1 / 14

Public Key Infrastructures – PGP vs. X.509

Seminar Advanced Communication Services (ACS), 2005 Mentor: Dr.-Ing. S. Rupp. Public Key Infrastructures – PGP vs. X.509. Natasa Prohic Instutute of Communication Networks and Computer Engineering University of Stuttgart. Content. Motivation for Public Key Infrastructure

havard
Télécharger la présentation

Public Key Infrastructures – PGP vs. X.509

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Seminar Advanced Communication Services (ACS), 2005 Mentor: Dr.-Ing. S. Rupp Public Key Infrastructures – PGP vs. X.509 Natasa Prohic Instutute of Communication Networks and Computer Engineering University of Stuttgart

  2. Content • Motivation for Public Key Infrastructure • Symmetric and Asymmetric Encryption • Digital Signatures • Public Key Certificate • X.509 • Certficate • Network of Trust • Secure Sockets Layer (SSL) • PGP • Certificate • Web of Trust • GNU Privacy Project (GnuPP) • Comparison • Conclusion Natasa Prohic

  3. secret key encryption decryption plaintext ciphertext plaintext Motivation for Public Key InfrastructureSymmetric and Asymmetric Encryption • Services that provide confidentiality, integrity, authentication and non-repudiation • Symmetric and asymmetric encryption Key distribution? public key private key encryption decryption plaintext ciphertext plaintext Natasa Prohic

  4. Motivation for Public Key InfrastructureDigtal Signature • Usage of public key encryption system Sender Sender‘s private key M h S hash function encryption Receiver Sender‘s public key M h‘‘ h S verify hash function decryption Natasa Prohic

  5. Motivation for Public Key InfrastructurePublic Key Certificate “man-in-the-middle” • Public Key Certificate binds the entity and its public key by digital signature of Trusted Third Person (TTP) • Certification Path for verifying the sender’s certificate • Public Key Infrastructures facilitate generation, distribution and administration of public key certificates Natasa Prohic

  6. DN = Natasa Prohic X.509Certificate • ITU-T recommendation owner’s public key version of X.509 standard certificate serial number certificate issuer’s name signature algorithm identifier validity period owner’s unique name (DN) public key information extensions (e.g. domain name) digital signature of issuer Natasa Prohic

  7. Root CA CA CA CA CA Alice user user user user user user Bob Root CA CA CA CA CA CA CA Alice user user user user user user Bob X.509Network of trust • Certification Authority (CA) issues certificates • Registration Authority (RA) supports registration of users • Repositories store available certificates and Certificate Revocation Lists (CRLs) • Revocation: private key of user or CA is compromised or user is no longer certified by this CA • Top-down model • Up-cross-down model Natasa Prohic

  8. X.509Secure Sockets Layer (SSL) Server Client Client Hello Server Hello Server Certificate Server Key Exchange • Uses X.509 certificate to verify the identity of server and client • Most commonly used with HTTP to form HTTPS Certificate Request Server Hello Done optional Web browser Web server Client Key Exchange Certificate Verfication Change Cipher Spec Finished Client Certificate Handshake Protocol Record Protocol Change Cipher Spec Finished Alert Protocol Application Data Natasa Prohic

  9. Natasa Prohic owner’s information N. Prohic self-signature owner’s information owner’s public key self-signature PGP version number validity period the key material itself key type (DH, RSA) digital signature from other PGP user PGPPGP Certificate • Public key cryptographic package that combines symmetric and asymmetric cryptography • OpenPGP – open standard for PGP, GnuPG, Hushmail, etc. • Most commonly used for e-mail encryption • Distribution is done by key servers Natasa Prohic

  10. PGPWeb of trust • By signing another key, the user becomes trusted introducer of that key • Key signing party • Trust signature indicates that key belongs to the owner and owner can sign keys at one level below his own • The highest level – meta-introducer • Many certification paths for achieving fault tolerance • Four levels of trust • Owner or the person designated by owner (revoker) can revoke certificate Mary Fred Jane Bob Charlie Alice David Natasa Prohic

  11. Open File Manager Keyring Editor Operations on Keys Operations on Files File Manager PGPGNU Privacy Project • Crypto engine GnuPG, graphical user interface GPA and generic mail plug-in WinPT Natasa Prohic

  12. Comparison Natasa Prohic

  13. Conclusion • Weakness of any cryptosystem: handling the keys • Mostly organizations use X.509 certificates • PGP is more popular in the circle of acquaintances for signing and encryption of e-mail and documents • Difficulty of certificate management for user • Digitally signed access rights embedded in smart cards • Smart ID cards combined with biometric smart cards can provide two or three factor authentication • Both technologies can profit from smart cards • PGP will try to expand its area of application on organizations Natasa Prohic

  14. Thank you for your attention! ? Natasa Prohic

More Related