Choosing a PGP implementation to verify with
There are a lot of PGP implementations out there and they are not all the same. PGP is a sophisticated and complex standard and it is difficult to write proper cryptographic code that implements the standard.
There are several possible issues you need to keep in mind if you want to verify a PGP signature with a high degree of confidence. One of the most unintuitive ways that a signature can appear legitimate when it really isn't is by malforming a message in various ways. A proper implementation will let you know by printing a warning, whereas a faulty or imprecise implementation will glance over the manipulation.
On this wiki, we urge you to use the GnuPG implementation of PGP. It is free software, has a long track record of reliability and can be inspected by the general public. Other implementations may not have received as much code review and are therefore more likely to contain overlooked flaws.
We further urge you to use the command line version of GnuPG if possible. It is known that Frontends like Kleopatra glance over signs of manipulated signatures and won't let you know. They are not suited for giving you all the information there is - they either ignore warnings or don't display them. It is currently believed that GnuPG detects a malformed message reliably and warns you accordingly. You should not glance over a warning but take it serious.
There are some parts of a PGP clearsigned message that do not invalidate the signature. For example, you can change the version header if one is present without the signature invalidating.
Windows: Verifying PGP Signatures with Kleopatra (gpg4win)
Here's a quick guide for windows users who are new to PGP signature verification. This is very important for this puzzle, if you intend to join the solvers this year, you owe it to them to learn this process. Cicada 3301 will always provide a PGP signature to verify the authenticity of their messages. Assume that any message without a signature is fake!
1. Download and install gpg4win:
- The UI client for gpg4win is called Kleopatra. Open Kleopatra.
2. Add the MIT keyserver to your list of directory services.
- Go to Settings>Configure Kleopatra.
- Top of configure window should read "Configuration of directory services"
- Click "new" at the top-right corner of the config window. A default server should appear in your list of directory services.
-Change server name to 'pgp.mit.edu'. Ensure that "scheme" is set to 'hkp', and make sure that the box under "OpenPGP" is checked.
- Change the "server port" value to '11371', if it is not already set.
- Click "apply" and "OK"
3. Import the Cicada 3301 PGP certificate to your keychain in Kleopatra.
-On the main window in Kleopatra, click the button in the top-right corner labeled "Lookup Certificates on Server". This button has a binocular logo next to it.
- This will open a window titled "Certificate Server Certificate Lookup". The key-id for Cicada 3301's certificate is 7A35090F, and we'll need to add the '0x' prefix when searching for this certificate.
- In the "Find:" search bar, type '0x7A35090F" and click "search".
There is fake key on server with same date of creation and same short fingerprint ID. Make sure you import correct one: https://pgp.mit.edu/pks/lookup?op=vindex&search=0x181F01E57A35090F
-Pop-up window should read "Hex-string search - kleopatra", with a warning about some searches requiring a "0x" prefix. Click OK.
- Under name, you should now see "Cicada 3301 (845145127)" This is Cicada's PGP key. Highlight the key and click "Import"
- Click "OK" on the next pop-up window. You should now have a Cicada 3301 certificate in your keychain.
- Be careful at importing keys. Always check full 20 bytes key fingerprint. Short and long key IDs can be faked (with Scallion, Shallot, eSchallot)
https://evil32.com/ ^ Evil 32: Check Your GPG Fingerprints ^
https://twitter.com/bcrypt/status/765615853488316416 ^ yan on Twitter: "Nice! Someone faked my PGP short key ID and even signed it with faked key IDs that match those of my key signers. ^
https://twitter.com/isislovecruft/status/765660802120638464 ^ isis agora lovecruft on Twitter: ""Just config #gnupg to use long keyids and it's all good!" Nope, those are dead too, cf. @coruus' KeySteak attack: Link
4. Create a personal PGP key pair
Note: In this step you will use a personal email address to create a PGP certificate for yourself. I recommend creating an anonymous email address specifically for this puzzle, do not use your personal email address for this step.
- Go to File>New Certificate
- Select "Create a personal OpenPGP key pair"
- Input a name and email address for your PGP certificate. I recommend using a fake name and anonymous email address for this puzzle. Click Next>
- Click "Create Key"
- A pop-up window will ask you to create a unique passkey. Make it secure, ensure that the quality meter reads 100%. Click next and enter your passkey again.
- You now have a personal PGP key pair! You can now use your key pair to trust other PGP certificates.
5. Increase Owner Trust for Cicada 3301 PGP Certificate
- Back at the Kleopatra main window, right-click the Cicada 3301 key and select "Change Owner Trust",
- In the Change Owner Trust window, select either "I believe checks are casual (marginal trust)" or "I believe checks are very accurate (full trust)". There is no harm in giving full trust to this certificate.
- Click OK.
6. Certify Cicada 3301 Key for Yourself
- Main window again, right-click the Cicada 3301 certificate and select "Certify Certificate"
- Check the box under Step 1, next to "Cicada 3301 (845145127)"
- Check the box next to "I have verified the fingerprint". Click next.
- The Step 2 window displays your personal certificate. Again, make sure that you are using an anonymous key pair.
- Make sure that "Certify only for myself" is the selected option! The other option will publicly sign Cicada's key with your certificate, making it available to the entire world. See the list of email addresses and keys under Cicada's certificate at http://pgp.mit.edu:11371/pks/lookup?op=vindex&search=0x181F01E57A35090F? If you choose the other option your keypair may appear in this list, and emails in this list reportedly receive a lot of spam from time to time.
- Click "Certify"
- Click "Finish"
7. Verify PGP signatures with Kleopatra.
- You're now set to verify signatures against Cicada 3301's PGP certificate. Cicada will include a signature with every message, which is used to verify that the message is in fact from Cicada 3301. Here's how to verify a signature using Kleopatra.
- Copy the full text of the message to your clipboard. A signed message will start with "-----BEGIN PGP SIGNED MESSAGE-----" and end with "-----END PGP SIGNATURE-----" You must include the header and footer when you copy the message to your clipboard.
- At the top-right corner of the main Kleopatra menu, click the button which says "Clipboard". It has a picture of a clipboard next to it.
- If you copied the message correctly, you should be able to click "Decrypt/Verify". If you did not copy the message correctly, this option will be greyed out.
- Click "Decrypt/Verify"
-A window should pop-up which says "Decrypt/Verify Email". It will automatically check the signature in your clipboard against the certificates in your keychain.
- If this signature is from Cicada, then the window will read "Clipboard contents --> Clipboard: Signed by Cicada 3301 (845145127)", and this text will be highlighted in green to indicate a good verification. Any other output means that the signature DID NOT ORIGINATE FROM CICADA 3301, and is therefore not a legitimate message from Cicada.
If you did all this correctly, you should now be equipped to verify PGP-signed messages which claim to be from Cicada 3301. I recommend testing your setup against messages which are known to be from Cicada 3301. Here is a sample message which you can use, actually the first PGP-signed message that Cicada gave us in 2012:
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - From here on out, we will cryptographically sign all messages with this key. It is available on the mit keyservers. Key ID 7A35090F, as posted in a2e7j6ic78h0j. Patience is a virtue. Good luck. 3301 -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.11 (GNU/Linux) iQIcBAEBAgAGBQJPBRz7AAoJEBgfAeV6NQkP1UIQALFcO8DyZkecTK5pAIcGez7k ewjGBoCfjfO2NlRROuQm5CteXiH3Te5G+5ebsdRmGWVcah8QzN4UjxpKcTQRPB9e /ehVI5BiBJq8GlOnaSRZpzsYobwKH6Jy6haAr3kPFK1lOXXyHSiNnQbydGw9BFRI fSr//DY86BUILE8sGJR6FA8Vzjiifcv6mmXkk3ICrT8z0qY7m/wFOYjgiSohvYpg x5biG6TBwxfmXQOaITdO5rO8+4mtLnP//qN7E9zjTYj4Z4gBhdf6hPSuOqjh1s+6 /C6IehRChpx8gwpdhIlNf1coz/ZiggPiqdj75Tyqg88lEr66fVVB2d7PGObSyYSp HJl8llrt8Gnk1UaZUS6/eCjnBniV/BLfZPVD2VFKH2Vvvty8sL+S8hCxsuLCjydh skpshcjMVV9xPIEYzwSEaqBq0ZMdNFEPxJzC0XISlWSfxROm85r3NYvbrx9lwVbP mUpLKFn8ZcMbf7UX18frgOtujmqqUvDQ2dQhmCUywPdtsKHFLc1xIqdrnRWUS3CD eejUzGYDB5lSflujTjLPgGvtlCBW5ap00cfIHUZPOzmJWoEzgFgdNc9iIkcUUlke e2WbYwCCuwSlLsdQRMA//PJN+a1h2ZMSzzMbZsr/YXQDUWvEaYI8MckmXEkZmDoA RL0xkbHEFVGBmoMPVzeC =fRcg -----END PGP SIGNATURE-----
This message is 100% verified, so if you don't get a good verification for this signature, then something isn't set up right.
If you'd like, at this point you can use Kleopatra to set up your >own PGP certificate and to generate your own PGP signatures. Go to File>New Certificate and follow the wizard. I recommend you make a unique email and PGP key for this puzzle, to keep your personal identity secure. Do not use your personal email for this certificate!