Your PGP keyring contains public keys that claim to represent someone you know. Getting those keys there is easy: using the keyserver network, they can be downloaded right from your PGP client! Lots of people publish their keys on their website as well. But how do you know for sure that a certain key really represents a certain person? I could create a public key using your name and e-mail address, nobody keeps me from doing that.
Signing public keys
The GPG software allows you to sign other public keys, similar to how you can sign messages or basically any kind of data. Signing a public key however, has a special meaning. You declare that that, according to you, the key you’ve signed is real and really represents the listed person or organisation.
There are four signature levels:
- Level 0 signature: no indication. This is the default level and is usually used by people who don’t know or don’t care about signature levels. A lot of people don’t specify the signature level when they sign public keys, so there is no reason to discard these right away.
- Level 1 signature: personal belief but no verification. As the name says this level is used when someone signs a key but was unable to verify the identity. Used for nicknames, most of the time, as you can’t really prove the identity behind a pseudonym. Be careful when you encounter a level 1 signature on a key with a full name and e-mail address. These levels have to be specified manually, if someone changes it to level 1, it might be for a reason.
- Level 2 signature: casual verification: These signatures usually mean that people have met and checked identification, but didn’t know eachother upfront.
- Level 3 signature: extensive verification: The level used when the signer was absolutely sure that the listed name is correct. Usually this means that they have known eachother in person for years and have checked government issues identification.
Note that this is the theory. The signature level names (indicated above) are listed in the GPG documentation. The explanation of these levels is unclear and usually very personal. People use them in different ways, and some even have a webpage explaining what their levels mean. And then there’s the huge group that only uses level 0 signatures. So in the end, they’re just a vague indication.
If you are able to verify the owner of a public key, sign their public key. Most graphical frontends for PGP have an easy way to do this, the command below signs a key using the command line:
$ gpg --sign-key <name>
But why are these signatures important?
Introducing the Web of Trust
You can’t know everyone, that’s just impossible. I am aware that some people claim to have thousands of friends on social networks, but seriously? However, the people that you know may overlap with the ones I know. What is the easiest solution when you need someone’s phone number but have no means to communicate? Ask a mutual friend! And that’s how the Web of Trust works.
Let’s say that you have a personal friend Alice and want to send an encrypted message to Bob. You met Bob on an online message board and don’t know him in person. You could ask Bob to verify the fingerprint of his public key, but someone might be tampering with the connection. It’s possible to verify the identity of an internet stranger without meeting him, but it’s pretty hard.
Fortunately Alice knows Bob in person, and we are able to verify Alice’s key as we can meet her. We could use encrypted and signed communication to ask Alice if the key we have for Bob is correct. But if Alice has signed Bob’s key, we don’t even have to talk to her! As we trust Alice and her signatures, we are assured that Bob’s key is correct.
You --> Alice --> Bob
The more keys you sign and the more people sign yours, the easier it becomes to identify the correct public keys for other people. So when you meet someone that uses PGP, attempt to sign each other’s keys. And never sign a key if you are not sure about the person’s identity. The strength of the web of trust is your responsibility.
Similar to signature levels, PGP also has a concept called trust levels. You can assign trust to keys in your keyring. This level indicates how much you trust a person’s ability to sign other keys.
There are 5 levels:
- Unknown: The default level for keys.
- None: These signatures are ignored completely when calculating the web of trust. Use this when you think someone is not able to make trustworthy signatures.
- Marginal: You have marginal trust in the owner of this key, but don’t believe them if they’re the only one signing a key. Their signatures are accepted if multiple marginally trusted keys sign the same public key. This level will probably be used the most in your keyring.
- Full: You trust the owner of this key completely. When this person signs a public key, the software trusts that signature as if you have signed it yourself.
- Ultimate: Use this level for your own keys.
To modify the trust level of a key using the command line, edit keys in interactive mode and use the
$ gpg –edit-key <name> trust
Combine these levels with the Web of Trust, and you have a way to select the correct public key for people around the world.
As you know by now, the strength of the web of trust depends on the number of signatures. Arranging to meet with people one by one takes a lot of time and may be costly, as transportation is not free. That’s why people organise keysigning parties. Don’t get your hopes up, they’re not as fun as they sound.
During these parties people verify each other’s keys. Some of these are pretty well organised and require you to register upfront, they then publish an easy to use list of participants and their fingerprints. Smaller parties may require you to bring printed fingerprints yourself. While it may get boring after a while, especially when there are a lot of participants, it’s a great time to talk to security-minded people too!
Just a note.. In case you really want to sign a key that you can’t verify, use local signing. This works the same, but indicates that the signature shouldn’t be shared with others. Local signatures never leave your own keyring and thus don’t influence the Web of Trust.
$ gpg -lsign-key <name>