Notes, Tips & Tricks

How to choose a good passphrase
The passphrase is the last line of defense to your private key, should your key pair fall in enemy hands. This might happen more easily than you think, by means of someone stealing your laptop, a malware uploading your private documents from your infected computer to a rogue server, or simply by your momentary thoughtlessness when you distribute your whole key pair instead of your public key. With your secret key and your passphrase, anyone can impersonate you by signing messages on your behalf, and decrypt messages that were intended for your eyes only.

Luckily, the passphrase provides a quite good protection, since it encrypts the private key with a strong cipher. It is important that you choose a strong passphrase that could not be easily cracked by password guessing or brute-force programs. In this section we illustrate some criterion to do so. GnuPG/Enigmail also allow you to not set a passphrase on your key pair. This is absolutely not recommended, and should be done only in exceptional circumstances, for instance when non-interactive processing is needed.

Do not use the following as your passphrase:


 * Your name, address, age, date or place of birth, car license plate, the name of your spouse, children, parents, pets, or any other information related to you;
 * Words in any language/dialect, past or present, real or imaginary;
 * Names of real or fictitious people or places;
 * Names of books, movies, songs, music bands, groups, and such;
 * Obvious sequences of letters and/or numbers e.g. abc123, qwerty, YYYYYYYY
 * Numerical constants e.g. 2.718281828459 (it's the mathematical constant e)
 * Any of the above written in all uppercase, all lowercase, or with alternated case e.g. ShAkEsPeArE
 * Any of the above prefixed or suffixed by a single character e.g. Shakespeare+, 1Shakespeare
 * Any of the above with obvious replacements e.g. leetspeak 5h4k35p34r3
 * Anything that's less than eight characters long (Enigmail will not even let you choose a passphrase that's shorter than that);
 * A password that you already use (e.g. on web sites or for your email account)

Instead, do use these criteria to create a passphrase:


 * Use always a mix of at least 3 of the following characters in your passphrase: uppercase letters, lowercase letters, numbers, symbols such as # * ! ? + - ( & /</tt>
 * Choose a long password: the longest, the safer. Eight characters is the absolute minimum; the recommended length nowadays is twelve or more.
 * Insert two characters or more inside a word or name e.g. St+.evenson</tt>, Dicke7n8s</tt>
 * Join two words or names by two or more characters e.g. Stevenson-.Dickens</tt>
 * Nest one word or name inside another e.g. SteDickensvenson</tt>
 * Condensate a proverb, a quote, a verse from a poem, a phrase from a movie, or any sentence you could have fixed in your mind e.g. 15motdmc-Y&a1bor!</tt>

This last example might seem impossible to remember but is in fact quite easy, if you know the old sea song in the first page of Robert Louis Stevenson's Treasure Island:

"Fifteen men on the dead man's chest -- Yo-ho-ho, and a bottle of rum!"

Each letter of the passphrase is the first letter of each word, with appropriate use of some capital letters and numbers. You can make up the rules as you prefer.

Another example could be Iw20yat/SPttbtp/thbgiaoos/btagtras.</tt>

This comes from the lyrics of the song Sgt. Pepper's Lonely Hearts Club Band by Lennon/McCartney:

"It was twenty years ago today Sgt. Pepper taught the band to play They've been going in and out of style But they're guaranteed to raise a smile."

These two last examples show particularly strong passphrases, as they are random-looking sequence of letters while being simple to remember. You can use an existing quote, so should you ever forget it, a quick lookup on the source will solve the problem. For increased security you may also invent your own quote, although in this case you must be absolutely sure not to forget it.

Protection of the local computer
You should be aware of the truth that your encrypted mails are as safe as allowed by the computer you use Enigmail on. This point can never be stressed enough. If your computer is infected with a key logger and a malware that grants an intruder remote access on your files, all the cryptographic robustness of OpenPGP and the strongest passphrase won't protect your messages from being snooped or falsified. In a similar way, if you leave your computer unattended with your passphrase cached on, prepare yourself for nasty surprises. In fact, even using cryptography, your communications cannot be secure if your computer isn't. Even worse, cryptography could lure you into a false sense of security, making you more prone to share sensitive information via email.

The ciphers OpenPGP uses are the strongest known, and OpenPGP encryption is virtually unbreakable if done in the right way. However, there are a lot of other things that can go wrong.

The well-established fact that OpenPGP is the strongest link in the chain of security simply means that an attacker wanting to read your encrypted messages won't try to brute-force the encryption (which could take millions of years), but will focus on other weaknesses instead:


 * He might break into your computer and steal your secret key. Then, infect your computer with a spyware to record your passphrase, or directly record your secret messages as you're typing them. For the purpose of recording, he might as well use a hardware key logger installed between keyboard and computer. Or simply a hidden camera pointed towards your screen.
 * Once he gets his hands on the contents of your computer, either physically or from a remote location over the network, he may search for any plaintext remnants in nonvolatile storage devices or RAM.
 * From where did you get your copy of GnuPG and Enigmail? You should only trust software downloaded from the official web sites. Copies obtained from other sources might have been tampered with, and as such contain viruses, backdoors or trojans.
 * Finally, an attacker might persuade, force, or delude you (e.g. by impersonation) to surrender your passphrase, your secret key, or your messages.

And all these attacks can be carried over your correspondents, too. The possibilities are endless.

Basic protection
You must follow these golden rules in order to keep your computer reasonably safe:


 * Don't install, run, or open software of dubious origin (e.g. warez found on peer-to-peer networks, or programs hosted on untrusted web sites). This includes suspicious email attachments and macros on word processing programs.
 * Use an antivirus/antimalware software, updated daily. Make frequent scans of your computer and external hard drives.
 * Use a firewall to filter unwanted incoming connections; malware can infect your computer from the network, too.
 * Install OS vendor patches. Keep all your software up-to-date, and keep yourself informed of the latest vulnerabilities.
 * Use a screen lock when you are not physically in front of your computer and lock it immediately when strangers are around around.
 * Use strong passwords, and don't write them down in easy-to-find places.
 * If you use a Wi-Fi connection, enable WPA2 on your access point.

Increased protection
If your communications involve critically sensitive information, you should not leave your computer physically accessible at all – even when turned off. If stolen, the thief would have access to all your files, including your secret key. The private key will still be protected by the passphrase but, by performing analysis and forensics on the filesystem, the thief will have access to a lot of plaintext data (temporary files, memory swap files, and such) that could include information you thought was encrypted. Windows leaves a lot of data around, and other OS’s aren't much better with respect to this. You might consider using whole-disk encryption at this point. Section 8.3.2 mentions some disk encryption software for additional protection of your key pair; most of this software can also be used to encrypt the whole OS. It is also worth noting that a technically skilled intruder having physical access to a turned-off computer could infect it, leaving no traces, by replacing the bootloader with an infected one (evil maid attack).

Keeping your key pair in a safer place
To increase the security of your secret key you may decide to store your key pair in a different location than the default directory chosen by GnuPG, which for Windows is C:\Documents and Settings\your_username\Application Data\GnuPG</tt> in the local computer. The easier solution is to keep the GnuPG files in an external USB drive, or an encrypted volume in the local hard disk. A more complex solution involves the use of a smart card.

External USB drive
First, mount the external drive and move there all GnuPG files (your keyring, the random seed file, and configuration files) that were contained in the default directory. Thunderbird must not be running while you move the files.

Then, you must tell GnuPG where the new location is, by passing the additional parameter --homedir new_location</tt> to the GnuPG executable. This is done directly inside the Enigmail configuration, via the menu command Enigmail → Preferences → Advanced, in the field Additional parameters for GnuPG.

Once you have done this, you can use Enigmail in the usual way. Remember to have your external drive mounted before running Enigmail or GnuPG.

Encrypted volume
Instead of an external drive, you may choose to store the GnuPG files on an encrypted virtual volume in the local hard disk (or even, for extra protection, on an encrypted virtual volume in an external drive itself).

There are several on-the-fly encryption programs available; however, a lot has changed during the last months, so that we cannot give a long standing recommendation.

The encrypted virtual volume will behave just like an external drive. Once you have installed the encryption program of your choice, created the encrypted virtual volume, and mounted it, do the necessary setup by following the same steps explained previously.

You also may want to use whole disk encryption, offered by most modern operating systems, such as Bitlocker on MS Windows, LUKS on Linux, or FileVault on Mac OS X.

OpenPGP card
Enigmail supports the OpenPGP card, a smart cart compatible with ISO standards 7816-4 and 7816-8. The figures below show front and back of an OpenPGP card:





OpenPGP cards are distributed by Kernel Concepts. It is also possible to obtain a OpenPGP card by becoming a Fellow of the Free Software Foundation Europe.

OpenPGP v2.0 cards feature three independent RSA keys, for signing, encryption, and authentication, of up to 4096 bits each. Some older gnupg versions might support shorter key lengths. The card is used to store the actual secret key. A secret key stub remains within the secret keyring so that gnupg knows about the key on the card and can prompt you to insert the card if it is needed and perform key operations.

The purpose of using a smart card is that the secrets it contains cannot be copied from the card. Therefore, as long as the card stays physically in your possession, you know that your secret key is safe.

There are two methods to initialize a card. Following the first method, the key is generated on-card, i.e. the card calculates the key using its built-in random generator; in this way the secret key never leaves the card. Otherwise, a standard RSA key can be generated in a safe environment, e.g. a clean Linux workstation not connected to any network and booted from a CD-ROM. The secret key is then moved to the card. This key can later be stored to another OpenPGP card if the original card gets lost or broken. However, the new card will have new signing and authentication keys.

For advanced users: the method that guarantees the maximum availability of the keys, at the expense of secrecy, is to create a compatible key. This is done by creating via the GnuPG command line (use the --expert</tt> flag) keys with distinct functionalities (1024-4096 bit, RSA only). These keys allow you to backup a fully functional key, for which no card is needed, which is helpful in case you revoke your card key but still want your mail archive to be readable.

You can also create a full clone of that key on another card if availability is vital. As long as you protect your original backup key appropriately, this allows you to leave your card in a system managed by someone else without the fear that your secret key could be stolen unnoticed. In fact, since the secret key cannot be copied from the card, the only way to pick up the key is to physically steal the card – which you'll notice.

From the menu item Enigmail → Manage SmartCard... you can access all smart card operations:
 * manage the user data (name, sex, language, login ID, URL of the public key) stored on the OpenPGP card;
 * generate a new key on-card;
 * change your PIN (123456 by default) and Admin PIN (12345678 by default).

Generating a new key on-card will overwrite the pre-existing key.

Remember to change your PIN and Admin-PIN before generating a new key. The PIN is not restricted to digits only but can be any combination of characters; choose strong PINs since they are the only protection to the secret key if the card is lost or stolen. However, bear in mind that non-numeric PINs cannot be entered on PIN-pad readers.

It is strongly recommended that you test to recover your secret keys (both your card and the key on your local computer) from a backup key and a blank card. If you have only one card available, you may still simulate the recover (v2.0 cards only) by resetting the card via the command

gpg-connect-agent < resetfile

where resetfile</tt> is an ASCII text file composed of the following lines:

/hex scd reset scd serialno undefined scd apdu 00 A4 04 00 06 D2 76 00 01 24 01 scd apdu 00 20 00 81 08 40 40 40 40 40 40 40 40 scd apdu 00 20 00 81 08 40 40 40 40 40 40 40 40 scd apdu 00 20 00 81 08 40 40 40 40 40 40 40 40 scd apdu 00 20 00 81 08 40 40 40 40 40 40 40 40 scd apdu 00 20 00 83 08 40 40 40 40 40 40 40 40 scd apdu 00 20 00 83 08 40 40 40 40 40 40 40 40 scd apdu 00 20 00 83 08 40 40 40 40 40 40 40 40 scd apdu 00 20 00 83 08 40 40 40 40 40 40 40 40 scd apdu 00 e6 00 00 scd reset scd serialno undefined scd apdu 00 A4 04 00 06 D2 76 00 01 24 01 scd apdu 00 44 00 00 /echo Card has been reset to factory defaults

Passphrase handling
There are basically two ways in which your passphrase can be handled. The first is the default, where Enigmail is keeping control and caches the passphrase itself. Enigmail automatically selects this method if it detects a GnuPG version 1.4.x. This method is sufficient if you only have one private key and therefore only one passphrase. However, it will get cumbersome if you own several private keys, as you never know for which key you're asked the passphrase. Here's an example of the Enigmail internal passphrase prompt:



Nowadays there's a much better alternative: GPG-agent.

Enigmail will (and must) use GPG-agent if it detects a GnuPG version greater than 2.0. GPG-agent is an independent passphrase handling software and part of the GnuPG 2.x package. It runs outside of Thunderbird/Enigmail and offers a lot of advantages:
 * Caching of passphrases for different keys
 * Protection of memory being swapped to disk
 * Common system for all applications requesting a passphrase

GPG-agent needs a software named pinentry providing the graphical dialog. There are different flavours of pinentry; their appearance differs slightly with the operating system (and, on Linux, with your X Window manager). The following image shows pinentry-mac (Mac OS X) asking for the passphrase:



The Setup Wizard on Windows and Mac OS automatically installs GnuPG 2.0.x, which uses GPG-agent.

On Linux, the installed versions by default differ, but virtually every distribution offers a GnuPG 2 package.

Enigmail 1.8 will be the last version that supports GnuPG 1.4.x. The next major release (1.9) will require GnuPG 2.x, so people are encouraged to upgrade to or additionally install GnuPG 2.x within the next months.

Key verification procedure
When you verify keys from other people, you should check that the key really belongs to the person which is named in the User ID. Therefore you should compare all data you find electronically on the key with the information you get from the person directly.

The following procedure is regarded as good practice:
 * 1) Meet the person face-to-face;
 * 2) Receive their fingerprint from them;
 * 3) Receive their email address(es) from them;
 * 4) See at least one form of government-issued identification (i.e. passport or ID card);
 * 5) Get the key from a keyserver or directly from the person;
 * 6) Verify that the email address(es) on their User ID(s) match the email address(es) they gave you;
 * 7) Verify that the fingerprint on their key matches the fingerprint they gave you.

Exchanging fingerprints can be made in form of paper or speech. You can exchange paper sheets or sit together, one reading the fingerprint, the other one comparing it on the display of his computer.

If you exchange papers, you should note on it that you've seen the government-issued identification, especially if you collect more than one sheets at one occasion.

There are organized events for exchanging keys: people come together for a so-called key signing party, usually on congresses about computer security or open source software.