Creating a vanity GPG key

I had decided a while back that I should generate a new keypair, as I’m still using an old 1024-bit DSA key, and it’s been recommended to migrate to a stronger RSA key for several years now (In fact,many key-migration tutorials date back to 2009, in response to an announced attack vector against SHA-1). Yes, I decided a while back… but never actually did it.

You see, there was a small problem: it had taken me a while to remember my key-ID. That arcane annoying random 8-digit sequence that is part of the fingerprint for every GPG key. It’s not globally unique, but it’s unique-enough to be useful. Mine is 04edc4b1.

I was determined to have something more memorable, or at least slightly more geeky (because having a GPG key honestly just isn’t geeky enough.)

Someone else had the idea of creating a vanity key-ID, too, but he was trying to create a specific key. His method for generating them is private, and I didn’t feel like reaching out to find out what it was, which meant rolling my own.

Since I wasn’t looking for a specific key, but just for something memorable and interesting, I didn’t have to create a collision scenario. I just had to create a bunch of keys, and filter them for “interestingness.”

    1. Create a new user (so as not to accidentally interfere with my own keyring/keys)
    2. Create an GPG autogen script. (Security: be sure to chmod 600, so there’s no chance of anyone reading it)
    3. Launch multiple instances of gpg –gen-key.
    4. Since I have 6-cores, I opted to run 7 gpg instances. I also had them sleep 2s between runs, because after they keyring started getting too large (around 6-hours), the instances had to wait for each other to clear the locks. This also gave the entropy pool a little relief.
    5. while true; do gpg --quiet --no-verbose --gen-key --batch autogen; sleep 2; done
    6. Script up some filters to find interesting patterns I’d like to have
      • All sequentially increasing
      • echo $key | sed "s/\(.\)/\1 /g" | while read -a i; do if [ "${i[0]}" \> "${i[1]}" -a "${i[1]}" \> "${i[2]}" -a "${i[2]}" \> "${i[3]}" -a "${i[3]}" \> "${i[4]}"  -a "${i[4]}" \> "${i[5]}" -a "${i[5]}" \> "${i[6]}" -a "${i[6]}" \> "${i[7]}" ]; then echo "01 - increasing ${i[0]}${i[1]}${i[2]}${i[3]}${i[4]}${i[5]}${i[6]}${i[7]}";fi; done
      • All characters are letters (or numbers)
      • Anything with 5 or more of the same character
      • Anything with 4 of the same character adjacent
      • Anything with a known word (deadbeef, anyone? List taken from /usr/share/dict/words)
      • Memorable numbers (pi, tau, e, phi, Avogadro, etc)

After a while, I had generated 39 keys that I deemed memorable or worth saving. The highlights:

  • 3A6666A3 – Palindrome
  • 691ADDED – Word
  • 72727212 – Pattern, All Numbers
  • B42B02B4 – (before) to be, or naught to be (fore), Also 42

I’m still not sure which one I’ll end up using, but I thought these were the best of the bunch.

Tags: , , , ,

Comments are closed.