RshqSJS/JqxSJ Hqfubswlrq - PowerPoint PPT Presentation

About This Presentation
Title:

RshqSJS/JqxSJ Hqfubswlrq

Description:

Certify keys. Revoke or disable keys. Tanner Lovelace Slide 15. Encryption ... Always generate a revocation certificate after creating a key! ... – PowerPoint PPT presentation

Number of Views:25
Avg rating:3.0/5.0
Slides: 31
Provided by: tannerl
Learn more at: https://trilug.org
Category:

less

Transcript and Presenter's Notes

Title: RshqSJS/JqxSJ Hqfubswlrq


1
RshqSJS/JqxSJ Hqfubswlrq
  • Wdqqhu Oryhodfh
  • Wuldqjoh Olqxa Xvhuv Jurxs
  • 11-Dsulo-2002

2
OpenPGP/GnuPG Encryption
  • Tanner Lovelace
  • Triangle Linux Users Group
  • 11-April-2002

3
What is Cryptography?
  • Cryptography
  • The science of using mathematics to encrypt and
    decrypt data.
  • A method of securely sending data over an
    insecure communications medium.
  • Cryptanalysis
  • The science of analyzing and breaking secure
    communications.
  • Cryptology is the combination of the two.

4
  • There are two kinds of cryptography in this
    world cryptography that will stop your kid
    sister from reading your files, and cryptography
    that will stop major governments from reading
    your files.
  • -- Bruce Schneier, Applied Cryptography

5
Why do you need cryptography?
  • Privacy
  • Keep communications secret
  • Integrity
  • Keep communications secure
  • Authentication
  • Know who youre communicating with
  • Nonrepudiation
  • A sender shouldnt be able to deny that they sent
    a message

6
Cryptography Background
  • Two main types of cryptography
  • Symmetric
  • Same key encrypts/decrypts
  • DES, AES, IDEA
  • Asymmetric
  • Different keys for encryption/decryption
  • Also called public key cryptography
  • RSA, Diffie-Hellman, ElGamal

7
Bits, bytes, and Key Lengths, oh my!
  • Which is better?
  • 128 bit keys?
  • 1024 bit keys?
  • Answer neither
  • Symmetric encryption is much faster than
    asymmetric
  • Asymmetric makes communicating with people you
    dont know much easier

8
How does encryption work?
9
How do I know this is secure?
  • Symmetric
  • The only way to decrypt without the key is to try
    all possible combinations.
  • With a 128 bit key, there are 2128 possible
    combinations
  • Comparison
  • Our sun should go nova in approximately 230 years
  • The universe is only 234 years old.
  • Asymmetric
  • You dont, but smart people think it is.

10
Not Secure?!? Whats up?
  • Asymmetric algorithms are built upon certain
    assumptions that have not been proved
  • Factoring large numbers
  • Computing discrete logrithms
  • These are similar to the P vs. NP problem in
    classical computer science
  • Which is why you hear the press talking about the
    possibility of codes being broken easily.

11
Public Key Algorithms
  • Diffie-Hellman (key exchange)
  • First public key algorithm published (1976)
  • Whitfield Diffie and Martin Hellman
  • Alice and Bob chose a large prime n and another
    number g.
  • Alice chooses a random large integer a and sends
    Bob X ga mod n.
  • Bob chooses a random large integer b and sends
    Alice Y gb mod n.
  • Alice computes k Ya mod n.
  • Bob computes k Xb mod n.
  • k and k are equal (gab mod n) and cannot be
    computed by someone watching the exchange!

12
Public Key Algorithms
  • RSA (Rivest, Shamir, and Adleman) 1977
  • Choose two random large prime numbers p and q.
  • Compute n pq.
  • Choose a number e such that e is between 1 and pq
    and e is relatively prime to (p 1)(q 1).
  • Compute d from e (d e-1 mod ((p-1)(q-1)))
  • Multiplicative inverse
  • To encrypt, calculate c me mod n.
  • To decrypt, calculate m cd mod n.

13
What is OpenPGP/GnuPG
  • Pretty Good Privacy
  • Encryption program written by Phill Zimmerman in
    1991.
  • Zimmerman was later criminally charged with
    releasing it on the Internet. (Charges were
    eventually dropped.)
  • OpenPGP
  • A standard for encrypted/signed messages.
  • RFC 2440, November 1998
  • Gnu Privacy Guard
  • An implementation of OpenPGP.
  • Does not use patented algorithms.

14
What can PGP/GnuPG do?
  • Encrypt / Decrypt
  • Messages
  • Files
  • Digital Signatures
  • Key management
  • Create secret and public keys
  • Manage a list of keys
  • Certify keys
  • Revoke or disable keys

15
Encryption
  • PGP uses multiple forms of encryption to encrypt
    different parts of a message
  • Symmetric encryption fast
  • Asymmetric encryption easy to distribute
  • Message is encrypted with a symmetric algorithm
  • Symmetric session key is encrypted with an
    asymmetric algorithm.
  • In addition, the message is compressed
    beforehand, just to remove redundancy that could
    help cryptanalysis.

16
Encryption
17
Encryption
  • To encrypt a file, you need to specify options
  • Recepient (can be yourself)
  • Binary or ascii mode
  • Output filename
  • Input filename
  • gpg -r UID-a o outname e file
  • Will also work with streams.

18
Decryption
  • Only need to specify the decrypt option
  • gpg -d file
  • Will prompt for pass phrase

19
Signature
  • Integrity
  • Message is hashed
  • Hash is encrypted with private key
  • Message can be hashed again to prove it hasnt
    changed.
  • Authentication
  • Hash can be decrypted with a public key
  • Proves that the private key was used to encrypt.
  • But not necessarily that a particular person
    encrypted the message. What?!?

20
Signature
  • Can be combined with encryption
  • Can be integrated or detached
  • gpg a --signfile
  • gpg a --detach-signfile
  • Detached signatures are useful for signing binary
    packages.
  • Used with rpm (--addsign and resign options)

21
Key Management
  • Session keys
  • Created at use
  • Only used once
  • Need a very good source of randomness
  • Asymmetric keys
  • GPG allows you to create and manage
  • Public portion of key can be published

22
Web of Trust
  • How do you know what keys to trust?
  • You can only physically check a finite number of
    keys
  • PGP allows you to sign someone elses key.
  • Done when you have verified that a key is valid.
  • Allows you to accept the validity of a key of
    someone youve never met.
  • If Alice trusts Bob and Bob trusts Charles, then
    Alice can also trust Charles.

23
Web of Trust
24
GPG Key Creation
  • gpg --gen-key
  • Generates a public/private key pair.
  • Because of the RSA patent, it defaults to using
    DH/ElGamal (Discrete Logorithm Problem)
  • Choose a key length (use at least 1024 bits)
  • User data (name, e-mail)
  • Pass phrase

25
Key revocation
  • Always generate a revocation certificate after
    creating a key!
  • If you lose your pass phrase, will allow you to
    cancel your key.
  • gpg --gen-revoke UID
  • Need the pass phrase (to get to the secret key)

26
Key functions
  • List keys and signatures
  • gpg --list-keys
  • gpg --list-sigs
  • gpg --fingerprint
  • Import
  • gpg --import filename
  • Export
  • gpg --export UID
  • By default export is binary. Use -a to do
    ascii-armor.

27
Key servers
  • You could exchange keys by e-mail or web page,
    but there is a better way.
  • PGP and GnuPG support a remote key server
  • Send
  • gpg --keyserver ks --send-key UID
  • Receive
  • gpg --keyserver ks --recv-key UID
  • Default key server can be put in options file.
  • If default server set, gpg will automatically
    look there for new keys.

28
Key signing
  • ONLY SIGN A KEY WHEN YOU ARE ABSOLUTELY SURE IT
    IS AUTHENTIC!!!
  • Use the edit key function
  • gpg --edit-key UID
  • Will bring up a command prompt
  • Can sign, revoke, change trust, delete, etc
  • gtsign
  • Make sure you send the newly signed key to a key
    server.

29
Conclusion
  • GPG is a tool you can use to improve
    communication security.
  • Dont consider it an end result, but a link in a
    chain.
  • It is integrated into a few packages, but the
    interface could be better
  • Barrier to use
  • Better when used all the time.

30
References
  • Garfinkel, Simson, PGP, Pretty Good Privacy,
    1995, OReilly Associates.
  • Schneier, Bruce, Applied Cryptography, 1996,
    Wiley.
  • Various crypto links
  • http//www.x5.net/faqs/crypto/
  • http//www.pgpi.org/doc/guide/6.5/en/intro/
  • http//www.dewinter.com/gnupg_howto/english/GPGMin
    iHowto-1.html
  • http//www.mcc.ac.uk/cos/security/PGP_why_and_how.
    html
  • http//www.wired.com/wired/archive/people/whitfiel
    d_diffie/
  • http//www.iae.nsk.su/pages/CRYPTO/rsafaq.html
  • http//www.philzimmermann.com/
  • http//www.openpgp.org/
  • http//www.gnupg.org/
Write a Comment
User Comments (0)
About PowerShow.com