RshqSJS/JqxSJ Hqfubswlrq Wdqqhu Oryhodfh Wuldqjoh Olqxa Xvhuv Jurxs 11-Dsulo-2002

OpenPGP/GnuPG Encryption Tanner Lovelace Triangle Linux Users Group 11-April-2002

What is Cryptography? Cryptography The science of using mathematics to encrypt and decrypt data. A method of securely sending data over an insecure communications medium. Cryptanalysis The science of analyzing and breaking secure communications. Cryptology is the combination of the two.

Cryptography

The science of using mathematics to encrypt and decrypt data.

A method of securely sending data over an insecure communications medium.

Cryptanalysis

The science of analyzing and breaking secure communications.

Cryptology is the combination of the two.

There are two kinds of cryptography in this world: cryptography that will stop your kid sister from reading your files, and cryptography that will stop major governments from reading your files. -- Bruce Schneier, Applied Cryptography

There are two kinds of cryptography in this world: cryptography that will stop your kid sister from reading your files, and cryptography that will stop major governments from reading your files.

-- Bruce Schneier, Applied Cryptography

Why do you need cryptography? Privacy Keep communications secret Integrity Keep communications secure Authentication Know who you’re communicating with Nonrepudiation A sender shouldn’t be able to deny that they sent a message

Privacy

Keep communications secret

Integrity

Keep communications secure

Authentication

Know who you’re communicating with

Nonrepudiation

A sender shouldn’t be able to deny that they sent a message

Cryptography Background Two main types of cryptography Symmetric Same key encrypts/decrypts DES, AES, IDEA Asymmetric Different keys for encryption/decryption Also called public key cryptography RSA, Diffie-Hellman, ElGamal

Two main types of cryptography

Symmetric

Same key encrypts/decrypts

DES, AES, IDEA

Asymmetric

Different keys for encryption/decryption

Also called public key cryptography

RSA, Diffie-Hellman, ElGamal

Bits, bytes, and Key Lengths, oh my! Which is better? 128 bit keys? 1024 bit keys? Answer: neither Symmetric encryption is much faster than asymmetric Asymmetric makes communicating with people you don’t know much easier

Which is better?

128 bit keys?

1024 bit keys?

Answer: neither

Symmetric encryption is much faster than asymmetric

Asymmetric makes communicating with people you don’t know much easier

How does encryption work? Encryption Decryption Plaintext Ciphertext Original Plaintext Encryption Key Decryption Key Asymmetric Encryption Decryption Plaintext Ciphertext Original Plaintext Key Key Symmetric

Asymmetric

Symmetric

How do I know this is secure? Symmetric The only way to decrypt without the key is to try all possible combinations. With a 128 bit key, there are 2 128 possible combinations Comparison Our sun should go nova in approximately 2 30 years The universe is only 2 34 years old. Asymmetric You don’t, but smart people think it is.

Symmetric

The only way to decrypt without the key is to try all possible combinations.

With a 128 bit key, there are 2 128 possible combinations

Comparison

Our sun should go nova in approximately 2 30 years

The universe is only 2 34 years old.

Asymmetric

You don’t, but smart people think it is.

Not Secure?!? What’s up? Asymmetric algorithms are built upon certain assumptions that have not been proved Factoring large numbers Computing discrete logrithms These are similar to the P vs. NP problem in classical computer science Which is why you hear the press talking about the possibility of codes being broken easily.

Asymmetric algorithms are built upon certain assumptions that have not been proved

Factoring large numbers

Computing discrete logrithms

These are similar to the P vs. NP problem in classical computer science

Which is why you hear the press talking about the possibility of codes being broken easily.

Public Key Algorithms Diffie-Hellman (key exchange) First public key algorithm published (1976) Whitfield Diffie and Martin Hellman Alice and Bob chose a large prime n and another number g . Alice chooses a random large integer a and sends Bob X = g a mod n . Bob chooses a random large integer b and sends Alice Y = g b mod n . Alice computes k = Y a mod n . Bob computes k’ = X b mod n . k and k’ are equal ( g ab mod n ) and cannot be computed by someone watching the exchange!

Diffie-Hellman (key exchange)

First public key algorithm published (1976)

Whitfield Diffie and Martin Hellman

Alice and Bob chose a large prime n and another number g .

Alice chooses a random large integer a and sends Bob X = g a mod n .

Bob chooses a random large integer b and sends Alice Y = g b mod n .

Alice computes k = Y a mod n .

Bob computes k’ = X b mod n .

k and k’ are equal ( g ab mod n ) and cannot be computed by someone watching the exchange!

Public Key Algorithms RSA (Rivest, Shamir, and Adleman) [1977] Choose two random large prime numbers p and q . Compute n = pq . Choose a number e such that e is between 1 and pq and e is relatively prime to ( p – 1)( q – 1). Compute d from e ( d = e -1 mod (( p -1)( q -1))) Multiplicative inverse To encrypt, calculate c = m e mod n . To decrypt, calculate m = c d mod n .

RSA (Rivest, Shamir, and Adleman) [1977]

Choose two random large prime numbers p and q .

Compute n = pq .

Choose a number e such that e is between 1 and pq and e is relatively prime to ( p – 1)( q – 1).

Compute d from e ( d = e -1 mod (( p -1)( q -1)))

Multiplicative inverse

To encrypt, calculate c = m e mod n .

To decrypt, calculate m = c d mod n .

What is OpenPGP/GnuPG Pretty Good Privacy Encryption program written by Phill Zimmerman in 1991. Zimmerman was later criminally charged with releasing it on the Internet. (Charges were eventually dropped.) OpenPGP A standard for encrypted/signed messages. RFC 2440, November 1998 Gnu Privacy Guard An implementation of OpenPGP. Does not use patented algorithms.

Pretty Good Privacy

Encryption program written by Phill Zimmerman in 1991.

Zimmerman was later criminally charged with releasing it on the Internet. (Charges were eventually dropped.)

OpenPGP

A standard for encrypted/signed messages.

RFC 2440, November 1998

Gnu Privacy Guard

An implementation of OpenPGP.

Does not use patented algorithms.

What can PGP/GnuPG do? Encrypt / Decrypt Messages Files Digital Signatures Key management Create secret and public keys Manage a list of keys Certify keys Revoke or disable keys

Encrypt / Decrypt

Messages

Files

Digital Signatures

Key management

Create secret and public keys

Manage a list of keys

Certify keys

Revoke or disable keys

Encryption PGP uses multiple forms of encryption to encrypt different parts of a message Symmetric encryption fast Asymmetric encryption easy to distribute Message is encrypted with a symmetric algorithm Symmetric session key is encrypted with an asymmetric algorithm. In addition, the message is compressed beforehand, just to remove redundancy that could help cryptanalysis.

PGP uses multiple forms of encryption to encrypt different parts of a message

Symmetric encryption fast

Asymmetric encryption easy to distribute

Message is encrypted with a symmetric algorithm

Symmetric session key is encrypted with an asymmetric algorithm.

In addition, the message is compressed beforehand, just to remove redundancy that could help cryptanalysis.

Encryption

Encryption To encrypt a file, you need to specify options Recepient (can be yourself) Binary or ascii mode Output filename Input filename % gpg -r [UID]-a –o [outname] –e [file] Will also work with streams.

To encrypt a file, you need to specify options

Recepient (can be yourself)

Binary or ascii mode

Output filename

Input filename

% gpg -r [UID]-a –o [outname] –e [file]

Will also work with streams.

Decryption Only need to specify the decrypt option % gpg -d [file] Will prompt for pass phrase

Only need to specify the decrypt option

% gpg -d [file]

Will prompt for pass phrase

Signature Integrity Message is hashed Hash is encrypted with private key Message can be hashed again to prove it hasn’t changed. Authentication Hash can be decrypted with a public key Proves that the private key was used to encrypt. But not necessarily that a particular person encrypted the message. What?!?

Integrity

Message is hashed

Hash is encrypted with private key

Message can be hashed again to prove it hasn’t changed.

Authentication

Hash can be decrypted with a public key

Proves that the private key was used to encrypt.

But not necessarily that a particular person encrypted the message. What?!?

Signature Can be combined with encryption Can be integrated or detached % gpg –a --sign[file] % gpg –a --detach-sign[file] Detached signatures are useful for signing binary packages. Used with rpm (--addsign and –resign options)

Can be combined with encryption

Can be integrated or detached

% gpg –a --sign[file]

% gpg –a --detach-sign[file]

Detached signatures are useful for signing binary packages.

Used with rpm (--addsign and –resign options)

Key Management Session keys Created at use Only used once Need a very good source of randomness Asymmetric keys GPG allows you to create and manage Public portion of key can be published

Session keys

Created at use

Only used once

Need a very good source of randomness

Asymmetric keys

GPG allows you to create and manage

Public portion of key can be published

Web of Trust How do you know what keys to trust? You can only physically check a finite number of keys PGP allows you to sign someone elses key. Done when you have verified that a key is valid. Allows you to accept the validity of a key of someone you’ve never met. If Alice trusts Bob and Bob trusts Charles, then Alice can also trust Charles.

How do you know what keys to trust?

You can only physically check a finite number of keys

PGP allows you to sign someone elses key.

Done when you have verified that a key is valid.

Allows you to accept the validity of a key of someone you’ve never met.

If Alice trusts Bob and Bob trusts Charles, then Alice can also trust Charles.

Web of Trust

GPG Key Creation % gpg --gen-key Generates a public/private key pair. Because of the RSA patent, it defaults to using DH/ElGamal (Discrete Logorithm Problem) Choose a key length (use at least 1024 bits) User data (name, e-mail) Pass phrase

% gpg --gen-key

Generates a public/private key pair.

Because of the RSA patent, it defaults to using DH/ElGamal (Discrete Logorithm Problem)

Choose a key length (use at least 1024 bits)

User data (name, e-mail)

Pass phrase

Key revocation Always generate a revocation certificate after creating a key! If you lose your pass phrase, will allow you to cancel your key. % gpg --gen-revoke [UID] Need the pass phrase (to get to the secret key)

Always generate a revocation certificate after creating a key!

If you lose your pass phrase, will allow you to cancel your key.

% gpg --gen-revoke [UID]

Need the pass phrase (to get to the secret key)

Key functions List keys and signatures % gpg --list-keys % gpg --list-sigs % gpg --fingerprint Import % gpg --import [filename] Export % gpg --export [UID] By default export is binary. Use “-a” to do ascii-armor.

List keys and signatures

% gpg --list-keys

% gpg --list-sigs

% gpg --fingerprint

Import

% gpg --import [filename]

Export

% gpg --export [UID]

By default export is binary. Use “-a” to do ascii-armor.

Key servers You could exchange keys by e-mail or web page, but there is a better way. PGP and GnuPG support a remote key server Send % gpg --keyserver [ks] --send-key [UID] Receive % gpg --keyserver [ks] --recv-key [UID] Default key server can be put in options file. If default server set, gpg will automatically look there for new keys.

You could exchange keys by e-mail or web page, but there is a better way.

PGP and GnuPG support a remote key server

Send

% gpg --keyserver [ks] --send-key [UID]

Receive

% gpg --keyserver [ks] --recv-key [UID]

Default key server can be put in options file.

If default server set, gpg will automatically look there for new keys.

Key signing ONLY SIGN A KEY WHEN YOU ARE ABSOLUTELY SURE IT IS AUTHENTIC!!! Use the edit key function % gpg --edit-key [UID] Will bring up a command prompt Can sign, revoke, change trust, delete, etc… >sign Make sure you send the newly signed key to a key server.

ONLY SIGN A KEY WHEN YOU ARE ABSOLUTELY SURE IT IS AUTHENTIC!!!

Use the edit key function

% gpg --edit-key [UID]

Will bring up a command prompt

Can sign, revoke, change trust, delete, etc…

>sign

Make sure you send the newly signed key to a key server.

Conclusion GPG is a tool you can use to improve communication security. Don’t consider it an end result, but a link in a chain. It is integrated into a few packages, but the interface could be better Barrier to use Better when used all the time.

GPG is a tool you can use to improve communication security.

Don’t consider it an end result, but a link in a chain.

It is integrated into a few packages, but the interface could be better

Barrier to use

Better when used all the time.

References Garfinkel, Simson, PGP, Pretty Good Privacy , 1995, O’Reilly & Associates. Schneier, Bruce, Applied Cryptography , 1996, Wiley. Various crypto links http://www.x5.net/faqs/crypto/ http://www.pgpi.org/doc/guide/6.5/en/intro/ http://www.dewinter.com/gnupg_howto/english/GPGMiniHowto-1.html http://www.mcc.ac.uk/cos/security/PGP_why_and_how.html http://www.wired.com/wired/archive/people/whitfield_diffie/ http://www.iae.nsk.su/pages/CRYPTO/rsafaq.html http://www.philzimmermann.com/ http://www.openpgp.org/ http://www.gnupg.org/

Garfinkel, Simson, PGP, Pretty Good Privacy , 1995, O’Reilly & Associates.

Schneier, Bruce, Applied Cryptography , 1996, Wiley.

Various crypto links

http://www.x5.net/faqs/crypto/

http://www.pgpi.org/doc/guide/6.5/en/intro/

http://www.dewinter.com/gnupg_howto/english/GPGMiniHowto-1.html

http://www.mcc.ac.uk/cos/security/PGP_why_and_how.html

http://www.wired.com/wired/archive/people/whitfield_diffie/

http://www.iae.nsk.su/pages/CRYPTO/rsafaq.html

http://www.philzimmermann.com/

http://www.openpgp.org/

http://www.gnupg.org/