Pretty Good Privacy PGP - PowerPoint PPT Presentation

1 / 6
About This Presentation
Title:

Pretty Good Privacy PGP

Description:

Each user issues and manages his certificate. ... Design Issues ... B also sends to C A's certificate after adding his signature (signed hash) ... – PowerPoint PPT presentation

Number of Views:57
Avg rating:3.0/5.0
Slides: 7
Provided by: csU68
Category:

less

Transcript and Presenter's Notes

Title: Pretty Good Privacy PGP


1
Pretty Good Privacy (PGP)
  • Designed to serve individuals rather than big
    organizations.
  • Much less bureaucratic in management.
  • Does not use any CA.
  • Each user issues and manages his certificate.
  • //does not mean PGP certificates are less
    trustworthy//
  • //PGP cryptographic methods and keys are as
    strong as those of X.509//
  • ltgtSimply means PGP-based PKIs dont have a
    central controlling authority.

2
Difference with X.509
  • Users create and sign their own certificate.
  • //in X.509, a CA does that.//
  • In PGP, a digital certificate can be signed by
    multiple users. (to add trustworthiness)
  • //in X.509, only one signer exists.//
  • ltgt Signing can be done with a hash function.

3
Design Issues
  • When A is sending his signature to B, some
    intruder can intercept As message and put his
    own message that contains a forged signature.
  • Issue How does B verify that it is the valid
    certificate of A.
  • ltgt It is easy to impersonate a user.

4
Building Trust
  • A difficult problem (there is no central trusted
    authority.)
  • In one version of PGP, B makes a phone call to A
    to confirm the received public key.
  • gtgt requires As phone number
  • gtgt voice recognition
  • gtgt Can be time consuming.

5
Building Trust
  • PGP empowers a users to verify the
    trustworthiness of another users certificate.
  • Example B can be given the task of verifying
  • As signature to other users.
  • B sends to C his self-signed certificate.
  • B also sends to C As certificate after adding
    his signature (signed hash).
  • C can verify the signature on phone with B. //man
    in the middle attack possible.//
  • ltgt If C trusts B, it will trust As signatures.

6
Web of Trust
  • If a user D trusts C, he can obtain As signature
    from him (C).
  • C sends D his certificate and As certificate
    that contains Ds signature (signed hash).
  • ltgt Now the As certificate contains three
    signatures A, B, and C.
  • ltgt D might like to verify Bs signatures on it.
  • gtgt Web of trust is distributed in PGP.
  • gtgt Web of trust is centralized in X.509.
  • //emanates from the CA.//
Write a Comment
User Comments (0)
About PowerShow.com