Last week, during USENIX’s first Enigma conference, EFF hosted a small Capture the Flag hacking competition. I designed one of the challenges myself, entitled Usable Crypto. It requires you to use PGP as an attacker rather than a defender. It’s on the easy side, as far as CTF challenges go, and I think many people who have absolutely no hacking skills but some fumbling-around-with-PGP skills could beat it without too much trouble. And it might even demonstrate why verifying fingerprints really is rather important.
If you’d like to give it a go, it’s live at https://usable-crypto.ctf.micahflee.com/. The plot for Enigma’s CTF was loosely based off of Cory Doctorow’s novel Little Brother. You’re an X-NET hacker fighting the surveillance state’s Department of National Security. You win when you capture the flag, which is a string of text that starts with “FLAG_” (but please don’t post it in the comments).
I made a script to generate PGP keys and output it’s public key to the clipboard to save me some time 🙂
#! /bin/bash
rm key.pub
rm key.sec
echo ‘deleted old keys’
cat > gpgparams <<EOF
Key-Type: RSA
Key-Length: 2048
Key-Usage: encrypt
Subkey-Type: RSA
Subkey-Length: 2048
Name-Real: Dept of National Security Agent
Name-Email: agent@dns.spy
Expire-Date: 7
%pubring key.pub
%secring key.sec
EOF
echo 'Generating key..'
gpg –gen-key –armor –batch gpgparams
echo 'Done'
cat key.pub | xclip -selection clipboard
echo 'pub key copied to clipboard!'