OpenPGP/GnuPG Encryption
Upcoming SlideShare
Loading in...5

OpenPGP/GnuPG Encryption



A talk I gave to the Triangle Linux Users Group ( ) on 11-April-2002 on Gnu Privacy Guard.

A talk I gave to the Triangle Linux Users Group ( ) on 11-April-2002 on Gnu Privacy Guard.



Total Views
Views on SlideShare
Embed Views



2 Embeds 18 9 9



Upload Details

Uploaded via as Microsoft PowerPoint

Usage Rights

© All Rights Reserved

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Are you sure you want to
    Your message goes here
  • Very nice one!!
    It can be useful for me because I want to give a lecture about gpg in my university.
    Are you sure you want to
    Your message goes here
Post Comment
Edit your comment

OpenPGP/GnuPG Encryption OpenPGP/GnuPG Encryption Presentation Transcript

  • RshqSJS/JqxSJ Hqfubswlrq Wdqqhu Oryhodfh Wuldqjoh Olqxa Xvhuv Jurxs 11-Dsulo-2002
  • OpenPGP/GnuPG Encryption Tanner Lovelace Triangle Linux Users Group 11-April-2002
  • What is Cryptography?
    • Cryptography
      • The science of using mathematics to encrypt and decrypt data.
      • A method of securely sending data over an insecure communications medium.
    • Cryptanalysis
      • The science of analyzing and breaking secure communications.
    • Cryptology is the combination of the two.
    • There are two kinds of cryptography in this world: cryptography that will stop your kid sister from reading your files, and cryptography that will stop major governments from reading your files.
    • -- Bruce Schneier, Applied Cryptography
  • Why do you need cryptography?
    • Privacy
      • Keep communications secret
    • Integrity
      • Keep communications secure
    • Authentication
      • Know who you’re communicating with
    • Nonrepudiation
      • A sender shouldn’t be able to deny that they sent a message
  • Cryptography Background
    • Two main types of cryptography
      • Symmetric
        • Same key encrypts/decrypts
        • DES, AES, IDEA
      • Asymmetric
        • Different keys for encryption/decryption
        • Also called public key cryptography
        • RSA, Diffie-Hellman, ElGamal
  • Bits, bytes, and Key Lengths, oh my!
    • Which is better?
      • 128 bit keys?
      • 1024 bit keys?
    • Answer: neither
      • Symmetric encryption is much faster than asymmetric
      • Asymmetric makes communicating with people you don’t know much easier
  • How does encryption work? Encryption Decryption Plaintext Ciphertext Original Plaintext Encryption Key Decryption Key
    • Asymmetric
    Encryption Decryption Plaintext Ciphertext Original Plaintext Key Key
    • Symmetric
  • How do I know this is secure?
    • Symmetric
      • The only way to decrypt without the key is to try all possible combinations.
        • With a 128 bit key, there are 2 128 possible combinations
        • Comparison
          • Our sun should go nova in approximately 2 30 years
          • The universe is only 2 34 years old.
    • Asymmetric
      • You don’t, but smart people think it is.
  • Not Secure?!? What’s up?
    • Asymmetric algorithms are built upon certain assumptions that have not been proved
      • Factoring large numbers
      • Computing discrete logrithms
    • These are similar to the P vs. NP problem in classical computer science
      • Which is why you hear the press talking about the possibility of codes being broken easily.
  • Public Key Algorithms
    • Diffie-Hellman (key exchange)
      • First public key algorithm published (1976)
        • Whitfield Diffie and Martin Hellman
      • Alice and Bob chose a large prime n and another number g .
      • Alice chooses a random large integer a and sends Bob X = g a mod n .
      • Bob chooses a random large integer b and sends Alice Y = g b mod n .
      • Alice computes k = Y a mod n .
      • Bob computes k’ = X b mod n .
      • k and k’ are equal ( g ab mod n ) and cannot be computed by someone watching the exchange!
  • Public Key Algorithms
    • RSA (Rivest, Shamir, and Adleman) [1977]
      • Choose two random large prime numbers p and q .
      • Compute n = pq .
      • Choose a number e such that e is between 1 and pq and e is relatively prime to ( p – 1)( q – 1).
      • Compute d from e ( d = e -1 mod (( p -1)( q -1)))
        • Multiplicative inverse
      • To encrypt, calculate c = m e mod n .
      • To decrypt, calculate m = c d mod n .
  • What is OpenPGP/GnuPG
    • Pretty Good Privacy
      • Encryption program written by Phill Zimmerman in 1991.
      • Zimmerman was later criminally charged with releasing it on the Internet. (Charges were eventually dropped.)
    • OpenPGP
      • A standard for encrypted/signed messages.
      • RFC 2440, November 1998
    • Gnu Privacy Guard
      • An implementation of OpenPGP.
      • Does not use patented algorithms.
  • What can PGP/GnuPG do?
    • Encrypt / Decrypt
      • Messages
      • Files
    • Digital Signatures
    • Key management
      • Create secret and public keys
      • Manage a list of keys
      • Certify keys
      • Revoke or disable keys
  • Encryption
    • PGP uses multiple forms of encryption to encrypt different parts of a message
      • Symmetric encryption fast
      • Asymmetric encryption easy to distribute
    • Message is encrypted with a symmetric algorithm
    • Symmetric session key is encrypted with an asymmetric algorithm.
    • In addition, the message is compressed beforehand, just to remove redundancy that could help cryptanalysis.
  • Encryption
  • Encryption
    • To encrypt a file, you need to specify options
      • Recepient (can be yourself)
      • Binary or ascii mode
      • Output filename
      • Input filename
    • % gpg -r [UID]-a –o [outname] –e [file]
    • Will also work with streams.
  • Decryption
    • Only need to specify the decrypt option
    • % gpg -d [file]
    • Will prompt for pass phrase
  • Signature
    • Integrity
      • Message is hashed
      • Hash is encrypted with private key
      • Message can be hashed again to prove it hasn’t changed.
    • Authentication
      • Hash can be decrypted with a public key
      • Proves that the private key was used to encrypt.
        • But not necessarily that a particular person encrypted the message. What?!?
  • Signature
    • Can be combined with encryption
    • Can be integrated or detached
    • % gpg –a --sign[file]
    • % gpg –a --detach-sign[file]
    • Detached signatures are useful for signing binary packages.
      • Used with rpm (--addsign and –resign options)
  • Key Management
    • Session keys
      • Created at use
      • Only used once
      • Need a very good source of randomness
    • Asymmetric keys
      • GPG allows you to create and manage
      • Public portion of key can be published
  • Web of Trust
    • How do you know what keys to trust?
      • You can only physically check a finite number of keys
    • PGP allows you to sign someone elses key.
      • Done when you have verified that a key is valid.
      • Allows you to accept the validity of a key of someone you’ve never met.
        • If Alice trusts Bob and Bob trusts Charles, then Alice can also trust Charles.
  • Web of Trust
  • GPG Key Creation
    • % gpg --gen-key
    • Generates a public/private key pair.
      • Because of the RSA patent, it defaults to using DH/ElGamal (Discrete Logorithm Problem)
      • Choose a key length (use at least 1024 bits)
      • User data (name, e-mail)
      • Pass phrase
  • Key revocation
    • Always generate a revocation certificate after creating a key!
      • If you lose your pass phrase, will allow you to cancel your key.
    • % gpg --gen-revoke [UID]
    • Need the pass phrase (to get to the secret key)
  • Key functions
    • List keys and signatures
    • % gpg --list-keys
    • % gpg --list-sigs
    • % gpg --fingerprint
    • Import
    • % gpg --import [filename]
    • Export
    • % gpg --export [UID]
    • By default export is binary. Use “-a” to do ascii-armor.
  • Key servers
    • You could exchange keys by e-mail or web page, but there is a better way.
    • PGP and GnuPG support a remote key server
    • Send
    • % gpg --keyserver [ks] --send-key [UID]
    • Receive
    • % gpg --keyserver [ks] --recv-key [UID]
    • Default key server can be put in options file.
      • If default server set, gpg will automatically look there for new keys.
  • Key signing
    • Use the edit key function
    • % gpg --edit-key [UID]
      • Will bring up a command prompt
      • Can sign, revoke, change trust, delete, etc…
    • >sign
    • Make sure you send the newly signed key to a key server.
  • Conclusion
    • GPG is a tool you can use to improve communication security.
      • Don’t consider it an end result, but a link in a chain.
    • It is integrated into a few packages, but the interface could be better
      • Barrier to use
    • Better when used all the time.
  • References
    • Garfinkel, Simson, PGP, Pretty Good Privacy , 1995, O’Reilly & Associates.
    • Schneier, Bruce, Applied Cryptography , 1996, Wiley.
    • Various crypto links