Gnu Privacy Guard - PowerPoint PPT Presentation

1 / 18
About This Presentation
Title:

Gnu Privacy Guard

Description:

Thus only the recipient can decrypt it. Pretty Good Privacy and ... Check the Key's information (including the key fingerprint) Public Key Infrastructure (PKI) ... – PowerPoint PPT presentation

Number of Views:129
Avg rating:3.0/5.0
Slides: 19
Provided by: david2890
Category:

less

Transcript and Presenter's Notes

Title: Gnu Privacy Guard


1
Gnu Privacy Guard
  • CSE 539
  • 1/28/2003
  • Austin Godber
  • godber_at_asu.edu

2
Introduction
  • Concepts you may encounter in this class
  • Encryption
  • Symmetric Key Cryptography Schneier Ch. 12-14
  • Asymmetric Key Cryptography Sch. Ch. 19-20
  • One Way Hash Functions Sch. Ch. 18
  • Digital Signatures Sch. Ch. 20
  • Pseudo Random Number Generation Sch. Ch. 17

3
Theory
  • Symmetric Key Cryptography
  • Both parties share the same key, same key is used
    to encrypt and decrypt.
  • Algorithms DES, 3DES, IDEA, Blowfish, AES
    (Rijndael)
  • Based on many rounds of modification of blocks of
    data.
  • Capable of (confidentiality, authentication)
  • Problems Key Distribution

4
Theory
  • Asymmetric Key Cryptography (Public Key)
  • Each party has a pair of keys. One is made
    public and one is kept private. Public key is
    used to encrypt, private key is used to decrypt.
  • Algorithms - RSA, Diffie-Hellman, Elliptic Curves
  • Based on large prime numbers and modular
    exponentiation. Number Theory anyone?
  • Capable of (confidentiality, authentication)
  • Encrypt
  • Decrypt
  • Sign
  • Problems - Much Slower than Symmetric
    Cryptosystems (1000 times for equivalent security)

5
Theory
  • Hybrid
  • Symmetric ciphers have key distribution problems
  • Asymmetric have speed problems, but greatly
    simplified key distribution
  • A hybrid system uses both
  • A message is encrypted with a symmetric session
    key, this session key is then encrypted with the
    recipients public key. Thus only the recipient
    can decrypt it.

6
Pretty Good Privacy and Gnu Privacy Guard
  • Pretty Good Privacy
  • Philip Zimmerman
  • Released in 1991
  • 3 year criminal investigation was eventually
    dropped
  • Gnu Privacy Guard
  • Open source
  • OpenPGP compliant (RFC 2440)

7
GPG Overview
  • Create Key and Key Revocation Certificate
  • Share/Verify Keys
  • Web Page
  • Key Server
  • Finger Information (.plan)
  • Use Keys
  • Issue Revocation Certificate, or Key Expires

8
Trust
  • Key Verification
  • Verify Key owners Identity (harder than it
    sounds)
  • Check the Keys information (including the key
    fingerprint)
  • Public Key Infrastructure (PKI)
  • Web Of Trust (PGP uses this)
  • Key Ring Trust Fields
  • Key Legitimacy Field
  • Signature Trust Field
  • Owner Trust Field

9
Key Revocation
  • Keys may expire
  • A key should have at most a several year
    lifetime.
  • Keys may need to be revoked
  • Making a revocation certificate requires the
    private key so be sure you create it BEFORE you
    loose your key and need it!

10
GPG Command Line Usage
  • Key Generation
  • gpg --gen-key
  • Key Server Submission
  • gpg --keyserver ltkeyservergt --send-key
    ltYour_Key_IDgt
  • Key Management
  • gpg --list-keys
  • gpg --list-secret-keys
  • gpg --edit-key C01BAFC3
  • sec 1024D/C01BAFC3 2000-09-21 Demo User
    ltdemo_at_nonexistent.nowhere
  • ssb 2048g/7A4087F3 2000-09-21
  • gpg --edit-key C01BAFC3

11
GPG Command Line Usage
  • Encrypting
  • Symmetric
  • Hybrid
  • gpg e FILENAME
  • gpg r RECIPIENT ae FILENAME
  • Decrypting
  • gpg d ENCRYPTED-FILENAME
  • Signing
  • Key
  • gpg --keyserver ltkeyservergt --recv-keys
    ltKey_IDgt
  • gpg --fingerprint ltKey_IDgt
  • gpg --sign-key ltKey_IDgt

12
GPG Options File
  • File is
  • ./.gnupg/options
  • Can set defaults
  • Keyserver
  • Default private key
  • Trust policies
  • Many other options

13
GPG Incorporating Into Clients
  • Mail User Agents
  • Mutt, Pine, Kmail, exmh, EMACS, Outlook, Eudora
  • Other Front Ends
  • GNOME, tk, Windows, kgpg
  • IM Clients
  • For GAIM I was wrong, there are none, but see
    BLAIM (Blowfish Plugin for GAIM) or proxide
  • ICQ Miranda ICQ
  • See the Front Ends page

14
GPG Incorporating into MUTT
  • Possibly your scenario
  • You receive email on an ASU IMAP server
  • You typically use a Linux box that you trust
  • You could configure Mutt to connect to the IMAP
    server and use GPG
  • How? The .muttrc file (GPG MUTT)
  • set imap_userUSERNAME
  • set imap_checkinterval60
  • set spoolfileimap1.asu.eduinbox
  • set pgp_autosignyes

15
GPG Incorporating Into MUTT
  • Latest Version of MUTT includes everything you
    need
  • The last screen right before you actually commit
    to sending the mail you can hit the letter p
    and it will present you with options
  • Warning, MUTT caches your passphrase (depending
    on config), you can force it to forget with CTRL-f

16
Compatability
  • Check the PGPGPG HOWTO
  • Encrypting TO a user of PGP 5.0
  • Decrypting with a PGP DSS/Diffie-Hellman key

17
Other Uses
  • Encrypt personal email
  • Encrypt files
  • Sign email
  • Sign source code or binary packages

18
Resources
  • See the supplemental web page -
    http//www.public.asu.edu/auasg/gpg/
  • GPG (NIX, Windows, OS X) - http//www.gnupg.org/
  • PGP Freeware 8.0 (Windows, Mac)
    http//www.pgp.com/
  • RFC 2440 http//www.ietf.org/rfc/rfc2440.txt
Write a Comment
User Comments (0)
About PowerShow.com