the menu item Enigmail → Manage SmartCard... you can access all smart card operations:

  • manage the user data (name, sex, language, login ID, URL of the public key) stored on the OpenPGP card;
  • generate a new key on-card;
  • change your PIN (123456 by default) and Admin PIN (12345678 by default).

Generating a new key on-card will overwrite the pre-existing key.

Remember to change your PIN and Admin-PIN before generating a new key. The PIN is not restricted to digits only but can be any combination of characters; choose strong PINs since they are the only protection to the secret key if the card is lost or stolen. However, bear in mind that non-numeric PINs cannot be entered on PIN-pad readers.

It is strongly recommended that you test to recover your secret keys (both your card and the key on your local computer) from a backup key and a blank card. If you have only one card available, you may still simulate the recover (v2.0 cards only) by resetting the card via the command

gpg-connect-agent < resetfile

where resetfile is an ASCII text file composed of the following lines:

/hex
scd reset
scd serialno undefined
scd apdu 00 A4 04 00 06 D2 76 00 01 24 01
scd apdu 00 20 00 81 08 40 40 40 40 40 40 40 40
scd apdu 00 20 00 81 08 40 40 40 40 40 40 40 40
scd apdu 00 20 00 81 08 40 40 40 40 40 40 40 40
scd apdu 00 20 00 81 08 40 40 40 40 40 40 40 40
scd apdu 00 20 00 83 08 40 40 40 40 40 40 40 40
scd apdu 00 20 00 83 08 40 40 40 40 40 40 40 40
scd apdu 00 20 00 83 08 40 40 40 40 40 40 40 40
scd apdu 00 20 00 83 08 40 40 40 40 40 40 40 40
scd apdu 00 e6 00 00
scd reset
scd serialno undefined
scd apdu 00 A4 04 00 06 D2 76 00 01 24 01
scd apdu 00 44 00 00
/echo Card has been reset to factory defaults

Passphrase handling

GnuPG required gpg-agent which is an independent passphrase handling software and part of the GnuPG 2.x package. Enigmail has no control over gpg-agent - it runs outside of Postbox/Interlink/Enigmail and offers a lot of advantages:

  • Caching of passphrases for different keys
  • Protection of memory being swapped to disk
  • Common system for all applications requesting a passphrase

gpg-agent needs a software named pinentry providing the graphical dialog. There are different flavours of pinentry; their appearance differs slightly with the operating system (and, on Linux, with your X Window manager). The following image shows pinentry-mac (Mac OS X) asking for the passphrase:

8-04.png

The passphrase caching option in Enigmail Preferences uses the gpgconf command to pass the value (N) entered in the field to GPG-agent. This affects the following GnuPG options:

  • default-cache-ttl is set to N*60. This value is the time a cache entry is valid; each time a cache entry is accessed, the entry's timer is reset.
  • max-cache-ttl is set to N*600. This value is the maximum time a cache entry is valid, after which the cache entry expires even if it was accessed recently.

The Setup Wizard on Windows and Mac OS automatically installs GnuPG 2.0.x, which uses GPG-agent. On Linux, practically every distribution offers a GnuPG 2 package.

If you experience difficulties getting GPG-agent/pinentry to work on Linux, please check out our Guide for resolving issues with GnuPG 2.x and gpg-agent.

Key verification procedure

When you verify keys from other people, you should check that the key really belongs to the person which is named in the User ID. Therefore you should compare all data you find electronically on the key with the information you get from the person directly.

The following procedure is regarded as good practice:

  1. Meet the person face-to-face;
  2. Receive their fingerprint from them;
  3. Receive their email address(es) from them;
  4. See at least one form of government-issued identification (i.e. passport or ID card);
  5. Get the key from a keyserver or directly from the person;
  6. Verify that the email address(es) on their User ID(s) match the email address(es) they gave you;
  7. Verify that the fingerprint on their key matches the fingerprint they gave you.

Exchanging fingerprints can be made in form of paper or speech. You can exchange paper sheets or sit together, one reading the fingerprint, the other one comparing it on the display of his computer.

If you exchange papers, you should note on it that you've seen the government-issued identification, especially if you collect more than one sheets at one occasion.

There are organized events for exchanging keys: people come together for a so-called key signing party, usually on congresses about computer security or open source software.



This ends our guide to Enigmail and email encryption. We hope this information has been useful to you. Stay safe, and stay free.


Previous Chapter: Advanced Operations