1 / 30

RshqSJS/JqxSJ Hqfubswlrq

RshqSJS/JqxSJ Hqfubswlrq. Wdqqhu Oryhodfh Wuldqjoh Olqxa Xvhuv Jurxs 11-Dsulo-2002. OpenPGP/GnuPG Encryption. Tanner Lovelace Triangle Linux Users Group 11-April-2002. What is Cryptography?. Cryptography The science of using mathematics to encrypt and decrypt data.

overton
Télécharger la présentation

RshqSJS/JqxSJ Hqfubswlrq

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. RshqSJS/JqxSJ Hqfubswlrq Wdqqhu Oryhodfh Wuldqjoh Olqxa Xvhuv Jurxs 11-Dsulo-2002

  2. OpenPGP/GnuPG Encryption Tanner Lovelace Triangle Linux Users Group 11-April-2002

  3. What is Cryptography? • Cryptography • The science of using mathematics to encrypt and decrypt data. • A method of securely sending data over an insecure communications medium. • Cryptanalysis • The science of analyzing and breaking secure communications. • Cryptology is the combination of the two.

  4. There are two kinds of cryptography in this world: cryptography that will stop your kid sister from reading your files, and cryptography that will stop major governments from reading your files. -- Bruce Schneier, Applied Cryptography

  5. Why do you need cryptography? • Privacy • Keep communications secret • Integrity • Keep communications secure • Authentication • Know who you’re communicating with • Nonrepudiation • A sender shouldn’t be able to deny that they sent a message

  6. Cryptography Background • Two main types of cryptography • Symmetric • Same key encrypts/decrypts • DES, AES, IDEA • Asymmetric • Different keys for encryption/decryption • Also called public key cryptography • RSA, Diffie-Hellman, ElGamal

  7. Bits, bytes, and Key Lengths, oh my! • Which is better? • 128 bit keys? • 1024 bit keys? • Answer: neither • Symmetric encryption is much faster than asymmetric • Asymmetric makes communicating with people you don’t know much easier

  8. Symmetric Key Key Original Plaintext Plaintext Ciphertext Encryption Decryption • Asymmetric Decryption Key Encryption Key Original Plaintext Plaintext Ciphertext Encryption Decryption How does encryption work?

  9. How do I know this is secure? • Symmetric • The only way to decrypt without the key is to try all possible combinations. • With a 128 bit key, there are 2128 possible combinations • Comparison • Our sun should go nova in approximately 230 years • The universe is only 234 years old. • Asymmetric • You don’t, but smart people think it is.

  10. Not Secure?!? What’s up? • Asymmetric algorithms are built upon certain assumptions that have not been proved • Factoring large numbers • Computing discrete logrithms • These are similar to the P vs. NP problem in classical computer science • Which is why you hear the press talking about the possibility of codes being broken easily.

  11. Public Key Algorithms • Diffie-Hellman (key exchange) • First public key algorithm published (1976) • Whitfield Diffie and Martin Hellman • Alice and Bob chose a large prime n and another number g. • Alice chooses a random large integer a and sends Bob X = ga mod n. • Bob chooses a random large integer b and sends Alice Y = gb mod n. • Alice computes k = Yamod n. • Bob computes k’ = Xbmod n. • k and k’ are equal (gab mod n) and cannot be computed by someone watching the exchange!

  12. Public Key Algorithms • RSA (Rivest, Shamir, and Adleman) [1977] • Choose two random large prime numbers p and q. • Compute n = pq. • Choose a number e such that e is between 1 and pq and e is relatively prime to (p – 1)(q – 1). • Compute d from e (d = e-1 mod ((p-1)(q-1))) • Multiplicative inverse • To encrypt, calculate c = me mod n. • To decrypt, calculate m = cd mod n.

  13. What is OpenPGP/GnuPG • Pretty Good Privacy • Encryption program written by Phill Zimmerman in 1991. • Zimmerman was later criminally charged with releasing it on the Internet. (Charges were eventually dropped.) • OpenPGP • A standard for encrypted/signed messages. • RFC 2440, November 1998 • Gnu Privacy Guard • An implementation of OpenPGP. • Does not use patented algorithms.

  14. What can PGP/GnuPG do? • Encrypt / Decrypt • Messages • Files • Digital Signatures • Key management • Create secret and public keys • Manage a list of keys • Certify keys • Revoke or disable keys

  15. Encryption • PGP uses multiple forms of encryption to encrypt different parts of a message • Symmetric encryption fast • Asymmetric encryption easy to distribute • Message is encrypted with a symmetric algorithm • Symmetric session key is encrypted with an asymmetric algorithm. • In addition, the message is compressed beforehand, just to remove redundancy that could help cryptanalysis.

  16. Encryption

  17. Encryption • To encrypt a file, you need to specify options • Recepient (can be yourself) • Binary or ascii mode • Output filename • Input filename % gpg -r [UID]-a –o [outname] –e [file] • Will also work with streams.

  18. Decryption • Only need to specify the decrypt option % gpg -d [file] • Will prompt for pass phrase

  19. Signature • Integrity • Message is hashed • Hash is encrypted with private key • Message can be hashed again to prove it hasn’t changed. • Authentication • Hash can be decrypted with a public key • Proves that the private key was used to encrypt. • But not necessarily that a particular person encrypted the message. What?!?

  20. Signature • Can be combined with encryption • Can be integrated or detached % gpg –a --sign[file] % gpg –a --detach-sign[file] • Detached signatures are useful for signing binary packages. • Used with rpm (--addsign and –resign options)

  21. Key Management • Session keys • Created at use • Only used once • Need a very good source of randomness • Asymmetric keys • GPG allows you to create and manage • Public portion of key can be published

  22. Web of Trust • How do you know what keys to trust? • You can only physically check a finite number of keys • PGP allows you to sign someone elses key. • Done when you have verified that a key is valid. • Allows you to accept the validity of a key of someone you’ve never met. • If Alice trusts Bob and Bob trusts Charles, then Alice can also trust Charles.

  23. Web of Trust

  24. GPG Key Creation % gpg --gen-key • Generates a public/private key pair. • Because of the RSA patent, it defaults to using DH/ElGamal (Discrete Logorithm Problem) • Choose a key length (use at least 1024 bits) • User data (name, e-mail) • Pass phrase

  25. Key revocation • Always generate a revocation certificate after creating a key! • If you lose your pass phrase, will allow you to cancel your key. % gpg --gen-revoke [UID] • Need the pass phrase (to get to the secret key)

  26. Key functions • List keys and signatures % gpg --list-keys % gpg --list-sigs % gpg --fingerprint • Import % gpg --import [filename] • Export % gpg --export [UID] • By default export is binary. Use “-a” to do ascii-armor.

  27. Key servers • You could exchange keys by e-mail or web page, but there is a better way. • PGP and GnuPG support a remote key server • Send % gpg --keyserver [ks] --send-key [UID] • Receive % gpg --keyserver [ks] --recv-key [UID] • Default key server can be put in options file. • If default server set, gpg will automatically look there for new keys.

  28. Key signing • ONLY SIGN A KEY WHEN YOU ARE ABSOLUTELY SURE IT IS AUTHENTIC!!! • Use the edit key function % gpg --edit-key [UID] • Will bring up a command prompt • Can sign, revoke, change trust, delete, etc… >sign • Make sure you send the newly signed key to a key server.

  29. Conclusion • GPG is a tool you can use to improve communication security. • Don’t consider it an end result, but a link in a chain. • It is integrated into a few packages, but the interface could be better • Barrier to use • Better when used all the time.

  30. References • Garfinkel, Simson, PGP, Pretty Good Privacy, 1995, O’Reilly & Associates. • Schneier, Bruce, Applied Cryptography, 1996, Wiley. • Various crypto links • http://www.x5.net/faqs/crypto/ • http://www.pgpi.org/doc/guide/6.5/en/intro/ • http://www.dewinter.com/gnupg_howto/english/GPGMiniHowto-1.html • http://www.mcc.ac.uk/cos/security/PGP_why_and_how.html • http://www.wired.com/wired/archive/people/whitfield_diffie/ • http://www.iae.nsk.su/pages/CRYPTO/rsafaq.html • http://www.philzimmermann.com/ • http://www.openpgp.org/ • http://www.gnupg.org/

More Related