IMPLICATIONS OF THE ABOVE HOLISTIC UNDERSTANDING OF HARMONY ON PROFESSIONAL E...
Using PGP for securing the email
1. Using PGP for
securing the email
Confidentiality and authentication over unsecure channels
Student: Gianni Fiore
2. PGP Overview
• Pretty Good Privacy (PGP) is a security standard which aims to:
• Protect a binary target information from unauthorized eyes
• Files, emails, phone calls, chat messages, etc …
• Confidentiality within a limited set of people
• Provide authentication over data
• Undeniable digital signatures
• Data ownership certification
• Estabilish a secure digital communication channel over an
unsecure physical channel
• PGP became a de facto standard for email communication because
it addressed email protocols limits
• Its author, Phil Zimmerman, is a cyber security scientist and an
human rights activist.
3. Authentication with PGP
1. Hash of target is calculated
2. Hash is encrypted with writer’s private key
3. Encrypted hash is tailored to the target
-----BEGIN PGP SIGNED MESSAGE-----
Hash: [used hash algorithm]
TARGET CONTENT
-----BEGIN PGP SIGNATURE-----
Version: [signature software version]
TARGET CONTENT ENCRYPTED HASH
-----END PGP SIGNATURE-----
4. Readers can decrypt hash with writer’s public key and
then match it with their own calculated hash
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
No Regrets About Developing PGP The Friday September 21st
Washington Post carried an article by Ariana Cha that I feel
misrepresents my views on the role of PGP encryption software
in the September 11th terrorist attacks. She interviewed me on
Monday September 17th, and we talked about how I felt about the
possibility that the terrorists might have used PGP in planning
their attack. The article states that as the inventor of PGP, I
was "overwhelmed with feelings of guilt". I never implied that
in the interview, and specifically went out of my way to
[…]
- Philip Zimmermann
24 September 2001
(This letter may be widely circulated)
-----BEGIN PGP SIGNATURE-----
Version: PGP 7.0.3
iQA/AwUBO69LAsdGNjmy13leEQIDcgCg4bJ1T4rhvd3qTGximJ9YYw1ErmYAnjj
y V0jxraVXJPDdeVCqt7EZSWZn
=7vuw
-----END PGP SIGNATURE-----
4. Confidentiality with PGP
1. Target is encrypted with random session key
2. Session key is encrypted with readers’ public key
Note: a key can be encrypted more than one time, producing
a set of encrypted values referred to the same key.
3. Encrypted target and encrypted session key[s] are joint together
-----BEGIN PGP MESSAGE-----
Charset: [used charset encoding]
Version: [encryption software version]
TARGET CONTENT
-----END PGP MESSAGE-----
4. Readers can decrypt session key with their private key and then use it
to decrypt the target
-----BEGIN PGP MESSAGE-----
Charset: utf-8
Version: GnuPG v2
hQEMA1e5z5QZk2BfAQf+KY/xL8hYrzTY4B2WnHXrxPl7X0ASl3PbQNwnJWUBQ1vC
/jFjNzuzIwVAU3lEpNHqr00Lw6CHCwbklttiHat++8J/2CxD/S0jhhgTo+oOuqrd
Huse6agG3hqCRq1Oa2JlYQqvDBfzWvdVC6gt24sAwnPL97QZ5A2hHfAYzV66KkcT
qG75beAMoM7XtrcgPGBWkgcgZ1hOf8MAT42BQ5+GEaQ1mi3y3k0UdXNLtXO+GCoR
yLOtqSlmI6AzQ+HGwDDDUZp7yonohUnPcUXu+mkIug/gcRWRwIlSJ9HkwcJZ5QlY
Jg7UvOhU9UwmwPqNqdMHUCHeHABtKobkkECvPY4NSIUBDAMOFqxuoKQ1pwEIAL7Y
d7/BJ4yi2C/2tIoQzXXMwZctDHbtT2c1N9Ni9G41nxkQEt5yYRJjYBdm6e4ICRUi
GRTourQMvhEObaUwaBJDT8dkdpZSDKiawirwaa6s1mj/JoO1B60CdzxD5bk/W9C6
XN1NVmHt+PlJRZoCxbRpSv4rWctERIlDXsP/BE0VbfL7T6QifR2umzHRkswkkXHu
YL9Z0Id6xOw/XF3Payz+bxxTwFy2+jlEHwLs/nW7YfL5/turZG2edo9xfPozF9+1
d/Ha5G9WoGsnxEun75YsS+C283a0jzzlMf2nCH+REMhKNtqxzLQFaLsHKHVJCSqR
OJ2fqjuaDlk9uXRDH8bSwLwBYKuiKZhOGWw0XuffKinkTMBjO93MigJdphpGTC7Z
Xn2sDbGVrj3h1eDjAGzGzzbD6Z5+AR6v4Jf1NXrzdZ9DRegedic/Fndd3kQxnQZm
5ZHPE/hpjXC62MG/ypjWZUOmvWWzYx/J+go1jOr01qeDhqJtLAAngjAJQk6Gwm3x
ApDdBgHFVoUeFmSViRUDCXhxQ1nO2+6DwoS0gstYrTvFVIXFtfam+qwwZVAa/B2o
LI8GzwQvgE2cbuAgLVy/Tx6xZQnSs7Cey/AZfG5QBbajxwXNWKQIAQeA54+gB5GC
pMFANZap99NvUnqThpHy4uDkZ/hV43b+ZseOIr9eJwQ46KjGBKS7HKT3O1rQvtbn
mxkg0Tf1mah8KtQ7TQN/aGoOtlGFi4TajgBABWYktZJOFqtf7Us4h90KdXy272YK
WgCdwuY9SzPdgPxzNMOAickNcZXcpaRD/Nja8W9suJivK4q5JSh5K3b7nYWSOorY
iMVyOs8oJWgPOcTx2w==
=SlpZ
-----END PGP MESSAGE-----
5. Authentication and confidentiality
A signed target can further be encrypted to get both authentication
and confidentiality over an unsecure channel:
6. Enforcing email protocols
PGP solves several email protocols problems:
Email without PGP Email with PGP
Confidentiality
Authentication
Data Integrity
Metadata
confidentiality
7. PGP Keys Management
Each PGP user can create its own
keypair, i.e. a public key and its
correspondent RSA private key.
Private keys are meant to be known only
to the user who creates the keypair and
are protected by a passphrase.
Public keys can be shared with others
using a channel of preference
• Word of mouth
• Key signing party
• Key servers
PHIL ZIMMERMANN PUBLIC KEYS
Current DSS/Diffie-Hellman Key:
Key fingerprint:
055F C78F 1121 9349 2C4F 37AF C746 3639 B2D7 795E
Older DSS/Diffie-Hellman Key:
Key fingerprint:
17AF BAAF 2106 4E51 3F03 7E6E 63CB 691D FAEB D5FC
Ancient RSA Key:
Key fingerprint:
9E94 4513 3983 5F70 7BE7 D8ED C4BE 5AA6
8. PGP Keyrings
As for the PGP standard, RSA keys are stored
in keyrings.
Each user has:
• A public keyring, with its own public keys
and public keys of users who knows, used
to verify signatures and to encrypt data.
• A private keyring, with its own private
keys, used to sign and to decrypt data.
9. PGP and the Web of Trust
Each PGP user can sign other users’ public
keys, certifying publicly that they are really
associated to their identities.
To each public key owner can be associated a
level of trust, i.e. an indicator about how must
the user is trustworthy in the activity of
giving trust to third users.
Levels of trust network forms a Web of Trust
(WoT), a connected graph (according to the
Small World Effect) which give peer users the
ability to gain digital trustworthiness
depending on other users’ trust in real world.
10. PGP and mailing lists security
When it comes to mailing lists, PGP model does not deal with it in a direct
mode, since it was designed for one-to-one communications.
In a mailing list, there are multiple communication partners. Supposing
all of them are using PGP, there are still problems:
• How to encrypt mailing list content in such a way that:
• All mailing list’s members can read it
• All mailing list’s members can post without loosing confidentiality
• All other users which are not members of the mailing list in no way can access the
content
• Mailing lists member can prove their membership to mailing list and their personal
identity to other members
Let’s use Google Groups mailing list service to inspect the problem.
11. PGP and Google Groups
Suppose a Google Group has been created and all authorized people have been
joined it. Despite they trust that Google won’t reveal mailing list content to third
parties, users decide they don’t want to let even Google servers access their
communication content.
Group members should first using the group itself to communicate each other
their public keys (note that Google won’t reveal automatically other members’
email). There are two possible PGP solutions:
• SOLUTION 1: Since everyone know other people’s public key, each message
can be encrypted with PGP using all public keys of group members and can be
signed with own private key. Each member can decrypt with its own private
key.
• SOLUTION 2: A group leader should create a new keypair for the Google
Group email and distribute it to all the members encrypting it with their
public keys. Since everyone share a keypair, they can encrypt their posts with
group’s public key, signing them with own private key, and decrypting them
with group’s private key locally.
12. PGP and Google Groups
SOLUTION 1: Since everyone knows other people public key, each message can be encrypted
with PGP using all public keys of group members and can be signed with own private key. Each
member can decrypt with its own private key.
• PROS: No need for a group leader and further keypairs. If an user leaves the group, it
suffices to not encrypt anymore with its public key. If an user join the group, it suffices to
add its public key to encryption phase.
• CONS: Higher complexity for group members to maintain manually a set of allowed public
keys. New users can’t access mailing list’s history unless someone would encrypt for him old
content.
SOLUTION 2: A group leader should create a new keypair for the Google Group email and
distribute it to all the members encrypting it with their public keys. Since everyone share a
keypair, they can encrypt their posts with group’s public key, signing them with own private
key, and decrypting them with group’s private key locally.
• PROS: Limited complexity for group members. New users have full access to mailing list
access. Stronger signatures on messages (both own private key and group private key).
• CONS: Need for a group leader. Exiting users can continue decrypting messages, unless
group leader changes group keypair.
13. PGP and Google Groups
Let’s inspect deeply the second solution with an example:
14. GnuPG
Most widely used open source solution for PGP usage is the multiplatform
software GnuPG.
It can generate keypairs, manage them in keyrings and transfer a copy to
known key servers for other users to pull them. Once in the keyring, keys can
be used for encryption, decryption, signature, signature validation and
combination of them.
It also offers a keyring manager which allow to set for each key a level of
trust among: unknown, never, marginal, full and ultimate.
15. Mail User Agents compatibility
Several Mail User Agents can access PGP functionalities using third-parties
components.
Since they need, by design, to collect the history of sent emails, usually they encrypt
emails with both receivers public key and public key of sender itself. This way the
sender can access his mailbox later being able to decrypt what he wrote.
Most plugins interact also with desktop installations of OpenPGP software such as
GnuPG to automatically import keyrings.
16. Mozilla Thunderbird & Enigmail
Mozilla Thunderbird mail client can work in conjunction with addon Enigmail to
use PGP. It is interfaced with GnuPG for keyrings management.
17. Gmail & Mailvelope
Gmail email client can work in conjunction with browser extension Mailvelope to
use PGP. It allow import of keys to build a copy of the keyrings for extension usage.
18. PGP implementations
PGP is today a proprietary integrated software.
An open version of PGP is OpenPGP, correspondent to standard
RFC4880
Several implementation exists, as full encryption software programs,
mobile applications, software/language modules, or browser extension
for email clients.
PGP is used in a wide variety of security applications, including email
exchange, chat, phone calls, files, directories and whole hard disks.