ProCheckUp Labs
Welcome to ProCheckUp Labs, the blog from Procheckup
Recovering passphrases of PGP private keys
on 20/08/2008 by Adrián Pastor with 1 comments
Contrary to popular belief, password cracking is not an activity only performed by criminals such as crackers.
Password cracking, AKA password recovery or password auditing, is a must-have skill for both penetration testers and computer forensic specialists.
Quite often I get asked, "can someone brute-force my PGP private key?". The answer is of course: yes! Unlocking a private key by entering a passphrase is a local process, which occurs on the user's computer. In other words, there is no need to perform a network connection with any server. Therefore, we won't come across anti password cracking protections such as account lockout policies. i.e.: a user account is locked-out after 5 invalid password attempts.
Brute-forcing the passphrase of a PGP private key is relatively easy. All we need to do is try different words until we manage to perform decryption successfully. Even though private keys are supposed to be protected with passphrases rather than passwords, people still opt to choose dictionary words. In fact, protecting a PGP private key with a passphrase is completely optional. My advice is of course to always use long and non-predictable passphrases in order to protect your private PGP key. If the passphrase was successfully cracked, an intruder could manage to read your emails and even encrypted files provided that you also use PGP for file storage. Only by setting complex passphrases you can protect yourself against the attack described bellow.
There are different approaches to writing a tool that allows you to brute-force the passphrase of a PGP private key. You could write the tool in C which relies on the GnuPG Made Easy library. In my case, I decided to write a bash script called gpgpwn, which wraps around the GPG command-line tool.
The beauty of command-line tools is that they can be scripted, thus there is no need to write software that performs all the desired functionalites from scratch.
Once you have imported the secret/public key pair of the target account, gpgpwn will read files from a wordlist provided by the users. The following logic is used to detect if a valid password has been found:
Password cracking, AKA password recovery or password auditing, is a must-have skill for both penetration testers and computer forensic specialists.
Quite often I get asked, "can someone brute-force my PGP private key?". The answer is of course: yes! Unlocking a private key by entering a passphrase is a local process, which occurs on the user's computer. In other words, there is no need to perform a network connection with any server. Therefore, we won't come across anti password cracking protections such as account lockout policies. i.e.: a user account is locked-out after 5 invalid password attempts.
Brute-forcing the passphrase of a PGP private key is relatively easy. All we need to do is try different words until we manage to perform decryption successfully. Even though private keys are supposed to be protected with passphrases rather than passwords, people still opt to choose dictionary words. In fact, protecting a PGP private key with a passphrase is completely optional. My advice is of course to always use long and non-predictable passphrases in order to protect your private PGP key. If the passphrase was successfully cracked, an intruder could manage to read your emails and even encrypted files provided that you also use PGP for file storage. Only by setting complex passphrases you can protect yourself against the attack described bellow.
There are different approaches to writing a tool that allows you to brute-force the passphrase of a PGP private key. You could write the tool in C which relies on the GnuPG Made Easy library. In my case, I decided to write a bash script called gpgpwn, which wraps around the GPG command-line tool.
The beauty of command-line tools is that they can be scripted, thus there is no need to write software that performs all the desired functionalites from scratch.
Once you have imported the secret/public key pair of the target account, gpgpwn will read files from a wordlist provided by the users. The following logic is used to detect if a valid password has been found:
- Encrypt a dummy text file using the target account's public key
- For each password read try decrypting the dummy file using the target account's private key
- If GPG creates a file with the same name as the dummy file but '.gpg' extension, then we know we found a valid password!
- You must have GPG installed on your system
- You must import the secret/public key pair of the target account to GPG. i.e.: the key pair must appear when typing gpg --list-keys
ap@pcu:~$ ./gpgpwn.sh
usage: gpgpwn.sh <html> <>
uid: as shown by 'gpg --list-keys'
wordlist: file containing words/phrases to brute-force
i.e.: ./gpgpwn.sh "John Smith <jsmith@company.foo>" ./words.txt</jsmith@company.foo>
this entry has 1 comments
on 03/12/2008
said...
The link to gpgpwn is broken. Where can I download this? Thanks.