SlideShare a Scribd company logo

Using PGP for securing the email

Download as PPTX, PDF
Gianni Fiore
Gianni Fiore

Pretty Good Privacy in action: basics and how to use it today.

Engineering
1 of 18
Using PGP for securing the email Confidentiality and authentication over unsecure channels Student: Gianni Fiore
PGP Overview • Pretty Good Privacy (PGP) is a security standard which aims to: • Protect a binary target information from unauthorized eyes • Files, emails, phone calls, chat messages, etc … • Confidentiality within a limited set of people • Provide authentication over data • Undeniable digital signatures • Data ownership certification • Estabilish a secure digital communication channel over an unsecure physical channel • PGP became a de facto standard for email communication because it addressed email protocols limits • Its author, Phil Zimmerman, is a cyber security scientist and an human rights activist.
Authentication with PGP 1. Hash of target is calculated 2. Hash is encrypted with writer’s private key 3. Encrypted hash is tailored to the target -----BEGIN PGP SIGNED MESSAGE----- Hash: [used hash algorithm] TARGET CONTENT -----BEGIN PGP SIGNATURE----- Version: [signature software version] TARGET CONTENT ENCRYPTED HASH -----END PGP SIGNATURE----- 4. Readers can decrypt hash with writer’s public key and then match it with their own calculated hash -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 No Regrets About Developing PGP The Friday September 21st Washington Post carried an article by Ariana Cha that I feel misrepresents my views on the role of PGP encryption software in the September 11th terrorist attacks. She interviewed me on Monday September 17th, and we talked about how I felt about the possibility that the terrorists might have used PGP in planning their attack. The article states that as the inventor of PGP, I was "overwhelmed with feelings of guilt". I never implied that in the interview, and specifically went out of my way to […] - Philip Zimmermann 24 September 2001 (This letter may be widely circulated) -----BEGIN PGP SIGNATURE----- Version: PGP 7.0.3 iQA/AwUBO69LAsdGNjmy13leEQIDcgCg4bJ1T4rhvd3qTGximJ9YYw1ErmYAnjj y V0jxraVXJPDdeVCqt7EZSWZn =7vuw -----END PGP SIGNATURE-----
Confidentiality with PGP 1. Target is encrypted with random session key 2. Session key is encrypted with readers’ public key Note: a key can be encrypted more than one time, producing a set of encrypted values referred to the same key. 3. Encrypted target and encrypted session key[s] are joint together -----BEGIN PGP MESSAGE----- Charset: [used charset encoding] Version: [encryption software version] TARGET CONTENT -----END PGP MESSAGE----- 4. Readers can decrypt session key with their private key and then use it to decrypt the target -----BEGIN PGP MESSAGE----- Charset: utf-8 Version: GnuPG v2 hQEMA1e5z5QZk2BfAQf+KY/xL8hYrzTY4B2WnHXrxPl7X0ASl3PbQNwnJWUBQ1vC /jFjNzuzIwVAU3lEpNHqr00Lw6CHCwbklttiHat++8J/2CxD/S0jhhgTo+oOuqrd Huse6agG3hqCRq1Oa2JlYQqvDBfzWvdVC6gt24sAwnPL97QZ5A2hHfAYzV66KkcT qG75beAMoM7XtrcgPGBWkgcgZ1hOf8MAT42BQ5+GEaQ1mi3y3k0UdXNLtXO+GCoR yLOtqSlmI6AzQ+HGwDDDUZp7yonohUnPcUXu+mkIug/gcRWRwIlSJ9HkwcJZ5QlY Jg7UvOhU9UwmwPqNqdMHUCHeHABtKobkkECvPY4NSIUBDAMOFqxuoKQ1pwEIAL7Y d7/BJ4yi2C/2tIoQzXXMwZctDHbtT2c1N9Ni9G41nxkQEt5yYRJjYBdm6e4ICRUi GRTourQMvhEObaUwaBJDT8dkdpZSDKiawirwaa6s1mj/JoO1B60CdzxD5bk/W9C6 XN1NVmHt+PlJRZoCxbRpSv4rWctERIlDXsP/BE0VbfL7T6QifR2umzHRkswkkXHu YL9Z0Id6xOw/XF3Payz+bxxTwFy2+jlEHwLs/nW7YfL5/turZG2edo9xfPozF9+1 d/Ha5G9WoGsnxEun75YsS+C283a0jzzlMf2nCH+REMhKNtqxzLQFaLsHKHVJCSqR OJ2fqjuaDlk9uXRDH8bSwLwBYKuiKZhOGWw0XuffKinkTMBjO93MigJdphpGTC7Z Xn2sDbGVrj3h1eDjAGzGzzbD6Z5+AR6v4Jf1NXrzdZ9DRegedic/Fndd3kQxnQZm 5ZHPE/hpjXC62MG/ypjWZUOmvWWzYx/J+go1jOr01qeDhqJtLAAngjAJQk6Gwm3x ApDdBgHFVoUeFmSViRUDCXhxQ1nO2+6DwoS0gstYrTvFVIXFtfam+qwwZVAa/B2o LI8GzwQvgE2cbuAgLVy/Tx6xZQnSs7Cey/AZfG5QBbajxwXNWKQIAQeA54+gB5GC pMFANZap99NvUnqThpHy4uDkZ/hV43b+ZseOIr9eJwQ46KjGBKS7HKT3O1rQvtbn mxkg0Tf1mah8KtQ7TQN/aGoOtlGFi4TajgBABWYktZJOFqtf7Us4h90KdXy272YK WgCdwuY9SzPdgPxzNMOAickNcZXcpaRD/Nja8W9suJivK4q5JSh5K3b7nYWSOorY iMVyOs8oJWgPOcTx2w== =SlpZ -----END PGP MESSAGE-----
Authentication and confidentiality A signed target can further be encrypted to get both authentication and confidentiality over an unsecure channel:
Enforcing email protocols PGP solves several email protocols problems: Email without PGP Email with PGP Confidentiality Authentication Data Integrity Metadata confidentiality
PGP Keys Management Each PGP user can create its own keypair, i.e. a public key and its correspondent RSA private key. Private keys are meant to be known only to the user who creates the keypair and are protected by a passphrase. Public keys can be shared with others using a channel of preference • Word of mouth • Key signing party • Key servers PHIL ZIMMERMANN PUBLIC KEYS Current DSS/Diffie-Hellman Key: Key fingerprint: 055F C78F 1121 9349 2C4F 37AF C746 3639 B2D7 795E Older DSS/Diffie-Hellman Key: Key fingerprint: 17AF BAAF 2106 4E51 3F03 7E6E 63CB 691D FAEB D5FC Ancient RSA Key: Key fingerprint: 9E94 4513 3983 5F70 7BE7 D8ED C4BE 5AA6
PGP Keyrings As for the PGP standard, RSA keys are stored in keyrings. Each user has: • A public keyring, with its own public keys and public keys of users who knows, used to verify signatures and to encrypt data. • A private keyring, with its own private keys, used to sign and to decrypt data.
PGP and the Web of Trust Each PGP user can sign other users’ public keys, certifying publicly that they are really associated to their identities. To each public key owner can be associated a level of trust, i.e. an indicator about how must the user is trustworthy in the activity of giving trust to third users. Levels of trust network forms a Web of Trust (WoT), a connected graph (according to the Small World Effect) which give peer users the ability to gain digital trustworthiness depending on other users’ trust in real world.
PGP and mailing lists security When it comes to mailing lists, PGP model does not deal with it in a direct mode, since it was designed for one-to-one communications. In a mailing list, there are multiple communication partners. Supposing all of them are using PGP, there are still problems: • How to encrypt mailing list content in such a way that: • All mailing list’s members can read it • All mailing list’s members can post without loosing confidentiality • All other users which are not members of the mailing list in no way can access the content • Mailing lists member can prove their membership to mailing list and their personal identity to other members Let’s use Google Groups mailing list service to inspect the problem.
PGP and Google Groups Suppose a Google Group has been created and all authorized people have been joined it. Despite they trust that Google won’t reveal mailing list content to third parties, users decide they don’t want to let even Google servers access their communication content. Group members should first using the group itself to communicate each other their public keys (note that Google won’t reveal automatically other members’ email). There are two possible PGP solutions: • SOLUTION 1: Since everyone know other people’s public key, each message can be encrypted with PGP using all public keys of group members and can be signed with own private key. Each member can decrypt with its own private key. • SOLUTION 2: A group leader should create a new keypair for the Google Group email and distribute it to all the members encrypting it with their public keys. Since everyone share a keypair, they can encrypt their posts with group’s public key, signing them with own private key, and decrypting them with group’s private key locally.
PGP and Google Groups SOLUTION 1: Since everyone knows other people public key, each message can be encrypted with PGP using all public keys of group members and can be signed with own private key. Each member can decrypt with its own private key. • PROS: No need for a group leader and further keypairs. If an user leaves the group, it suffices to not encrypt anymore with its public key. If an user join the group, it suffices to add its public key to encryption phase. • CONS: Higher complexity for group members to maintain manually a set of allowed public keys. New users can’t access mailing list’s history unless someone would encrypt for him old content. SOLUTION 2: A group leader should create a new keypair for the Google Group email and distribute it to all the members encrypting it with their public keys. Since everyone share a keypair, they can encrypt their posts with group’s public key, signing them with own private key, and decrypting them with group’s private key locally. • PROS: Limited complexity for group members. New users have full access to mailing list access. Stronger signatures on messages (both own private key and group private key). • CONS: Need for a group leader. Exiting users can continue decrypting messages, unless group leader changes group keypair.
PGP and Google Groups Let’s inspect deeply the second solution with an example:
GnuPG Most widely used open source solution for PGP usage is the multiplatform software GnuPG. It can generate keypairs, manage them in keyrings and transfer a copy to known key servers for other users to pull them. Once in the keyring, keys can be used for encryption, decryption, signature, signature validation and combination of them. It also offers a keyring manager which allow to set for each key a level of trust among: unknown, never, marginal, full and ultimate.
Mail User Agents compatibility Several Mail User Agents can access PGP functionalities using third-parties components. Since they need, by design, to collect the history of sent emails, usually they encrypt emails with both receivers public key and public key of sender itself. This way the sender can access his mailbox later being able to decrypt what he wrote. Most plugins interact also with desktop installations of OpenPGP software such as GnuPG to automatically import keyrings.
Mozilla Thunderbird & Enigmail Mozilla Thunderbird mail client can work in conjunction with addon Enigmail to use PGP. It is interfaced with GnuPG for keyrings management.
Gmail & Mailvelope Gmail email client can work in conjunction with browser extension Mailvelope to use PGP. It allow import of keys to build a copy of the keyrings for extension usage.
PGP implementations PGP is today a proprietary integrated software. An open version of PGP is OpenPGP, correspondent to standard RFC4880 Several implementation exists, as full encryption software programs, mobile applications, software/language modules, or browser extension for email clients. PGP is used in a wide variety of security applications, including email exchange, chat, phone calls, files, directories and whole hard disks.

Recommended

Pretty good privacy
Pretty good privacyPretty good privacy
Pretty good privacyPushkar Dutt
 
Lecture 8 mail security
Lecture 8 mail securityLecture 8 mail security
Lecture 8 mail securityrajakhurram
 
Pgp
PgpPgp
Pgpprecy02
 
Celebrity Cricket League 2016 - http://ccl5.com/
Celebrity Cricket League 2016 - http://ccl5.com/ Celebrity Cricket League 2016 - http://ccl5.com/
Celebrity Cricket League 2016 - http://ccl5.com/ Tania Agni
 
Electronic mail security
Electronic mail securityElectronic mail security
Electronic mail securityDr.Florence Dayana
 
E mail security
E mail securityE mail security
E mail securitySoumya Vijoy
 
Pgp
PgpPgp
PgpReham Maher El-Safarini
 
Email Security
Email SecurityEmail Security
Email Securityselvakumar_b1985
 

Recommended

Pretty good privacy
Pretty good privacyPretty good privacy
Pretty good privacyPushkar Dutt
 
Lecture 8 mail security
Lecture 8 mail securityLecture 8 mail security
Lecture 8 mail securityrajakhurram
 
Pgp
PgpPgp
Pgpprecy02
 
Celebrity Cricket League 2016 - http://ccl5.com/
Celebrity Cricket League 2016 - http://ccl5.com/ Celebrity Cricket League 2016 - http://ccl5.com/
Celebrity Cricket League 2016 - http://ccl5.com/ Tania Agni
 
Electronic mail security
Electronic mail securityElectronic mail security
Electronic mail securityDr.Florence Dayana
 
E mail security
E mail securityE mail security
E mail securitySoumya Vijoy
 
Pgp
PgpPgp
PgpReham Maher El-Safarini
 
Email Security
Email SecurityEmail Security
Email Securityselvakumar_b1985
 
pgp s mime
pgp s mimepgp s mime
pgp s mimeChirag Patel
 
PGP Basic Lecture 01
PGP Basic Lecture 01PGP Basic Lecture 01
PGP Basic Lecture 01Qaisar Ayub
 
Pretty good privacy
Pretty good privacyPretty good privacy
Pretty good privacyPunnya Babu
 
S/MIME & E-mail Security (Network Security)
S/MIME & E-mail Security (Network Security)S/MIME & E-mail Security (Network Security)
S/MIME & E-mail Security (Network Security)Prafull Johri
 
BAIT1103 Chapter 5
BAIT1103 Chapter 5BAIT1103 Chapter 5
BAIT1103 Chapter 5limsh
 
E-mail Security Protocol - 2 Pretty Good Privacy (PGP)
E-mail Security Protocol - 2 Pretty Good Privacy (PGP)E-mail Security Protocol - 2 Pretty Good Privacy (PGP)
E-mail Security Protocol - 2 Pretty Good Privacy (PGP)Vishal Kumar
 
Email Security Presentation
Email Security PresentationEmail Security Presentation
Email Security PresentationYosef Gamble
 
Network Security Primer
Network Security PrimerNetwork Security Primer
Network Security PrimerVenkatesh Iyer
 
Pgp
PgpPgp
PgpNilanjan Danda
 
Email security
Email securityEmail security
Email securityIndrajit Sreemany
 
Ch15
Ch15Ch15
Ch15Joe Christensen
 
CRYPTOGRAPHY AND NETWORK SECURITY- E-Mail Security
CRYPTOGRAPHY AND NETWORK SECURITY- E-Mail SecurityCRYPTOGRAPHY AND NETWORK SECURITY- E-Mail Security
CRYPTOGRAPHY AND NETWORK SECURITY- E-Mail SecurityJyothishmathi Institute of Technology and Science Karimnagar
 
Email security & threads
Email security & threadsEmail security & threads
Email security & threadsInocentshuja Ahmad
 
Pretty good privacy - Email Security
Pretty good privacy - Email SecurityPretty good privacy - Email Security
Pretty good privacy - Email SecurityRakesh Mittal
 
E-mail Security in Network Security NS5
E-mail Security in Network Security NS5E-mail Security in Network Security NS5
E-mail Security in Network Security NS5koolkampus
 
Email Security : PGP & SMIME
Email Security : PGP & SMIMEEmail Security : PGP & SMIME
Email Security : PGP & SMIMERohit Soni
 
Key management and distribution
Key management and distributionKey management and distribution
Key management and distributionRiya Choudhary
 
Pgp
PgpPgp
PgpAbhishek Kesharwani
 
Information and data security email security
Information and data security email securityInformation and data security email security
Information and data security email securityMazin Alwaaly
 
Network security
Network securityNetwork security
Network securitySVijaylakshmi
 
Edición perfil estudiante
Edición perfil estudianteEdición perfil estudiante
Edición perfil estudiantePilar Mendoza
 
Encouraging Engagement on Standardized Testing
Encouraging Engagement on Standardized TestingEncouraging Engagement on Standardized Testing
Encouraging Engagement on Standardized TestingBetsy Potash
 

More Related Content

What's hot

PGP Basic Lecture 01
PGP Basic Lecture 01PGP Basic Lecture 01
PGP Basic Lecture 01Qaisar Ayub
 
Pretty good privacy
Pretty good privacyPretty good privacy
Pretty good privacyPunnya Babu
 
S/MIME & E-mail Security (Network Security)
S/MIME & E-mail Security (Network Security)S/MIME & E-mail Security (Network Security)
S/MIME & E-mail Security (Network Security)Prafull Johri
 
BAIT1103 Chapter 5
BAIT1103 Chapter 5BAIT1103 Chapter 5
BAIT1103 Chapter 5limsh
 
E-mail Security Protocol - 2 Pretty Good Privacy (PGP)
E-mail Security Protocol - 2 Pretty Good Privacy (PGP)E-mail Security Protocol - 2 Pretty Good Privacy (PGP)
E-mail Security Protocol - 2 Pretty Good Privacy (PGP)Vishal Kumar
 
Email Security Presentation
Email Security PresentationEmail Security Presentation
Email Security PresentationYosef Gamble
 
Network Security Primer
Network Security PrimerNetwork Security Primer
Network Security PrimerVenkatesh Iyer
 
Pretty good privacy - Email Security
Pretty good privacy - Email SecurityPretty good privacy - Email Security
Pretty good privacy - Email SecurityRakesh Mittal
 
E-mail Security in Network Security NS5
E-mail Security in Network Security NS5E-mail Security in Network Security NS5
E-mail Security in Network Security NS5koolkampus
 
Email Security : PGP & SMIME
Email Security : PGP & SMIMEEmail Security : PGP & SMIME
Email Security : PGP & SMIMERohit Soni
 
Key management and distribution
Key management and distributionKey management and distribution
Key management and distributionRiya Choudhary
 
Information and data security email security
Information and data security email securityInformation and data security email security
Information and data security email securityMazin Alwaaly
 

What's hot (20)

pgp s mime
pgp s mimepgp s mime
pgp s mime
 
PGP Basic Lecture 01
PGP Basic Lecture 01PGP Basic Lecture 01
PGP Basic Lecture 01
 
Pretty good privacy
Pretty good privacyPretty good privacy
Pretty good privacy
 
S/MIME & E-mail Security (Network Security)
S/MIME & E-mail Security (Network Security)S/MIME & E-mail Security (Network Security)
S/MIME & E-mail Security (Network Security)
 
BAIT1103 Chapter 5
BAIT1103 Chapter 5BAIT1103 Chapter 5
BAIT1103 Chapter 5
 
E-mail Security Protocol - 2 Pretty Good Privacy (PGP)
E-mail Security Protocol - 2 Pretty Good Privacy (PGP)E-mail Security Protocol - 2 Pretty Good Privacy (PGP)
E-mail Security Protocol - 2 Pretty Good Privacy (PGP)
 
Email Security Presentation
Email Security PresentationEmail Security Presentation
Email Security Presentation
 
Network Security Primer
Network Security PrimerNetwork Security Primer
Network Security Primer
 
Pgp
PgpPgp
Pgp
 
Email security
Email securityEmail security
Email security
 
Ch15
Ch15Ch15
Ch15
 
CRYPTOGRAPHY AND NETWORK SECURITY- E-Mail Security
CRYPTOGRAPHY AND NETWORK SECURITY- E-Mail SecurityCRYPTOGRAPHY AND NETWORK SECURITY- E-Mail Security
CRYPTOGRAPHY AND NETWORK SECURITY- E-Mail Security
 
Email security & threads
Email security & threadsEmail security & threads
Email security & threads
 
Pretty good privacy - Email Security
Pretty good privacy - Email SecurityPretty good privacy - Email Security
Pretty good privacy - Email Security
 
E-mail Security in Network Security NS5
E-mail Security in Network Security NS5E-mail Security in Network Security NS5
E-mail Security in Network Security NS5
 
Email Security : PGP & SMIME
Email Security : PGP & SMIMEEmail Security : PGP & SMIME
Email Security : PGP & SMIME
 
Key management and distribution
Key management and distributionKey management and distribution
Key management and distribution
 
Pgp
PgpPgp
Pgp
 
Information and data security email security
Information and data security email securityInformation and data security email security
Information and data security email security
 
Network security
Network securityNetwork security
Network security
 

Viewers also liked

Edición perfil estudiante
Edición perfil estudianteEdición perfil estudiante
Edición perfil estudiantePilar Mendoza
 
Encouraging Engagement on Standardized Testing
Encouraging Engagement on Standardized TestingEncouraging Engagement on Standardized Testing
Encouraging Engagement on Standardized TestingBetsy Potash
 
Object Calisthenics (PyCon Slovakia 2017)
Object Calisthenics (PyCon Slovakia 2017)Object Calisthenics (PyCon Slovakia 2017)
Object Calisthenics (PyCon Slovakia 2017)Paweł Lewtak
 
Palestra 2 sobre o pau-brasil ( Projeto Poupança Verde )
Palestra 2 sobre o pau-brasil ( Projeto Poupança Verde )Palestra 2 sobre o pau-brasil ( Projeto Poupança Verde )
Palestra 2 sobre o pau-brasil ( Projeto Poupança Verde )Valter Almeida
 
Healthy Heart Imaging ppt marketing USE THIS ONE
Healthy Heart Imaging ppt marketing USE THIS ONEHealthy Heart Imaging ppt marketing USE THIS ONE
Healthy Heart Imaging ppt marketing USE THIS ONEBridgette Hannigan
 
Ma trận và đề kiểm tra môn Toán học kì 2 lớp 4 theo thông tư 22
Ma trận và đề kiểm tra môn Toán học kì 2 lớp 4 theo thông tư 22Ma trận và đề kiểm tra môn Toán học kì 2 lớp 4 theo thông tư 22
Ma trận và đề kiểm tra môn Toán học kì 2 lớp 4 theo thông tư 22Bồi Dưỡng HSG Toán Lớp 3
 
Listados escritura 5 b
Listados escritura 5 bListados escritura 5 b
Listados escritura 5 bN/A
 
Listados escritura 5 a
Listados escritura 5 aListados escritura 5 a
Listados escritura 5 aN/A
 
Lesiones cuadro comparativo
Lesiones cuadro comparativoLesiones cuadro comparativo
Lesiones cuadro comparativoSelene Baoiz
 
Complessità, Flessibilità, Semplessità
Complessità, Flessibilità, SemplessitàComplessità, Flessibilità, Semplessità
Complessità, Flessibilità, SemplessitàLaura Antichi
 
Pgp pretty good privacy
Pgp pretty good privacyPgp pretty good privacy
Pgp pretty good privacyPawan Arya
 
Petição Comissão Eleitoral
Petição Comissão EleitoralPetição Comissão Eleitoral
Petição Comissão EleitoralSergio Libya
 
Minerales de la tecnología
Minerales de la tecnologíaMinerales de la tecnología
Minerales de la tecnologíamineraltecnolog
 

Viewers also liked (20)

Edición perfil estudiante
Edición perfil estudianteEdición perfil estudiante
Edición perfil estudiante
 
Encouraging Engagement on Standardized Testing
Encouraging Engagement on Standardized TestingEncouraging Engagement on Standardized Testing
Encouraging Engagement on Standardized Testing
 
Object Calisthenics (PyCon Slovakia 2017)
Object Calisthenics (PyCon Slovakia 2017)Object Calisthenics (PyCon Slovakia 2017)
Object Calisthenics (PyCon Slovakia 2017)
 
operating system
operating systemoperating system
operating system
 
Palestra 2 sobre o pau-brasil ( Projeto Poupança Verde )
Palestra 2 sobre o pau-brasil ( Projeto Poupança Verde )Palestra 2 sobre o pau-brasil ( Projeto Poupança Verde )
Palestra 2 sobre o pau-brasil ( Projeto Poupança Verde )
 
Healthy Heart Imaging ppt marketing USE THIS ONE
Healthy Heart Imaging ppt marketing USE THIS ONEHealthy Heart Imaging ppt marketing USE THIS ONE
Healthy Heart Imaging ppt marketing USE THIS ONE
 
Present simple tense
Present simple tensePresent simple tense
Present simple tense
 
Tipologia y caracter
Tipologia y caracterTipologia y caracter
Tipologia y caracter
 
5 mathematic03
5 mathematic035 mathematic03
5 mathematic03
 
Ma trận và đề kiểm tra môn Toán học kì 2 lớp 4 theo thông tư 22
Ma trận và đề kiểm tra môn Toán học kì 2 lớp 4 theo thông tư 22Ma trận và đề kiểm tra môn Toán học kì 2 lớp 4 theo thông tư 22
Ma trận và đề kiểm tra môn Toán học kì 2 lớp 4 theo thông tư 22
 
Listados escritura 5 b
Listados escritura 5 bListados escritura 5 b
Listados escritura 5 b
 
Listados escritura 5 a
Listados escritura 5 aListados escritura 5 a
Listados escritura 5 a
 
Dulce caraballo arquitectura barroc
Dulce caraballo arquitectura barrocDulce caraballo arquitectura barroc
Dulce caraballo arquitectura barroc
 
Lesiones cuadro comparativo
Lesiones cuadro comparativoLesiones cuadro comparativo
Lesiones cuadro comparativo
 
Haemangioma
HaemangiomaHaemangioma
Haemangioma
 
REVISTA PSICOLOGIA CLINICA
REVISTA PSICOLOGIA CLINICAREVISTA PSICOLOGIA CLINICA
REVISTA PSICOLOGIA CLINICA
 
Complessità, Flessibilità, Semplessità
Complessità, Flessibilità, SemplessitàComplessità, Flessibilità, Semplessità
Complessità, Flessibilità, Semplessità
 
Pgp pretty good privacy
Pgp pretty good privacyPgp pretty good privacy
Pgp pretty good privacy
 
Petição Comissão Eleitoral
Petição Comissão EleitoralPetição Comissão Eleitoral
Petição Comissão Eleitoral
 
Minerales de la tecnología
Minerales de la tecnologíaMinerales de la tecnología
Minerales de la tecnología
 

Similar to Using PGP for securing the email

B. Nouri-Moghaddam et al Int. Journal of Engineering Research .docx
B. Nouri-Moghaddam et al Int. Journal of Engineering Research .docxB. Nouri-Moghaddam et al Int. Journal of Engineering Research .docx
B. Nouri-Moghaddam et al Int. Journal of Engineering Research .docxikirkton
 
Network and information security
Network and information securityNetwork and information security
Network and information securityrithika858339
 
PGP desk top basis lecture 002
PGP desk top basis lecture 002PGP desk top basis lecture 002
PGP desk top basis lecture 002Qaisar Ayub
 
Using PGP for securing the e-mail
Using PGP for securing the e-mailUsing PGP for securing the e-mail
Using PGP for securing the e-maildavidepiccardi
 
CryptoGraphy Module in Mulesoft
CryptoGraphy Module in MulesoftCryptoGraphy Module in Mulesoft
CryptoGraphy Module in Mulesoftshyamraj55
 
Digital Certified Mail
Digital Certified MailDigital Certified Mail
Digital Certified MailMatthew Chang
 
PGP based social network
PGP based social networkPGP based social network
PGP based social networkJosé Moreira
 
Mule security pgp with Example
Mule security pgp with ExampleMule security pgp with Example
Mule security pgp with ExampleD.Rajesh Kumar
 
module 4_7th sem_ Electronic Mail Security.pptx
module 4_7th sem_ Electronic Mail Security.pptxmodule 4_7th sem_ Electronic Mail Security.pptx
module 4_7th sem_ Electronic Mail Security.pptxprateekPallav2
 
Design and Analyze Secure Networked Systems - 4
Design and Analyze Secure Networked Systems - 4Design and Analyze Secure Networked Systems - 4
Design and Analyze Secure Networked Systems - 4Don Kim
 

Similar to Using PGP for securing the email (20)

pgp.ppt.pptx
pgp.ppt.pptxpgp.ppt.pptx
pgp.ppt.pptx
 
B. Nouri-Moghaddam et al Int. Journal of Engineering Research .docx
B. Nouri-Moghaddam et al Int. Journal of Engineering Research .docxB. Nouri-Moghaddam et al Int. Journal of Engineering Research .docx
B. Nouri-Moghaddam et al Int. Journal of Engineering Research .docx
 
G43053847
G43053847G43053847
G43053847
 
Network and information security
Network and information securityNetwork and information security
Network and information security
 
PGP desk top basis lecture 002
PGP desk top basis lecture 002PGP desk top basis lecture 002
PGP desk top basis lecture 002
 
Email sec11
Email sec11Email sec11
Email sec11
 
Pgp
PgpPgp
Pgp
 
Using PGP for securing the e-mail
Using PGP for securing the e-mailUsing PGP for securing the e-mail
Using PGP for securing the e-mail
 
CryptoGraphy Module in Mulesoft
CryptoGraphy Module in MulesoftCryptoGraphy Module in Mulesoft
CryptoGraphy Module in Mulesoft
 
Digital Certified Mail
Digital Certified MailDigital Certified Mail
Digital Certified Mail
 
ch15 (1).ppt
ch15 (1).pptch15 (1).ppt
ch15 (1).ppt
 
ch15.ppt
ch15.pptch15.ppt
ch15.ppt
 
ch15.ppt
ch15.pptch15.ppt
ch15.ppt
 
ch15.ppt
ch15.pptch15.ppt
ch15.ppt
 
PGP based social network
PGP based social networkPGP based social network
PGP based social network
 
Mule security pgp with Example
Mule security pgp with ExampleMule security pgp with Example
Mule security pgp with Example
 
Pgp1
Pgp1Pgp1
Pgp1
 
module 4_7th sem_ Electronic Mail Security.pptx
module 4_7th sem_ Electronic Mail Security.pptxmodule 4_7th sem_ Electronic Mail Security.pptx
module 4_7th sem_ Electronic Mail Security.pptx
 
Design and Analyze Secure Networked Systems - 4
Design and Analyze Secure Networked Systems - 4Design and Analyze Secure Networked Systems - 4
Design and Analyze Secure Networked Systems - 4
 
Unit 4
Unit 4Unit 4
Unit 4
 

Recently uploaded

Coefficient of Thermal Expansion and their Importance.pptx
Coefficient of Thermal Expansion and their Importance.pptxCoefficient of Thermal Expansion and their Importance.pptx
Coefficient of Thermal Expansion and their Importance.pptxAsutosh Ranjan
 
SPICE PARK APR2024 ( 6,793 SPICE Models )
SPICE PARK APR2024 ( 6,793 SPICE Models )SPICE PARK APR2024 ( 6,793 SPICE Models )
SPICE PARK APR2024 ( 6,793 SPICE Models )Tsuyoshi Horigome
 
Model Call Girl in Narela Delhi reach out to us at 🔝8264348440🔝
Model Call Girl in Narela Delhi reach out to us at 🔝8264348440🔝Model Call Girl in Narela Delhi reach out to us at 🔝8264348440🔝
Model Call Girl in Narela Delhi reach out to us at 🔝8264348440🔝soniya singh
 
Analog to Digital and Digital to Analog Converter
Analog to Digital and Digital to Analog ConverterAnalog to Digital and Digital to Analog Converter
Analog to Digital and Digital to Analog ConverterAbhinavSharma374939
 
VIP Call Girls Service Hitech City Hyderabad Call +91-8250192130
VIP Call Girls Service Hitech City Hyderabad Call +91-8250192130VIP Call Girls Service Hitech City Hyderabad Call +91-8250192130
VIP Call Girls Service Hitech City Hyderabad Call +91-8250192130Suhani Kapoor
 
(MEERA) Dapodi Call Girls Just Call 7001035870 [ Cash on Delivery ] Pune Escorts
(MEERA) Dapodi Call Girls Just Call 7001035870 [ Cash on Delivery ] Pune Escorts(MEERA) Dapodi Call Girls Just Call 7001035870 [ Cash on Delivery ] Pune Escorts
(MEERA) Dapodi Call Girls Just Call 7001035870 [ Cash on Delivery ] Pune Escortsranjana rawat
 
APPLICATIONS-AC/DC DRIVES-OPERATING CHARACTERISTICS
APPLICATIONS-AC/DC DRIVES-OPERATING CHARACTERISTICSAPPLICATIONS-AC/DC DRIVES-OPERATING CHARACTERISTICS
APPLICATIONS-AC/DC DRIVES-OPERATING CHARACTERISTICSKurinjimalarL3
 
(ANVI) Koregaon Park Call Girls Just Call 7001035870 [ Cash on Delivery ] Pun...
(ANVI) Koregaon Park Call Girls Just Call 7001035870 [ Cash on Delivery ] Pun...(ANVI) Koregaon Park Call Girls Just Call 7001035870 [ Cash on Delivery ] Pun...
(ANVI) Koregaon Park Call Girls Just Call 7001035870 [ Cash on Delivery ] Pun...ranjana rawat
 
Structural Analysis and Design of Foundations: A Comprehensive Handbook for S...
Structural Analysis and Design of Foundations: A Comprehensive Handbook for S...Structural Analysis and Design of Foundations: A Comprehensive Handbook for S...
Structural Analysis and Design of Foundations: A Comprehensive Handbook for S...Dr.Costas Sachpazis
 
(RIA) Call Girls Bhosari ( 7001035870 ) HI-Fi Pune Escorts Service
(RIA) Call Girls Bhosari ( 7001035870 ) HI-Fi Pune Escorts Service(RIA) Call Girls Bhosari ( 7001035870 ) HI-Fi Pune Escorts Service
(RIA) Call Girls Bhosari ( 7001035870 ) HI-Fi Pune Escorts Serviceranjana rawat
 
Call Girls Service Nagpur Tanvi Call 7001035870 Meet With Nagpur Escorts
Call Girls Service Nagpur Tanvi Call 7001035870 Meet With Nagpur EscortsCall Girls Service Nagpur Tanvi Call 7001035870 Meet With Nagpur Escorts
Call Girls Service Nagpur Tanvi Call 7001035870 Meet With Nagpur EscortsCall Girls in Nagpur High Profile
 
Processing & Properties of Floor and Wall Tiles.pptx
Processing & Properties of Floor and Wall Tiles.pptxProcessing & Properties of Floor and Wall Tiles.pptx
Processing & Properties of Floor and Wall Tiles.pptxpranjaldaimarysona
 
Sheet Pile Wall Design and Construction: A Practical Guide for Civil Engineer...
Sheet Pile Wall Design and Construction: A Practical Guide for Civil Engineer...Sheet Pile Wall Design and Construction: A Practical Guide for Civil Engineer...
Sheet Pile Wall Design and Construction: A Practical Guide for Civil Engineer...Dr.Costas Sachpazis
 
High Profile Call Girls Nagpur Meera Call 7001035870 Meet With Nagpur Escorts
High Profile Call Girls Nagpur Meera Call 7001035870 Meet With Nagpur EscortsHigh Profile Call Girls Nagpur Meera Call 7001035870 Meet With Nagpur Escorts
High Profile Call Girls Nagpur Meera Call 7001035870 Meet With Nagpur EscortsCall Girls in Nagpur High Profile
 
Biology for Computer Engineers Course Handout.pptx
Biology for Computer Engineers Course Handout.pptxBiology for Computer Engineers Course Handout.pptx
Biology for Computer Engineers Course Handout.pptxDeepakSakkari2
 
IMPLICATIONS OF THE ABOVE HOLISTIC UNDERSTANDING OF HARMONY ON PROFESSIONAL E...
IMPLICATIONS OF THE ABOVE HOLISTIC UNDERSTANDING OF HARMONY ON PROFESSIONAL E...IMPLICATIONS OF THE ABOVE HOLISTIC UNDERSTANDING OF HARMONY ON PROFESSIONAL E...
IMPLICATIONS OF THE ABOVE HOLISTIC UNDERSTANDING OF HARMONY ON PROFESSIONAL E...RajaP95
 

Recently uploaded (20)

Call Us -/9953056974- Call Girls In Vikaspuri-/- Delhi NCR
Call Us -/9953056974- Call Girls In Vikaspuri-/- Delhi NCRCall Us -/9953056974- Call Girls In Vikaspuri-/- Delhi NCR
Call Us -/9953056974- Call Girls In Vikaspuri-/- Delhi NCR
 
DJARUM4D - SLOT GACOR ONLINE | SLOT DEMO ONLINE
DJARUM4D - SLOT GACOR ONLINE | SLOT DEMO ONLINEDJARUM4D - SLOT GACOR ONLINE | SLOT DEMO ONLINE
DJARUM4D - SLOT GACOR ONLINE | SLOT DEMO ONLINE
 
Coefficient of Thermal Expansion and their Importance.pptx
Coefficient of Thermal Expansion and their Importance.pptxCoefficient of Thermal Expansion and their Importance.pptx
Coefficient of Thermal Expansion and their Importance.pptx
 
SPICE PARK APR2024 ( 6,793 SPICE Models )
SPICE PARK APR2024 ( 6,793 SPICE Models )SPICE PARK APR2024 ( 6,793 SPICE Models )
SPICE PARK APR2024 ( 6,793 SPICE Models )
 
Model Call Girl in Narela Delhi reach out to us at 🔝8264348440🔝
Model Call Girl in Narela Delhi reach out to us at 🔝8264348440🔝Model Call Girl in Narela Delhi reach out to us at 🔝8264348440🔝
Model Call Girl in Narela Delhi reach out to us at 🔝8264348440🔝
 
Analog to Digital and Digital to Analog Converter
Analog to Digital and Digital to Analog ConverterAnalog to Digital and Digital to Analog Converter
Analog to Digital and Digital to Analog Converter
 
VIP Call Girls Service Hitech City Hyderabad Call +91-8250192130
VIP Call Girls Service Hitech City Hyderabad Call +91-8250192130VIP Call Girls Service Hitech City Hyderabad Call +91-8250192130
VIP Call Girls Service Hitech City Hyderabad Call +91-8250192130
 
(MEERA) Dapodi Call Girls Just Call 7001035870 [ Cash on Delivery ] Pune Escorts
(MEERA) Dapodi Call Girls Just Call 7001035870 [ Cash on Delivery ] Pune Escorts(MEERA) Dapodi Call Girls Just Call 7001035870 [ Cash on Delivery ] Pune Escorts
(MEERA) Dapodi Call Girls Just Call 7001035870 [ Cash on Delivery ] Pune Escorts
 
APPLICATIONS-AC/DC DRIVES-OPERATING CHARACTERISTICS
APPLICATIONS-AC/DC DRIVES-OPERATING CHARACTERISTICSAPPLICATIONS-AC/DC DRIVES-OPERATING CHARACTERISTICS
APPLICATIONS-AC/DC DRIVES-OPERATING CHARACTERISTICS
 
(ANVI) Koregaon Park Call Girls Just Call 7001035870 [ Cash on Delivery ] Pun...
(ANVI) Koregaon Park Call Girls Just Call 7001035870 [ Cash on Delivery ] Pun...(ANVI) Koregaon Park Call Girls Just Call 7001035870 [ Cash on Delivery ] Pun...
(ANVI) Koregaon Park Call Girls Just Call 7001035870 [ Cash on Delivery ] Pun...
 
9953056974 Call Girls In South Ex, Escorts (Delhi) NCR.pdf
9953056974 Call Girls In South Ex, Escorts (Delhi) NCR.pdf9953056974 Call Girls In South Ex, Escorts (Delhi) NCR.pdf
9953056974 Call Girls In South Ex, Escorts (Delhi) NCR.pdf
 
Structural Analysis and Design of Foundations: A Comprehensive Handbook for S...
Structural Analysis and Design of Foundations: A Comprehensive Handbook for S...Structural Analysis and Design of Foundations: A Comprehensive Handbook for S...
Structural Analysis and Design of Foundations: A Comprehensive Handbook for S...
 
(RIA) Call Girls Bhosari ( 7001035870 ) HI-Fi Pune Escorts Service
(RIA) Call Girls Bhosari ( 7001035870 ) HI-Fi Pune Escorts Service(RIA) Call Girls Bhosari ( 7001035870 ) HI-Fi Pune Escorts Service
(RIA) Call Girls Bhosari ( 7001035870 ) HI-Fi Pune Escorts Service
 
Call Girls Service Nagpur Tanvi Call 7001035870 Meet With Nagpur Escorts
Call Girls Service Nagpur Tanvi Call 7001035870 Meet With Nagpur EscortsCall Girls Service Nagpur Tanvi Call 7001035870 Meet With Nagpur Escorts
Call Girls Service Nagpur Tanvi Call 7001035870 Meet With Nagpur Escorts
 
Processing & Properties of Floor and Wall Tiles.pptx
Processing & Properties of Floor and Wall Tiles.pptxProcessing & Properties of Floor and Wall Tiles.pptx
Processing & Properties of Floor and Wall Tiles.pptx
 
Sheet Pile Wall Design and Construction: A Practical Guide for Civil Engineer...
Sheet Pile Wall Design and Construction: A Practical Guide for Civil Engineer...Sheet Pile Wall Design and Construction: A Practical Guide for Civil Engineer...
Sheet Pile Wall Design and Construction: A Practical Guide for Civil Engineer...
 
High Profile Call Girls Nagpur Meera Call 7001035870 Meet With Nagpur Escorts
High Profile Call Girls Nagpur Meera Call 7001035870 Meet With Nagpur EscortsHigh Profile Call Girls Nagpur Meera Call 7001035870 Meet With Nagpur Escorts
High Profile Call Girls Nagpur Meera Call 7001035870 Meet With Nagpur Escorts
 
★ CALL US 9953330565 ( HOT Young Call Girls In Badarpur delhi NCR
★ CALL US 9953330565 ( HOT Young Call Girls In Badarpur delhi NCR★ CALL US 9953330565 ( HOT Young Call Girls In Badarpur delhi NCR
★ CALL US 9953330565 ( HOT Young Call Girls In Badarpur delhi NCR
 
Biology for Computer Engineers Course Handout.pptx
Biology for Computer Engineers Course Handout.pptxBiology for Computer Engineers Course Handout.pptx
Biology for Computer Engineers Course Handout.pptx
 
IMPLICATIONS OF THE ABOVE HOLISTIC UNDERSTANDING OF HARMONY ON PROFESSIONAL E...
IMPLICATIONS OF THE ABOVE HOLISTIC UNDERSTANDING OF HARMONY ON PROFESSIONAL E...IMPLICATIONS OF THE ABOVE HOLISTIC UNDERSTANDING OF HARMONY ON PROFESSIONAL E...
IMPLICATIONS OF THE ABOVE HOLISTIC UNDERSTANDING OF HARMONY ON PROFESSIONAL E...
 

Using PGP for securing the email

  • 1. Using PGP for securing the email Confidentiality and authentication over unsecure channels Student: Gianni Fiore
  • 2. PGP Overview • Pretty Good Privacy (PGP) is a security standard which aims to: • Protect a binary target information from unauthorized eyes • Files, emails, phone calls, chat messages, etc … • Confidentiality within a limited set of people • Provide authentication over data • Undeniable digital signatures • Data ownership certification • Estabilish a secure digital communication channel over an unsecure physical channel • PGP became a de facto standard for email communication because it addressed email protocols limits • Its author, Phil Zimmerman, is a cyber security scientist and an human rights activist.
  • 3. Authentication with PGP 1. Hash of target is calculated 2. Hash is encrypted with writer’s private key 3. Encrypted hash is tailored to the target -----BEGIN PGP SIGNED MESSAGE----- Hash: [used hash algorithm] TARGET CONTENT -----BEGIN PGP SIGNATURE----- Version: [signature software version] TARGET CONTENT ENCRYPTED HASH -----END PGP SIGNATURE----- 4. Readers can decrypt hash with writer’s public key and then match it with their own calculated hash -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 No Regrets About Developing PGP The Friday September 21st Washington Post carried an article by Ariana Cha that I feel misrepresents my views on the role of PGP encryption software in the September 11th terrorist attacks. She interviewed me on Monday September 17th, and we talked about how I felt about the possibility that the terrorists might have used PGP in planning their attack. The article states that as the inventor of PGP, I was "overwhelmed with feelings of guilt". I never implied that in the interview, and specifically went out of my way to […] - Philip Zimmermann 24 September 2001 (This letter may be widely circulated) -----BEGIN PGP SIGNATURE----- Version: PGP 7.0.3 iQA/AwUBO69LAsdGNjmy13leEQIDcgCg4bJ1T4rhvd3qTGximJ9YYw1ErmYAnjj y V0jxraVXJPDdeVCqt7EZSWZn =7vuw -----END PGP SIGNATURE-----
  • 4. Confidentiality with PGP 1. Target is encrypted with random session key 2. Session key is encrypted with readers’ public key Note: a key can be encrypted more than one time, producing a set of encrypted values referred to the same key. 3. Encrypted target and encrypted session key[s] are joint together -----BEGIN PGP MESSAGE----- Charset: [used charset encoding] Version: [encryption software version] TARGET CONTENT -----END PGP MESSAGE----- 4. Readers can decrypt session key with their private key and then use it to decrypt the target -----BEGIN PGP MESSAGE----- Charset: utf-8 Version: GnuPG v2 hQEMA1e5z5QZk2BfAQf+KY/xL8hYrzTY4B2WnHXrxPl7X0ASl3PbQNwnJWUBQ1vC /jFjNzuzIwVAU3lEpNHqr00Lw6CHCwbklttiHat++8J/2CxD/S0jhhgTo+oOuqrd Huse6agG3hqCRq1Oa2JlYQqvDBfzWvdVC6gt24sAwnPL97QZ5A2hHfAYzV66KkcT qG75beAMoM7XtrcgPGBWkgcgZ1hOf8MAT42BQ5+GEaQ1mi3y3k0UdXNLtXO+GCoR yLOtqSlmI6AzQ+HGwDDDUZp7yonohUnPcUXu+mkIug/gcRWRwIlSJ9HkwcJZ5QlY Jg7UvOhU9UwmwPqNqdMHUCHeHABtKobkkECvPY4NSIUBDAMOFqxuoKQ1pwEIAL7Y d7/BJ4yi2C/2tIoQzXXMwZctDHbtT2c1N9Ni9G41nxkQEt5yYRJjYBdm6e4ICRUi GRTourQMvhEObaUwaBJDT8dkdpZSDKiawirwaa6s1mj/JoO1B60CdzxD5bk/W9C6 XN1NVmHt+PlJRZoCxbRpSv4rWctERIlDXsP/BE0VbfL7T6QifR2umzHRkswkkXHu YL9Z0Id6xOw/XF3Payz+bxxTwFy2+jlEHwLs/nW7YfL5/turZG2edo9xfPozF9+1 d/Ha5G9WoGsnxEun75YsS+C283a0jzzlMf2nCH+REMhKNtqxzLQFaLsHKHVJCSqR OJ2fqjuaDlk9uXRDH8bSwLwBYKuiKZhOGWw0XuffKinkTMBjO93MigJdphpGTC7Z Xn2sDbGVrj3h1eDjAGzGzzbD6Z5+AR6v4Jf1NXrzdZ9DRegedic/Fndd3kQxnQZm 5ZHPE/hpjXC62MG/ypjWZUOmvWWzYx/J+go1jOr01qeDhqJtLAAngjAJQk6Gwm3x ApDdBgHFVoUeFmSViRUDCXhxQ1nO2+6DwoS0gstYrTvFVIXFtfam+qwwZVAa/B2o LI8GzwQvgE2cbuAgLVy/Tx6xZQnSs7Cey/AZfG5QBbajxwXNWKQIAQeA54+gB5GC pMFANZap99NvUnqThpHy4uDkZ/hV43b+ZseOIr9eJwQ46KjGBKS7HKT3O1rQvtbn mxkg0Tf1mah8KtQ7TQN/aGoOtlGFi4TajgBABWYktZJOFqtf7Us4h90KdXy272YK WgCdwuY9SzPdgPxzNMOAickNcZXcpaRD/Nja8W9suJivK4q5JSh5K3b7nYWSOorY iMVyOs8oJWgPOcTx2w== =SlpZ -----END PGP MESSAGE-----
  • 5. Authentication and confidentiality A signed target can further be encrypted to get both authentication and confidentiality over an unsecure channel:
  • 6. Enforcing email protocols PGP solves several email protocols problems: Email without PGP Email with PGP Confidentiality Authentication Data Integrity Metadata confidentiality
  • 7. PGP Keys Management Each PGP user can create its own keypair, i.e. a public key and its correspondent RSA private key. Private keys are meant to be known only to the user who creates the keypair and are protected by a passphrase. Public keys can be shared with others using a channel of preference • Word of mouth • Key signing party • Key servers PHIL ZIMMERMANN PUBLIC KEYS Current DSS/Diffie-Hellman Key: Key fingerprint: 055F C78F 1121 9349 2C4F 37AF C746 3639 B2D7 795E Older DSS/Diffie-Hellman Key: Key fingerprint: 17AF BAAF 2106 4E51 3F03 7E6E 63CB 691D FAEB D5FC Ancient RSA Key: Key fingerprint: 9E94 4513 3983 5F70 7BE7 D8ED C4BE 5AA6
  • 8. PGP Keyrings As for the PGP standard, RSA keys are stored in keyrings. Each user has: • A public keyring, with its own public keys and public keys of users who knows, used to verify signatures and to encrypt data. • A private keyring, with its own private keys, used to sign and to decrypt data.
  • 9. PGP and the Web of Trust Each PGP user can sign other users’ public keys, certifying publicly that they are really associated to their identities. To each public key owner can be associated a level of trust, i.e. an indicator about how must the user is trustworthy in the activity of giving trust to third users. Levels of trust network forms a Web of Trust (WoT), a connected graph (according to the Small World Effect) which give peer users the ability to gain digital trustworthiness depending on other users’ trust in real world.
  • 10. PGP and mailing lists security When it comes to mailing lists, PGP model does not deal with it in a direct mode, since it was designed for one-to-one communications. In a mailing list, there are multiple communication partners. Supposing all of them are using PGP, there are still problems: • How to encrypt mailing list content in such a way that: • All mailing list’s members can read it • All mailing list’s members can post without loosing confidentiality • All other users which are not members of the mailing list in no way can access the content • Mailing lists member can prove their membership to mailing list and their personal identity to other members Let’s use Google Groups mailing list service to inspect the problem.
  • 11. PGP and Google Groups Suppose a Google Group has been created and all authorized people have been joined it. Despite they trust that Google won’t reveal mailing list content to third parties, users decide they don’t want to let even Google servers access their communication content. Group members should first using the group itself to communicate each other their public keys (note that Google won’t reveal automatically other members’ email). There are two possible PGP solutions: • SOLUTION 1: Since everyone know other people’s public key, each message can be encrypted with PGP using all public keys of group members and can be signed with own private key. Each member can decrypt with its own private key. • SOLUTION 2: A group leader should create a new keypair for the Google Group email and distribute it to all the members encrypting it with their public keys. Since everyone share a keypair, they can encrypt their posts with group’s public key, signing them with own private key, and decrypting them with group’s private key locally.
  • 12. PGP and Google Groups SOLUTION 1: Since everyone knows other people public key, each message can be encrypted with PGP using all public keys of group members and can be signed with own private key. Each member can decrypt with its own private key. • PROS: No need for a group leader and further keypairs. If an user leaves the group, it suffices to not encrypt anymore with its public key. If an user join the group, it suffices to add its public key to encryption phase. • CONS: Higher complexity for group members to maintain manually a set of allowed public keys. New users can’t access mailing list’s history unless someone would encrypt for him old content. SOLUTION 2: A group leader should create a new keypair for the Google Group email and distribute it to all the members encrypting it with their public keys. Since everyone share a keypair, they can encrypt their posts with group’s public key, signing them with own private key, and decrypting them with group’s private key locally. • PROS: Limited complexity for group members. New users have full access to mailing list access. Stronger signatures on messages (both own private key and group private key). • CONS: Need for a group leader. Exiting users can continue decrypting messages, unless group leader changes group keypair.
  • 13. PGP and Google Groups Let’s inspect deeply the second solution with an example:
  • 14. GnuPG Most widely used open source solution for PGP usage is the multiplatform software GnuPG. It can generate keypairs, manage them in keyrings and transfer a copy to known key servers for other users to pull them. Once in the keyring, keys can be used for encryption, decryption, signature, signature validation and combination of them. It also offers a keyring manager which allow to set for each key a level of trust among: unknown, never, marginal, full and ultimate.
  • 15. Mail User Agents compatibility Several Mail User Agents can access PGP functionalities using third-parties components. Since they need, by design, to collect the history of sent emails, usually they encrypt emails with both receivers public key and public key of sender itself. This way the sender can access his mailbox later being able to decrypt what he wrote. Most plugins interact also with desktop installations of OpenPGP software such as GnuPG to automatically import keyrings.
  • 16. Mozilla Thunderbird & Enigmail Mozilla Thunderbird mail client can work in conjunction with addon Enigmail to use PGP. It is interfaced with GnuPG for keyrings management.
  • 17. Gmail & Mailvelope Gmail email client can work in conjunction with browser extension Mailvelope to use PGP. It allow import of keys to build a copy of the keyrings for extension usage.
  • 18. PGP implementations PGP is today a proprietary integrated software. An open version of PGP is OpenPGP, correspondent to standard RFC4880 Several implementation exists, as full encryption software programs, mobile applications, software/language modules, or browser extension for email clients. PGP is used in a wide variety of security applications, including email exchange, chat, phone calls, files, directories and whole hard disks.