SlideShare a Scribd company logo

Crypto hlug

F
fangjiafu

The document provides an overview of practical cryptography and the GPG/PGP encryption tools. It discusses symmetric and public key cryptography theory. It then demonstrates how to use GPG/PGP to generate keys, encrypt and decrypt files, digitally sign documents, verify signatures, and distribute public keys through a key server. It also discusses how the web of trust model works to validate identities through in-person key signing after carefully verifying a user's identity.

TechnologyEducation
1 of 40
Download to read offline
Practical Cryptography A User's Guide Hugo Mills
What's in this talk ● Introduction & Theory – Symmetric Crypto – Public Key Crypto – Encryption and signing ● GPG/PGP – What it is – Key creation and basic management – Encryption & decryption – Signing – Key management
What's in the next talk(s)? ● gpg – Mail client integration; GUIs ● ssh – Key creation; Use; Key management; Agents ● X.509 certificates – Generating certs; Management in browsers; Apache and HTTPS
Theory: Traditional Crypto Hello, QRGEF World AJJTO Symmetric Cryptography
Theory: Traditional Crypto Hello, Hello, World World QRGEF QRGEF AJJTO AJJTO
Symmetric systems ● DES ● 3DES ● AES (Rijndael) ● Blowfish ● Twofish
Theory: Public Key Crypto A Hello, QRGEF World AJJTO B
Theory: Public Key Crypto Hello, Hello, World World A B QRGEF QRGEF AJJTO AJJTO
Public/Private Keys ● Public Key ● Private key – Can be seen by – Must be kept secret anyone – Can be used to find – System still secure matching public key B A ● Keys generated together as a keypair
Public-key systems ● RSA ● ElGamal ● DSA
The Important Bit What one key does, the other undoes.
Theory: Signatures Hello, World B A Hello, Hello, World World 20958 20958
Part 2 GPG (PGP)
GPG: What does it do? ● Everything: – Encryption – Decryption – Signing – Signature checking – Web of trust
Key creation $ gpg --gen-key ... Please select what kind of key you want: (1) DSA and Elgamal (default) (2) DSA (sign only) (5) RSA (sign only) Your selection? 1 DSA keypair will have 1024 bits. ELG-E keys may be between 1024 and 4096 bits long. What keysize do you want? (2048) 2048 Requested keysize is 2048 bits
Key creation Please specify how long the key should be valid. 0 = key does not expire <n> = key expires in n days <n>w = key expires in n weeks <n>m = key expires in n months <n>y = key expires in n years Key is valid for? (0) 5y Key expires at Wed 30 Jan 2013 14:28:40 GMT Is this correct? (y/N) y
Key creation You need a user ID to identify your key; the software constructs the user ID from the Real Name, Comment and Email Address in this form: "Heinrich Heine (Der Dichter) <heinrichh@...>" Real name: Harry Pearce Email address: pearceh@mi5.gov.uk Comment: Section D You selected this USER-ID: "Harry Pearce (Section D) <pearceh@mi5.gov.uk>" Change (N)ame, (C)omment, (E)mail or (O)kay/(Q)uit? o You need a Passphrase to protect your secret key. Enter passphrase:
Key creation gpg: key 603652F2 marked as ultimately trusted public and secret key created and signed. gpg: checking the trustdb gpg: 3 marginal(s) needed, 1 complete(s) needed, PGP trust model gpg: depth: 0 valid: 1 signed: 0 trust: 0-, 0q, 0n, 0m, 0f, 1u gpg: next trustdb check due at 2013-01-30 pub 1024D/603652F2 2008-02-01 [expires: 2013-01-30] Key fingerprint = 628B 640D A7A6 4F98 D746 E355 8B26 B823 6036 52F2 uid Harry Pearce (Head of Section D) <pearceh@mi5.gov.uk> sub 2048g/FFC30BC8 2008-02-01 [expires: 2013-01-30] All done, keypair created.
Encryption pearce@willow:~$ ls my-secrets.txt pearce@willow:~$ cat my-secrets.txt Section D personnel Carter, Adam Younis, Zafar Portman, Jo Wynn-Jones, Malcolm James, Connie
Encryption $ gpg -e my-secrets.txt You did not specify a user ID. (you may use "-r") Current recipients: Enter the user ID. End with an empty line: pearceh@mi5.gov.uk Current recipients: 2048g/0FC718A8 2007-12-07 "Harry Pearce (Head of Section D) <pearceh@mi5.gov.uk>" Enter the user ID. End with an empty line: $ ls my-secrets.txt my-secrets.txt.gpg
Decryption pearce@willow:~$ gpg -d my-secrets.txt.gpg You need a passphrase to unlock the secret key for user: “Harry Pearce (Section D) <pearceh@mi5.gov.uk>” 2048-bit ELG-E key, ID FFC30BC8, created 2008-02-01 (main key ID 603652F2) Enter passphrase: Section D personnel Carter, Adam Younis, Zafar Portman, Jo Wynn-Jones, Malcolm James, Connie
Signatures pearce@willow:~$ cat will.txt In the event of my death, I hereby leave all my worldly goods and chattels to the Battersea Dogs Home. Harry Pearce. pearce@willow:~$ gpg --clearsign will.txt You need a passphrase to unlock the secret key for user: "Harry Pearce (Section D) <pearceh@mi5.gov.uk>" 1024-bit DSA key, ID 603652F2, created 2008-02-01 pearce@willow:~$ ls my-secrets.txt my-secrets.txt.gpg will.txt will.txt.asc
Signatures pearce@willow:~$ cat will.txt.asc -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 In the event of my death, I hereby leave all my worldly goods and chattels to the Battersea Dogs Home. Harry Pearce. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.6 (GNU/Linux) iD8DBQFHoztsiya4I2A2UvIRAqHrAJ9SzWJkBcBQepCIrtZNTTz8gd qBuACfXlC2 rWl83jYJKlJbmNx7THQRIWw= =mBj0 -----END PGP SIGNATURE-----
Verify a signature pearce@willow:~$ gpg --verify will.txt.asc gpg: Signature made Fri 01 Feb 2008 15:31:56 GMT using DSA key ID 603652F2 gpg: Good signature from "Harry Pearce (Section D) <pearceh@mi5.gov.uk>"
Key Distribution ● Q. How to get your public key to someone? ● A. A Public Key server! ● ● Upload your key to the server ● Others can download it – Verify your signatures – Encrypt files for you to read
Key Distribution pearceh@willow:~$ gpg --send-keys --keyserver wwwkeys.uk.pgp.net 603652F2 gpg: sending key 603652F2 to hkp server wwwkeys.uk.pgp.net
Key Distribution pearce@willow:~$ gpg --recv-keys --keyserver wwwkeys.uk.pgp.net EA2B228F gpg: requesting key EA2B228F from hkp server wwwkeys.uk.pgp.net gpg: key EA2B228F: public key "Hugo Mills (University of Southampton) <hugo@omii.ac.uk>" imported gpg: 3 marginal(s) needed, 1 complete(s) needed, PGP trust model gpg: depth: 0 valid: 1 signed: 0 trust: 0-, 0q, 0n, 0m, 0f, 1u gpg: next trustdb check due at 2013-01-30 gpg: Total number processed: 1 gpg: imported: 1
Web Of Trust ● Q. How do I know the key is good? ● A. Web of Trust ● ● Signing a key – I have verified the identity of the person – I have verified that this key is controlled by that person – I trust this person to perform those same checks well
Web Of Trust A A A A A A ? A
Keysigning ● Signing a key is a statement that: – I believe and have verified that this key is controlled by a person matching the identity in the key – I trust this person to perform similarly good identity checks ● ● Beforehand – gpg --fingerprint 603652F2 – Print out several copies on slips of paper
Keysigning ● When you meet – Exchange fingerprint slips and ID papers – Check ID papers against person (does the photo match?) – Check ID papers against the key details – Initial the slip and keep it – Hand papers back ● What to accept for ID? – Passport, national ID card, photo driving license, other government-issued photo ID – Some people only accept passport – up to you
Keysigning ● After you meet – gpg --recv-keys keyid – gpg --fingerprint keyid ● Check this with the fingerprint on paper – dd if=/dev/urandom count=64 bs=1 | hexdump >person.gpg ● Encrypt and mail it to their email addresses, asking for it to be returned to you. – Check the returned mail against the copy you kept – Sign and upload the key
Keysigning pearce@willow:~$ gpg --ask-cert-level --sign-key EA2B228F [...] pub 1024D/EA2B228F created: 2007-09-06 expires: 2009-09-05 usage: SC trust: unknown validity: unknown Primary key fingerprint: 8995 11CC 3CA7 690C C09E 43B3 420D F030 EA2B 228F Hugo Mills (University of Southampton) <hugo@omii.ac.uk> This key is due to expire on 2009-09-05. How carefully have you verified the key you are about to sign actually belongs to the person named above? If you don't know what to answer, enter "0". (0) I will not answer. (default) (1) I have not checked at all. (2) I have done casual checking. (3) I have done very careful checking.
Keysigning Your selection? (enter `?' for more information): 3 Are you sure that you want to sign this key with your key "Harry Pearce (Section D) <pearceh@mi5.gov.uk>" (603652F2) I have checked this key very carefully. Really sign? (y/N) y You need a passphrase to unlock the secret key for user: "Harry Pearce (Section D) <pearceh@mi5.gov.uk>" 1024-bit DSA key, ID 603652F2, created 2008-02-01 passphrase pearce@willow:~$ gpg --send-keys EA2B228F gpg: sending key EA2B228F to hkp server wwwkeys.uk.pgp.net All done.
Key Management ● List public keys – gpg --list-keys ● List public keys and their fingerprints – gpg --fingerprint ● List public keys and their signatures – gpg --list-sigs ● Can do this for a particular key using key ID, name or email address to search
Key Management ● gpg --edit-key – Interactive key viewer and editor – Sign keys, check signatures, remove sigs – Add/remove subkeys (other identities, email addresses, etc) – Change trust parameters – Revoke keys – Option to save changes on exit
Key Revocation ● If your key becomes compromised, or otherwise defunct – Private key file lost, stolen or compromised – Lost passphrase – No longer used – Newer key in use ● Use a revocation certificate to cancel your key ● Generate cert when you generate key
Key revocation ● Generate a revocation cert – gpg --gen-revoke 603652F2 >revoke.gpg ● Best when you generate the key ● Keep this file safe ● To revoke the key, import it into GPG – gpg --import <revoke.gpg – gpg --send-keys 603652F2
Further reading ● gpg --edit-key has a “help” command ● http://gnupg.org/
Any questions?

Recommended

Seguridad en microservicios via micro profile jwt
Seguridad en microservicios via micro profile jwtSeguridad en microservicios via micro profile jwt
Seguridad en microservicios via micro profile jwt
César Hernández
 
CONFidence 2018: Outsmarting smart contracts - an essential walkthrough a blo...
CONFidence 2018: Outsmarting smart contracts - an essential walkthrough a blo...CONFidence 2018: Outsmarting smart contracts - an essential walkthrough a blo...
CONFidence 2018: Outsmarting smart contracts - an essential walkthrough a blo...
PROIDEA
 
OpenPGP/GnuPG Encryption
OpenPGP/GnuPG EncryptionOpenPGP/GnuPG Encryption
OpenPGP/GnuPG Encryption
Tanner Lovelace
 
Basics of GnuPG (gpg) command in linux
Basics of GnuPG (gpg) command in linuxBasics of GnuPG (gpg) command in linux
Basics of GnuPG (gpg) command in linux
Sanjeev Kumar Jaiswal
 
Pgsodium's Features: those not provided by pgcrypto and integration with rem...
Pgsodium's Features: those not provided by pgcrypto and integration with rem... Pgsodium's Features: those not provided by pgcrypto and integration with rem...
Pgsodium's Features: those not provided by pgcrypto and integration with rem...
EDB
 
CryptoGraphy Module in Mulesoft
CryptoGraphy Module in MulesoftCryptoGraphy Module in Mulesoft
CryptoGraphy Module in Mulesoft
shyamraj55
 
Puppet Camp NYC 2014: Safely storing secrets and credentials in Git for use b...
Puppet Camp NYC 2014: Safely storing secrets and credentials in Git for use b...Puppet Camp NYC 2014: Safely storing secrets and credentials in Git for use b...
Puppet Camp NYC 2014: Safely storing secrets and credentials in Git for use b...
Puppet
 
Mulesoft Meetup Cryptography Module
Mulesoft Meetup Cryptography ModuleMulesoft Meetup Cryptography Module
Mulesoft Meetup Cryptography Module
ManjuKumara GH
 

Recommended

Seguridad en microservicios via micro profile jwt
Seguridad en microservicios via micro profile jwtSeguridad en microservicios via micro profile jwt
Seguridad en microservicios via micro profile jwt
César Hernández
 
CONFidence 2018: Outsmarting smart contracts - an essential walkthrough a blo...
CONFidence 2018: Outsmarting smart contracts - an essential walkthrough a blo...CONFidence 2018: Outsmarting smart contracts - an essential walkthrough a blo...
CONFidence 2018: Outsmarting smart contracts - an essential walkthrough a blo...
PROIDEA
 
OpenPGP/GnuPG Encryption
OpenPGP/GnuPG EncryptionOpenPGP/GnuPG Encryption
OpenPGP/GnuPG Encryption
Tanner Lovelace
 
Basics of GnuPG (gpg) command in linux
Basics of GnuPG (gpg) command in linuxBasics of GnuPG (gpg) command in linux
Basics of GnuPG (gpg) command in linux
Sanjeev Kumar Jaiswal
 
Pgsodium's Features: those not provided by pgcrypto and integration with rem...
Pgsodium's Features: those not provided by pgcrypto and integration with rem... Pgsodium's Features: those not provided by pgcrypto and integration with rem...
Pgsodium's Features: those not provided by pgcrypto and integration with rem...
EDB
 
CryptoGraphy Module in Mulesoft
CryptoGraphy Module in MulesoftCryptoGraphy Module in Mulesoft
CryptoGraphy Module in Mulesoft
shyamraj55
 
Puppet Camp NYC 2014: Safely storing secrets and credentials in Git for use b...
Puppet Camp NYC 2014: Safely storing secrets and credentials in Git for use b...Puppet Camp NYC 2014: Safely storing secrets and credentials in Git for use b...
Puppet Camp NYC 2014: Safely storing secrets and credentials in Git for use b...
Puppet
 
Mulesoft Meetup Cryptography Module
Mulesoft Meetup Cryptography ModuleMulesoft Meetup Cryptography Module
Mulesoft Meetup Cryptography Module
ManjuKumara GH
 
Gnu Privacy Guard - Intro
Gnu Privacy Guard - IntroGnu Privacy Guard - Intro
Gnu Privacy Guard - Intro
O. R. Kumaran
 
Cryptography 101
Cryptography 101Cryptography 101
Cryptography 101
Aditya Kamat
 
Thwarting The Surveillance in Online Communication by Adhokshaj Mishra
Thwarting The Surveillance in Online Communication by Adhokshaj MishraThwarting The Surveillance in Online Communication by Adhokshaj Mishra
Thwarting The Surveillance in Online Communication by Adhokshaj Mishra
OWASP Delhi
 
PGP and Enigmail
PGP and EnigmailPGP and Enigmail
PGP and Enigmail
Tania Silva
 
Berlinsides2017
Berlinsides2017Berlinsides2017
Berlinsides2017
aestetix
 
Bitcoin’s blockchain - from hashes to Escrow and beyond
Bitcoin’s blockchain - from hashes to Escrow and beyondBitcoin’s blockchain - from hashes to Escrow and beyond
Bitcoin’s blockchain - from hashes to Escrow and beyond
Grzegorz Gawron
 
BTC2019 - The Key Creation Ceremony
BTC2019 - The Key Creation CeremonyBTC2019 - The Key Creation Ceremony
BTC2019 - The Key Creation Ceremony
Joshua McDougall
 
Total privacy of transactions, Mimblewimble and Grin
Total privacy of transactions, Mimblewimble and GrinTotal privacy of transactions, Mimblewimble and Grin
Total privacy of transactions, Mimblewimble and Grin
Eugene Pavlenko
 
Cybersecurity Awareness Training Presentation v1.2
Cybersecurity Awareness Training Presentation v1.2Cybersecurity Awareness Training Presentation v1.2
Cybersecurity Awareness Training Presentation v1.2
DallasHaselhorst
 
Introducing Cloakcast
Introducing CloakcastIntroducing Cloakcast
Introducing Cloakcast
Steve Phillips
 
Strong cryptography in PHP
Strong cryptography in PHPStrong cryptography in PHP
Strong cryptography in PHP
Enrico Zimuel
 
Securing your Bitcoin wallet
Securing your Bitcoin walletSecuring your Bitcoin wallet
Securing your Bitcoin wallet
Ron Reiter
 
Security everywhere digital signature and digital fingerprint v1 (personal)
Security everywhere digital signature and digital fingerprint v1 (personal)Security everywhere digital signature and digital fingerprint v1 (personal)
Security everywhere digital signature and digital fingerprint v1 (personal)
Paul Yang
 
Unit-III_3R-CRYPTO_2021-22_VSM.pptx
Unit-III_3R-CRYPTO_2021-22_VSM.pptxUnit-III_3R-CRYPTO_2021-22_VSM.pptx
Unit-III_3R-CRYPTO_2021-22_VSM.pptx
VishwanathMahalle
 
Don't Give Credit: Hacking Arcade Machines
Don't Give Credit: Hacking Arcade MachinesDon't Give Credit: Hacking Arcade Machines
Don't Give Credit: Hacking Arcade Machines
Michael Scovetta
 
Linux securities
Linux securitiesLinux securities
Linux securities
Gaurav Mishra
 
Asymmetric Cryptography
Asymmetric CryptographyAsymmetric Cryptography
Asymmetric Cryptography
UTD Computer Security Group
 
Gpg basics
Gpg basicsGpg basics
Gpg basics
obsidisconsortia
 
Using pgp with mule
Using pgp with muleUsing pgp with mule
Using pgp with mule
Anil Kumar V
 
Using pgp with mule
Using pgp with muleUsing pgp with mule
Using pgp with mule
Anil Kumar V
 
Wce internals rooted_con2011_ampliasecurity
Wce internals rooted_con2011_ampliasecurityWce internals rooted_con2011_ampliasecurity
Wce internals rooted_con2011_ampliasecurity
fangjiafu
 
Oracle forensics 101
Oracle forensics 101Oracle forensics 101
Oracle forensics 101
fangjiafu
 

More Related Content

Similar to Crypto hlug

Gnu Privacy Guard - Intro
Gnu Privacy Guard - IntroGnu Privacy Guard - Intro
Gnu Privacy Guard - Intro
O. R. Kumaran
 
Cryptography 101
Cryptography 101Cryptography 101
Cryptography 101
Aditya Kamat
 
Thwarting The Surveillance in Online Communication by Adhokshaj Mishra
Thwarting The Surveillance in Online Communication by Adhokshaj MishraThwarting The Surveillance in Online Communication by Adhokshaj Mishra
Thwarting The Surveillance in Online Communication by Adhokshaj Mishra
OWASP Delhi
 
PGP and Enigmail
PGP and EnigmailPGP and Enigmail
PGP and Enigmail
Tania Silva
 
Berlinsides2017
Berlinsides2017Berlinsides2017
Berlinsides2017
aestetix
 
Bitcoin’s blockchain - from hashes to Escrow and beyond
Bitcoin’s blockchain - from hashes to Escrow and beyondBitcoin’s blockchain - from hashes to Escrow and beyond
Bitcoin’s blockchain - from hashes to Escrow and beyond
Grzegorz Gawron
 
BTC2019 - The Key Creation Ceremony
BTC2019 - The Key Creation CeremonyBTC2019 - The Key Creation Ceremony
BTC2019 - The Key Creation Ceremony
Joshua McDougall
 
Total privacy of transactions, Mimblewimble and Grin
Total privacy of transactions, Mimblewimble and GrinTotal privacy of transactions, Mimblewimble and Grin
Total privacy of transactions, Mimblewimble and Grin
Eugene Pavlenko
 
Cybersecurity Awareness Training Presentation v1.2
Cybersecurity Awareness Training Presentation v1.2Cybersecurity Awareness Training Presentation v1.2
Cybersecurity Awareness Training Presentation v1.2
DallasHaselhorst
 
Introducing Cloakcast
Introducing CloakcastIntroducing Cloakcast
Introducing Cloakcast
Steve Phillips
 
Strong cryptography in PHP
Strong cryptography in PHPStrong cryptography in PHP
Strong cryptography in PHP
Enrico Zimuel
 
Securing your Bitcoin wallet
Securing your Bitcoin walletSecuring your Bitcoin wallet
Securing your Bitcoin wallet
Ron Reiter
 
Security everywhere digital signature and digital fingerprint v1 (personal)
Security everywhere digital signature and digital fingerprint v1 (personal)Security everywhere digital signature and digital fingerprint v1 (personal)
Security everywhere digital signature and digital fingerprint v1 (personal)
Paul Yang
 
Unit-III_3R-CRYPTO_2021-22_VSM.pptx
Unit-III_3R-CRYPTO_2021-22_VSM.pptxUnit-III_3R-CRYPTO_2021-22_VSM.pptx
Unit-III_3R-CRYPTO_2021-22_VSM.pptx
VishwanathMahalle
 
Don't Give Credit: Hacking Arcade Machines
Don't Give Credit: Hacking Arcade MachinesDon't Give Credit: Hacking Arcade Machines
Don't Give Credit: Hacking Arcade Machines
Michael Scovetta
 
Linux securities
Linux securitiesLinux securities
Linux securities
Gaurav Mishra
 
Asymmetric Cryptography
Asymmetric CryptographyAsymmetric Cryptography
Asymmetric Cryptography
UTD Computer Security Group
 
Gpg basics
Gpg basicsGpg basics
Gpg basics
obsidisconsortia
 
Using pgp with mule
Using pgp with muleUsing pgp with mule
Using pgp with mule
Anil Kumar V
 
Using pgp with mule
Using pgp with muleUsing pgp with mule
Using pgp with mule
Anil Kumar V
 

Similar to Crypto hlug (20)

Gnu Privacy Guard - Intro
Gnu Privacy Guard - IntroGnu Privacy Guard - Intro
Gnu Privacy Guard - Intro
 
Cryptography 101
Cryptography 101Cryptography 101
Cryptography 101
 
Thwarting The Surveillance in Online Communication by Adhokshaj Mishra
Thwarting The Surveillance in Online Communication by Adhokshaj MishraThwarting The Surveillance in Online Communication by Adhokshaj Mishra
Thwarting The Surveillance in Online Communication by Adhokshaj Mishra
 
PGP and Enigmail
PGP and EnigmailPGP and Enigmail
PGP and Enigmail
 
Berlinsides2017
Berlinsides2017Berlinsides2017
Berlinsides2017
 
Bitcoin’s blockchain - from hashes to Escrow and beyond
Bitcoin’s blockchain - from hashes to Escrow and beyondBitcoin’s blockchain - from hashes to Escrow and beyond
Bitcoin’s blockchain - from hashes to Escrow and beyond
 
BTC2019 - The Key Creation Ceremony
BTC2019 - The Key Creation CeremonyBTC2019 - The Key Creation Ceremony
BTC2019 - The Key Creation Ceremony
 
Total privacy of transactions, Mimblewimble and Grin
Total privacy of transactions, Mimblewimble and GrinTotal privacy of transactions, Mimblewimble and Grin
Total privacy of transactions, Mimblewimble and Grin
 
Cybersecurity Awareness Training Presentation v1.2
Cybersecurity Awareness Training Presentation v1.2Cybersecurity Awareness Training Presentation v1.2
Cybersecurity Awareness Training Presentation v1.2
 
Introducing Cloakcast
Introducing CloakcastIntroducing Cloakcast
Introducing Cloakcast
 
Strong cryptography in PHP
Strong cryptography in PHPStrong cryptography in PHP
Strong cryptography in PHP
 
Securing your Bitcoin wallet
Securing your Bitcoin walletSecuring your Bitcoin wallet
Securing your Bitcoin wallet
 
Security everywhere digital signature and digital fingerprint v1 (personal)
Security everywhere digital signature and digital fingerprint v1 (personal)Security everywhere digital signature and digital fingerprint v1 (personal)
Security everywhere digital signature and digital fingerprint v1 (personal)
 
Unit-III_3R-CRYPTO_2021-22_VSM.pptx
Unit-III_3R-CRYPTO_2021-22_VSM.pptxUnit-III_3R-CRYPTO_2021-22_VSM.pptx
Unit-III_3R-CRYPTO_2021-22_VSM.pptx
 
Don't Give Credit: Hacking Arcade Machines
Don't Give Credit: Hacking Arcade MachinesDon't Give Credit: Hacking Arcade Machines
Don't Give Credit: Hacking Arcade Machines
 
Linux securities
Linux securitiesLinux securities
Linux securities
 
Asymmetric Cryptography
Asymmetric CryptographyAsymmetric Cryptography
Asymmetric Cryptography
 
Gpg basics
Gpg basicsGpg basics
Gpg basics
 
Using pgp with mule
Using pgp with muleUsing pgp with mule
Using pgp with mule
 
Using pgp with mule
Using pgp with muleUsing pgp with mule
Using pgp with mule
 

More from fangjiafu

Wce internals rooted_con2011_ampliasecurity
Wce internals rooted_con2011_ampliasecurityWce internals rooted_con2011_ampliasecurity
Wce internals rooted_con2011_ampliasecurity
fangjiafu
 
Oracle forensics 101
Oracle forensics 101Oracle forensics 101
Oracle forensics 101
fangjiafu
 
Understanding and selecting_dsp_final
Understanding and selecting_dsp_finalUnderstanding and selecting_dsp_final
Understanding and selecting_dsp_final
fangjiafu
 
Wce12 uba ampliasecurity_eng
Wce12 uba ampliasecurity_engWce12 uba ampliasecurity_eng
Wce12 uba ampliasecurity_eng
fangjiafu
 
Ddos analizi
Ddos analiziDdos analizi
Ddos analizifangjiafu
 
Bypass dbms assert
Bypass dbms assertBypass dbms assert
Bypass dbms assert
fangjiafu
 
Cursor injection
Cursor injectionCursor injection
Cursor injection
fangjiafu
 
Create user to_sysdba
Create user to_sysdbaCreate user to_sysdba
Create user to_sysdba
fangjiafu
 
Presentation nix
Presentation nixPresentation nix
Presentation nix
fangjiafu
 
Layer 7 ddos
Layer 7 ddosLayer 7 ddos
Layer 7 ddos
fangjiafu
 
Tlsoptimizationprint 120224194603-phpapp02
Tlsoptimizationprint 120224194603-phpapp02Tlsoptimizationprint 120224194603-phpapp02
Tlsoptimizationprint 120224194603-phpapp02
fangjiafu
 
Presentation nix
Presentation nixPresentation nix
Presentation nix
fangjiafu
 
Rr 7944
Rr 7944Rr 7944
Rr 7944
fangjiafu
 
Proper passwordhashing
Proper passwordhashingProper passwordhashing
Proper passwordhashing
fangjiafu
 
Burp suite injection中的应用by小冰
Burp suite injection中的应用by小冰Burp suite injection中的应用by小冰
Burp suite injection中的应用by小冰fangjiafu
 
Oech03
Oech03Oech03
Oech03
fangjiafu
 
2008 07-24 kwpm-threads_and_synchronization
2008 07-24 kwpm-threads_and_synchronization2008 07-24 kwpm-threads_and_synchronization
2008 07-24 kwpm-threads_and_synchronization
fangjiafu
 
Unit07
Unit07Unit07
Unit07
fangjiafu
 
Unit05
Unit05Unit05
Unit05
fangjiafu
 

More from fangjiafu (20)

Wce internals rooted_con2011_ampliasecurity
Wce internals rooted_con2011_ampliasecurityWce internals rooted_con2011_ampliasecurity
Wce internals rooted_con2011_ampliasecurity
 
Oracle forensics 101
Oracle forensics 101Oracle forensics 101
Oracle forensics 101
 
Understanding and selecting_dsp_final
Understanding and selecting_dsp_finalUnderstanding and selecting_dsp_final
Understanding and selecting_dsp_final
 
Wce12 uba ampliasecurity_eng
Wce12 uba ampliasecurity_engWce12 uba ampliasecurity_eng
Wce12 uba ampliasecurity_eng
 
Ddos analizi
Ddos analiziDdos analizi
Ddos analizi
 
Bypass dbms assert
Bypass dbms assertBypass dbms assert
Bypass dbms assert
 
Cursor injection
Cursor injectionCursor injection
Cursor injection
 
Create user to_sysdba
Create user to_sysdbaCreate user to_sysdba
Create user to_sysdba
 
Presentation nix
Presentation nixPresentation nix
Presentation nix
 
Layer 7 ddos
Layer 7 ddosLayer 7 ddos
Layer 7 ddos
 
Tlsoptimizationprint 120224194603-phpapp02
Tlsoptimizationprint 120224194603-phpapp02Tlsoptimizationprint 120224194603-phpapp02
Tlsoptimizationprint 120224194603-phpapp02
 
Fp
FpFp
Fp
 
Presentation nix
Presentation nixPresentation nix
Presentation nix
 
Rr 7944
Rr 7944Rr 7944
Rr 7944
 
Proper passwordhashing
Proper passwordhashingProper passwordhashing
Proper passwordhashing
 
Burp suite injection中的应用by小冰
Burp suite injection中的应用by小冰Burp suite injection中的应用by小冰
Burp suite injection中的应用by小冰
 
Oech03
Oech03Oech03
Oech03
 
2008 07-24 kwpm-threads_and_synchronization
2008 07-24 kwpm-threads_and_synchronization2008 07-24 kwpm-threads_and_synchronization
2008 07-24 kwpm-threads_and_synchronization
 
Unit07
Unit07Unit07
Unit07
 
Unit05
Unit05Unit05
Unit05
 

Recently uploaded

Your One-Stop Shop for Python Success: Top 10 US Python Development Providers
Your One-Stop Shop for Python Success: Top 10 US Python Development ProvidersYour One-Stop Shop for Python Success: Top 10 US Python Development Providers
Your One-Stop Shop for Python Success: Top 10 US Python Development Providers
akankshawande
 
Overcoming the PLG Trap: Lessons from Canva's Head of Sales & Head of EMEA Da...
Overcoming the PLG Trap: Lessons from Canva's Head of Sales & Head of EMEA Da...Overcoming the PLG Trap: Lessons from Canva's Head of Sales & Head of EMEA Da...
Overcoming the PLG Trap: Lessons from Canva's Head of Sales & Head of EMEA Da...
saastr
 
"Frontline Battles with DDoS: Best practices and Lessons Learned", Igor Ivaniuk
"Frontline Battles with DDoS: Best practices and Lessons Learned", Igor Ivaniuk"Frontline Battles with DDoS: Best practices and Lessons Learned", Igor Ivaniuk
"Frontline Battles with DDoS: Best practices and Lessons Learned", Igor Ivaniuk
Fwdays
 
9 CEO's who hit $100m ARR Share Their Top Growth Tactics Nathan Latka, Founde...
9 CEO's who hit $100m ARR Share Their Top Growth Tactics Nathan Latka, Founde...9 CEO's who hit $100m ARR Share Their Top Growth Tactics Nathan Latka, Founde...
9 CEO's who hit $100m ARR Share Their Top Growth Tactics Nathan Latka, Founde...
saastr
 
GraphRAG for LifeSciences Hands-On with the Clinical Knowledge Graph
GraphRAG for LifeSciences Hands-On with the Clinical Knowledge GraphGraphRAG for LifeSciences Hands-On with the Clinical Knowledge Graph
GraphRAG for LifeSciences Hands-On with the Clinical Knowledge Graph
Neo4j
 
Main news related to the CCS TSI 2023 (2023/1695)
Main news related to the CCS TSI 2023 (2023/1695)Main news related to the CCS TSI 2023 (2023/1695)
Main news related to the CCS TSI 2023 (2023/1695)
Jakub Marek
 
What is an RPA CoE? Session 1 – CoE Vision
What is an RPA CoE? Session 1 – CoE VisionWhat is an RPA CoE? Session 1 – CoE Vision
What is an RPA CoE? Session 1 – CoE Vision
DianaGray10
 
The Microsoft 365 Migration Tutorial For Beginner.pptx
The Microsoft 365 Migration Tutorial For Beginner.pptxThe Microsoft 365 Migration Tutorial For Beginner.pptx
The Microsoft 365 Migration Tutorial For Beginner.pptx
operationspcvita
 
Introduction of Cybersecurity with OSS at Code Europe 2024
Introduction of Cybersecurity with OSS at Code Europe 2024Introduction of Cybersecurity with OSS at Code Europe 2024
Introduction of Cybersecurity with OSS at Code Europe 2024
Hiroshi SHIBATA
 
Y-Combinator seed pitch deck template PP
Y-Combinator seed pitch deck template PPY-Combinator seed pitch deck template PP
Y-Combinator seed pitch deck template PP
c5vrf27qcz
 
Principle of conventional tomography-Bibash Shahi ppt..pptx
Principle of conventional tomography-Bibash Shahi ppt..pptxPrinciple of conventional tomography-Bibash Shahi ppt..pptx
Principle of conventional tomography-Bibash Shahi ppt..pptx
BibashShahi
 
June Patch Tuesday
June Patch TuesdayJune Patch Tuesday
June Patch Tuesday
Ivanti
 
Digital Banking in the Cloud: How Citizens Bank Unlocked Their Mainframe
Digital Banking in the Cloud: How Citizens Bank Unlocked Their MainframeDigital Banking in the Cloud: How Citizens Bank Unlocked Their Mainframe
Digital Banking in the Cloud: How Citizens Bank Unlocked Their Mainframe
Precisely
 
Deep Dive: AI-Powered Marketing to Get More Leads and Customers with HyperGro...
Deep Dive: AI-Powered Marketing to Get More Leads and Customers with HyperGro...Deep Dive: AI-Powered Marketing to Get More Leads and Customers with HyperGro...
Deep Dive: AI-Powered Marketing to Get More Leads and Customers with HyperGro...
saastr
 
Astute Business Solutions | Oracle Cloud Partner |
Astute Business Solutions | Oracle Cloud Partner |Astute Business Solutions | Oracle Cloud Partner |
Astute Business Solutions | Oracle Cloud Partner |
AstuteBusiness
 
HCL Notes und Domino Lizenzkostenreduzierung in der Welt von DLAU
HCL Notes und Domino Lizenzkostenreduzierung in der Welt von DLAUHCL Notes und Domino Lizenzkostenreduzierung in der Welt von DLAU
HCL Notes und Domino Lizenzkostenreduzierung in der Welt von DLAU
panagenda
 
Apps Break Data
Apps Break DataApps Break Data
Apps Break Data
Ivo Velitchkov
 
Energy Efficient Video Encoding for Cloud and Edge Computing Instances
Energy Efficient Video Encoding for Cloud and Edge Computing InstancesEnergy Efficient Video Encoding for Cloud and Edge Computing Instances
Energy Efficient Video Encoding for Cloud and Edge Computing Instances
Alpen-Adria-Universität
 
Connector Corner: Seamlessly power UiPath Apps, GenAI with prebuilt connectors
Connector Corner: Seamlessly power UiPath Apps, GenAI with prebuilt connectorsConnector Corner: Seamlessly power UiPath Apps, GenAI with prebuilt connectors
Connector Corner: Seamlessly power UiPath Apps, GenAI with prebuilt connectors
DianaGray10
 

Recently uploaded (20)

Your One-Stop Shop for Python Success: Top 10 US Python Development Providers
Your One-Stop Shop for Python Success: Top 10 US Python Development ProvidersYour One-Stop Shop for Python Success: Top 10 US Python Development Providers
Your One-Stop Shop for Python Success: Top 10 US Python Development Providers
 
Overcoming the PLG Trap: Lessons from Canva's Head of Sales & Head of EMEA Da...
Overcoming the PLG Trap: Lessons from Canva's Head of Sales & Head of EMEA Da...Overcoming the PLG Trap: Lessons from Canva's Head of Sales & Head of EMEA Da...
Overcoming the PLG Trap: Lessons from Canva's Head of Sales & Head of EMEA Da...
 
"Frontline Battles with DDoS: Best practices and Lessons Learned", Igor Ivaniuk
"Frontline Battles with DDoS: Best practices and Lessons Learned", Igor Ivaniuk"Frontline Battles with DDoS: Best practices and Lessons Learned", Igor Ivaniuk
"Frontline Battles with DDoS: Best practices and Lessons Learned", Igor Ivaniuk
 
9 CEO's who hit $100m ARR Share Their Top Growth Tactics Nathan Latka, Founde...
9 CEO's who hit $100m ARR Share Their Top Growth Tactics Nathan Latka, Founde...9 CEO's who hit $100m ARR Share Their Top Growth Tactics Nathan Latka, Founde...
9 CEO's who hit $100m ARR Share Their Top Growth Tactics Nathan Latka, Founde...
 
GraphRAG for LifeSciences Hands-On with the Clinical Knowledge Graph
GraphRAG for LifeSciences Hands-On with the Clinical Knowledge GraphGraphRAG for LifeSciences Hands-On with the Clinical Knowledge Graph
GraphRAG for LifeSciences Hands-On with the Clinical Knowledge Graph
 
Main news related to the CCS TSI 2023 (2023/1695)
Main news related to the CCS TSI 2023 (2023/1695)Main news related to the CCS TSI 2023 (2023/1695)
Main news related to the CCS TSI 2023 (2023/1695)
 
What is an RPA CoE? Session 1 – CoE Vision
What is an RPA CoE? Session 1 – CoE VisionWhat is an RPA CoE? Session 1 – CoE Vision
What is an RPA CoE? Session 1 – CoE Vision
 
The Microsoft 365 Migration Tutorial For Beginner.pptx
The Microsoft 365 Migration Tutorial For Beginner.pptxThe Microsoft 365 Migration Tutorial For Beginner.pptx
The Microsoft 365 Migration Tutorial For Beginner.pptx
 
Introduction of Cybersecurity with OSS at Code Europe 2024
Introduction of Cybersecurity with OSS at Code Europe 2024Introduction of Cybersecurity with OSS at Code Europe 2024
Introduction of Cybersecurity with OSS at Code Europe 2024
 
Y-Combinator seed pitch deck template PP
Y-Combinator seed pitch deck template PPY-Combinator seed pitch deck template PP
Y-Combinator seed pitch deck template PP
 
Principle of conventional tomography-Bibash Shahi ppt..pptx
Principle of conventional tomography-Bibash Shahi ppt..pptxPrinciple of conventional tomography-Bibash Shahi ppt..pptx
Principle of conventional tomography-Bibash Shahi ppt..pptx
 
June Patch Tuesday
June Patch TuesdayJune Patch Tuesday
June Patch Tuesday
 
Digital Banking in the Cloud: How Citizens Bank Unlocked Their Mainframe
Digital Banking in the Cloud: How Citizens Bank Unlocked Their MainframeDigital Banking in the Cloud: How Citizens Bank Unlocked Their Mainframe
Digital Banking in the Cloud: How Citizens Bank Unlocked Their Mainframe
 
Deep Dive: AI-Powered Marketing to Get More Leads and Customers with HyperGro...
Deep Dive: AI-Powered Marketing to Get More Leads and Customers with HyperGro...Deep Dive: AI-Powered Marketing to Get More Leads and Customers with HyperGro...
Deep Dive: AI-Powered Marketing to Get More Leads and Customers with HyperGro...
 
Artificial Intelligence and Electronic Warfare
Artificial Intelligence and Electronic WarfareArtificial Intelligence and Electronic Warfare
Artificial Intelligence and Electronic Warfare
 
Astute Business Solutions | Oracle Cloud Partner |
Astute Business Solutions | Oracle Cloud Partner |Astute Business Solutions | Oracle Cloud Partner |
Astute Business Solutions | Oracle Cloud Partner |
 
HCL Notes und Domino Lizenzkostenreduzierung in der Welt von DLAU
HCL Notes und Domino Lizenzkostenreduzierung in der Welt von DLAUHCL Notes und Domino Lizenzkostenreduzierung in der Welt von DLAU
HCL Notes und Domino Lizenzkostenreduzierung in der Welt von DLAU
 
Apps Break Data
Apps Break DataApps Break Data
Apps Break Data
 
Energy Efficient Video Encoding for Cloud and Edge Computing Instances
Energy Efficient Video Encoding for Cloud and Edge Computing InstancesEnergy Efficient Video Encoding for Cloud and Edge Computing Instances
Energy Efficient Video Encoding for Cloud and Edge Computing Instances
 
Connector Corner: Seamlessly power UiPath Apps, GenAI with prebuilt connectors
Connector Corner: Seamlessly power UiPath Apps, GenAI with prebuilt connectorsConnector Corner: Seamlessly power UiPath Apps, GenAI with prebuilt connectors
Connector Corner: Seamlessly power UiPath Apps, GenAI with prebuilt connectors
 

Crypto hlug

  • 1. Practical Cryptography A User's Guide Hugo Mills
  • 2. What's in this talk ● Introduction & Theory – Symmetric Crypto – Public Key Crypto – Encryption and signing ● GPG/PGP – What it is – Key creation and basic management – Encryption & decryption – Signing – Key management
  • 3. What's in the next talk(s)? ● gpg – Mail client integration; GUIs ● ssh – Key creation; Use; Key management; Agents ● X.509 certificates – Generating certs; Management in browsers; Apache and HTTPS
  • 4. Theory: Traditional Crypto Hello, QRGEF World AJJTO Symmetric Cryptography
  • 5. Theory: Traditional Crypto Hello, Hello, World World QRGEF QRGEF AJJTO AJJTO
  • 6. Symmetric systems ● DES ● 3DES ● AES (Rijndael) ● Blowfish ● Twofish
  • 7. Theory: Public Key Crypto A Hello, QRGEF World AJJTO B
  • 8. Theory: Public Key Crypto Hello, Hello, World World A B QRGEF QRGEF AJJTO AJJTO
  • 9. Public/Private Keys ● Public Key ● Private key – Can be seen by – Must be kept secret anyone – Can be used to find – System still secure matching public key B A ● Keys generated together as a keypair
  • 10. Public-key systems ● RSA ● ElGamal ● DSA
  • 11. The Important Bit What one key does, the other undoes.
  • 12. Theory: Signatures Hello, World B A Hello, Hello, World World 20958 20958
  • 14. GPG: What does it do? ● Everything: – Encryption – Decryption – Signing – Signature checking – Web of trust
  • 15. Key creation $ gpg --gen-key ... Please select what kind of key you want: (1) DSA and Elgamal (default) (2) DSA (sign only) (5) RSA (sign only) Your selection? 1 DSA keypair will have 1024 bits. ELG-E keys may be between 1024 and 4096 bits long. What keysize do you want? (2048) 2048 Requested keysize is 2048 bits
  • 16. Key creation Please specify how long the key should be valid. 0 = key does not expire <n> = key expires in n days <n>w = key expires in n weeks <n>m = key expires in n months <n>y = key expires in n years Key is valid for? (0) 5y Key expires at Wed 30 Jan 2013 14:28:40 GMT Is this correct? (y/N) y
  • 17. Key creation You need a user ID to identify your key; the software constructs the user ID from the Real Name, Comment and Email Address in this form: "Heinrich Heine (Der Dichter) <heinrichh@...>" Real name: Harry Pearce Email address: pearceh@mi5.gov.uk Comment: Section D You selected this USER-ID: "Harry Pearce (Section D) <pearceh@mi5.gov.uk>" Change (N)ame, (C)omment, (E)mail or (O)kay/(Q)uit? o You need a Passphrase to protect your secret key. Enter passphrase:
  • 18. Key creation gpg: key 603652F2 marked as ultimately trusted public and secret key created and signed. gpg: checking the trustdb gpg: 3 marginal(s) needed, 1 complete(s) needed, PGP trust model gpg: depth: 0 valid: 1 signed: 0 trust: 0-, 0q, 0n, 0m, 0f, 1u gpg: next trustdb check due at 2013-01-30 pub 1024D/603652F2 2008-02-01 [expires: 2013-01-30] Key fingerprint = 628B 640D A7A6 4F98 D746 E355 8B26 B823 6036 52F2 uid Harry Pearce (Head of Section D) <pearceh@mi5.gov.uk> sub 2048g/FFC30BC8 2008-02-01 [expires: 2013-01-30] All done, keypair created.
  • 19. Encryption pearce@willow:~$ ls my-secrets.txt pearce@willow:~$ cat my-secrets.txt Section D personnel Carter, Adam Younis, Zafar Portman, Jo Wynn-Jones, Malcolm James, Connie
  • 20. Encryption $ gpg -e my-secrets.txt You did not specify a user ID. (you may use "-r") Current recipients: Enter the user ID. End with an empty line: pearceh@mi5.gov.uk Current recipients: 2048g/0FC718A8 2007-12-07 "Harry Pearce (Head of Section D) <pearceh@mi5.gov.uk>" Enter the user ID. End with an empty line: $ ls my-secrets.txt my-secrets.txt.gpg
  • 21. Decryption pearce@willow:~$ gpg -d my-secrets.txt.gpg You need a passphrase to unlock the secret key for user: “Harry Pearce (Section D) <pearceh@mi5.gov.uk>” 2048-bit ELG-E key, ID FFC30BC8, created 2008-02-01 (main key ID 603652F2) Enter passphrase: Section D personnel Carter, Adam Younis, Zafar Portman, Jo Wynn-Jones, Malcolm James, Connie
  • 22. Signatures pearce@willow:~$ cat will.txt In the event of my death, I hereby leave all my worldly goods and chattels to the Battersea Dogs Home. Harry Pearce. pearce@willow:~$ gpg --clearsign will.txt You need a passphrase to unlock the secret key for user: "Harry Pearce (Section D) <pearceh@mi5.gov.uk>" 1024-bit DSA key, ID 603652F2, created 2008-02-01 pearce@willow:~$ ls my-secrets.txt my-secrets.txt.gpg will.txt will.txt.asc
  • 23. Signatures pearce@willow:~$ cat will.txt.asc -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 In the event of my death, I hereby leave all my worldly goods and chattels to the Battersea Dogs Home. Harry Pearce. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.6 (GNU/Linux) iD8DBQFHoztsiya4I2A2UvIRAqHrAJ9SzWJkBcBQepCIrtZNTTz8gd qBuACfXlC2 rWl83jYJKlJbmNx7THQRIWw= =mBj0 -----END PGP SIGNATURE-----
  • 24. Verify a signature pearce@willow:~$ gpg --verify will.txt.asc gpg: Signature made Fri 01 Feb 2008 15:31:56 GMT using DSA key ID 603652F2 gpg: Good signature from "Harry Pearce (Section D) <pearceh@mi5.gov.uk>"
  • 25. Key Distribution ● Q. How to get your public key to someone? ● A. A Public Key server! ● ● Upload your key to the server ● Others can download it – Verify your signatures – Encrypt files for you to read
  • 26. Key Distribution pearceh@willow:~$ gpg --send-keys --keyserver wwwkeys.uk.pgp.net 603652F2 gpg: sending key 603652F2 to hkp server wwwkeys.uk.pgp.net
  • 27. Key Distribution pearce@willow:~$ gpg --recv-keys --keyserver wwwkeys.uk.pgp.net EA2B228F gpg: requesting key EA2B228F from hkp server wwwkeys.uk.pgp.net gpg: key EA2B228F: public key "Hugo Mills (University of Southampton) <hugo@omii.ac.uk>" imported gpg: 3 marginal(s) needed, 1 complete(s) needed, PGP trust model gpg: depth: 0 valid: 1 signed: 0 trust: 0-, 0q, 0n, 0m, 0f, 1u gpg: next trustdb check due at 2013-01-30 gpg: Total number processed: 1 gpg: imported: 1
  • 28. Web Of Trust ● Q. How do I know the key is good? ● A. Web of Trust ● ● Signing a key – I have verified the identity of the person – I have verified that this key is controlled by that person – I trust this person to perform those same checks well
  • 29. Web Of Trust A A A A A A ? A
  • 30. Keysigning ● Signing a key is a statement that: – I believe and have verified that this key is controlled by a person matching the identity in the key – I trust this person to perform similarly good identity checks ● ● Beforehand – gpg --fingerprint 603652F2 – Print out several copies on slips of paper
  • 31. Keysigning ● When you meet – Exchange fingerprint slips and ID papers – Check ID papers against person (does the photo match?) – Check ID papers against the key details – Initial the slip and keep it – Hand papers back ● What to accept for ID? – Passport, national ID card, photo driving license, other government-issued photo ID – Some people only accept passport – up to you
  • 32. Keysigning ● After you meet – gpg --recv-keys keyid – gpg --fingerprint keyid ● Check this with the fingerprint on paper – dd if=/dev/urandom count=64 bs=1 | hexdump >person.gpg ● Encrypt and mail it to their email addresses, asking for it to be returned to you. – Check the returned mail against the copy you kept – Sign and upload the key
  • 33. Keysigning pearce@willow:~$ gpg --ask-cert-level --sign-key EA2B228F [...] pub 1024D/EA2B228F created: 2007-09-06 expires: 2009-09-05 usage: SC trust: unknown validity: unknown Primary key fingerprint: 8995 11CC 3CA7 690C C09E 43B3 420D F030 EA2B 228F Hugo Mills (University of Southampton) <hugo@omii.ac.uk> This key is due to expire on 2009-09-05. How carefully have you verified the key you are about to sign actually belongs to the person named above? If you don't know what to answer, enter "0". (0) I will not answer. (default) (1) I have not checked at all. (2) I have done casual checking. (3) I have done very careful checking.
  • 34. Keysigning Your selection? (enter `?' for more information): 3 Are you sure that you want to sign this key with your key "Harry Pearce (Section D) <pearceh@mi5.gov.uk>" (603652F2) I have checked this key very carefully. Really sign? (y/N) y You need a passphrase to unlock the secret key for user: "Harry Pearce (Section D) <pearceh@mi5.gov.uk>" 1024-bit DSA key, ID 603652F2, created 2008-02-01 passphrase pearce@willow:~$ gpg --send-keys EA2B228F gpg: sending key EA2B228F to hkp server wwwkeys.uk.pgp.net All done.
  • 35. Key Management ● List public keys – gpg --list-keys ● List public keys and their fingerprints – gpg --fingerprint ● List public keys and their signatures – gpg --list-sigs ● Can do this for a particular key using key ID, name or email address to search
  • 36. Key Management ● gpg --edit-key – Interactive key viewer and editor – Sign keys, check signatures, remove sigs – Add/remove subkeys (other identities, email addresses, etc) – Change trust parameters – Revoke keys – Option to save changes on exit
  • 37. Key Revocation ● If your key becomes compromised, or otherwise defunct – Private key file lost, stolen or compromised – Lost passphrase – No longer used – Newer key in use ● Use a revocation certificate to cancel your key ● Generate cert when you generate key
  • 38. Key revocation ● Generate a revocation cert – gpg --gen-revoke 603652F2 >revoke.gpg ● Best when you generate the key ● Keep this file safe ● To revoke the key, import it into GPG – gpg --import <revoke.gpg – gpg --send-keys 603652F2
  • 39. Further reading ● gpg --edit-key has a “help” command ● http://gnupg.org/