GPG - Encryption & Signing

GPG encryption & signing
David Morgan
David Morgan 2006-2013
Functional purposes of cryptograhy

Confidentiality
ensuring illegibility to outsiders
Authentication
ensuring ostensible and actual sender are one
and the same
Data integrity
ensuring non-alteration in transit
GPG GNU Privacy Guard

An implementation of OpenPGP
Open-PGP software uses a combination of strong public-key

and symmetric cryptography to provide security services for
electronic communications and data storage. These services
include confidentiality, key management, authentication, and
digital signatures.
Abstract, OpenPGP RFC4880
Cryptographic processing
Encryption
Decryption
(data sender)
(data receiver)
plaintext
cryptogram
cipher
reverse cipher
cryptogram
plaintext
Cryptographic strength
Difficulty of recovering plaintext from ciphertext

without the key
Does not depend on the cipher (algorithm)

standard algorithms are published
So everything depends on the key

key loss/compromise/interception=Achilles heel
Key distribution management

Good: protect it
Better: dont distribute it
Best key distribution philosophy

DONT
What good would it do after all to develop

impenetrable cryptosystems, if their users
were forced to share their keys with a Key
Distribution Center that could be
compromised by either burglary or
subpoena?
Whitfield Diffie
2 broad categories
Secret-key cryptography
versus
Public-key cryptography w!
e )
n ( 1970
Known synonymously as:

One technology
single-key
private-key
symmetric
secret-key
shared-key
conventional
Versus the other

dual-key
public-key
asymmetric
Decrypt-key distribution demands

Secret-key
distribute but protect
low risk
goo
Public-key
none, you dont need to distribute it
no risk
er!
t
t
be
Keys: secret-key crypto

Encryption
Decryption
(data sender)
(data receiver)
plaintext
cryptogram
cipher
reverse cipher
cryptogram
plaintext
(same key)
Keys: public-key crypto

Encryption
Decryption
plaintext
cryptogram
cipher
reverse cipher
cryptogram
plaintext
(different
key)
Wait a minute
who sends the key(s) to whom?
what/which key(s) does he send?
Secret-key crypto: data sender is key sender

Key sender
Encryption
Decryption
(data sender)
(data receiver)
plaintext
cryptogram
cipher
reverse cipher
cryptogram
plaintext
(same key)
Key sent
What if its public-key? more guys/keys

if there are 2 guys, there are 2 key pairs (4 keys)
who sends the key?
what key does he send?
what does that accomplish?
Well
only public keys can be sent!
so either guy could be the key sender
and he would send his public key (only! ever!)
sepending who sends, accomplishes

confidentiality, or
authentication
Data receiver as key sender

Encryption
Decryption
(data sender)
(data receiver)
plaintext
cryptogram
cipher
inverse cipher
cryptogram
plaintext
Key sender
(data receivers
private key)
Key sent
(data receivers public key)
Functional achievement checklist

Data receiver as key sender
Confidentiality
Authentication
Data integrity
Data sender as key sender

Key sender
(data
senders
private key)
Encryption
Decryption
(data sender)
(data receiver)
plaintext
cryptogram
cipher
inverse cipher
cryptogram
plaintext
Key sent
(data senders public key)
Functional achievement checklist

Data sender as key sender
Confidentiality
Authentication
Data integrity
10
But cant we have both together?

Confidentiality
Authentication
Data integrity
Certainly! if you just encrypt and decrypt twice

Encrypting the whole message

twice is too expensive!!
Make a little token1 from a big message with
a hash function2
Encrypt the token instead of the message
1also
2also
called a message digest or hash

called a digest function, like MD5 or SHA1 or RIPEMD-160
11
Confidential and authentic*

Encryption
Decryption
(data sender)
(data receiver)
*gpg
encrypt and sign
H
senders private
cryptogram
plaintext
reverse cipher
receivers public
receivers private
cipher
plaintext
S
senders public
cryptogram
H
H - hash
S - signature
OK if same
authentic but not confidential*

Encryption
Decryption
(data sender)
(data receiver)
plaintext
*gpg
senders private
plaintext
sign only,
also useful
senders public
OK if same
H - hash
S - signature
12
gpg default directories and files

/
home
tom
harry
dick
.gnupg
gpg.conf
.gnupg
secring
pubring
gpg.conf
.gnupg
pubring
gpg.conf
pubring
secring
secring
gpg key management options

--gen-key
create keypair and store on disk
--export
take public key from disk and output to file
--import
take public key from file and output to disk
13
gpg encryption options

--encrypt <file> --recipient <user>

encrypt file with users pubkey from disk
--decrypt <file>
decrypt file using private key from disk that
matches public key with which file was
encrypted
gpg signing options

--sign <file>
create digest of file, encrypt it with private key
--verify
decrypt senders digest, generate your own,
check theyre the same
14
Example: believing in fedora

2) signature on
digests file makes
it believable
1) this files digests,

for the other files,
make them believable
Get fedora projects public key
15
Add fedoras key to your keyring
Use it: file really from fedora?
if the key is really fedoras,

the file is really from them
we believe so
16
ostensible
per fedora and we believe it!
Do downloads check out?
OK, except
actual
whats up with disc2 ??
gpa GUI frontend to gpg
17
Enigmail integrates GPG+email
Others: http://www.gnupg.org/related_software/frontends.html
Info
official page
http://www.gnupg.org
GPG Mini HowTo

good, quick bare essentials
http://www.dewinter.com/gnupg_howto/
english/GPGMiniHowto.html
GNU Privacy Handbook

more thorough and explanatory
http://www.gnupg.org/gph/en/manual.html
RFC4880 (OpenPGP message format)

18

GPG - Encryption & Signing

Diunggah oleh

Informasi Dokumen

Judul Asli

Hak Cipta

Format Tersedia

Bagikan dokumen Ini

Bagikan atau Tanam Dokumen

Opsi Berbagi

Apakah menurut Anda dokumen ini bermanfaat?

Apakah konten ini tidak pantas?

Hak Cipta:

Format Tersedia

GPG - Encryption & Signing

Diunggah oleh

Hak Cipta:

Format Tersedia

GPG encryption & signing

David Morgan 2006-2013

Functional purposes of cryptograhy

David Morgan 2006-2013

GPG GNU Privacy Guard

Open-PGP software uses a combination of strong public-key

David Morgan 2006-2013

David Morgan 2006-2013

Difficulty of recovering plaintext from ciphertext

Does not depend on the cipher (algorithm)

So everything depends on the key

David Morgan 2006-2013

Key distribution management

Better: dont distribute it

David Morgan 2006-2013

Best key distribution philosophy

What good would it do after all to develop

David Morgan 2006-2013

David Morgan 2006-2013

Known synonymously as:

Versus the other

David Morgan 2006-2013

Decrypt-key distribution demands

David Morgan 2006-2013

Keys: secret-key crypto

David Morgan 2006-2013

Keys: public-key crypto

David Morgan 2006-2013

who sends the key(s) to whom?

what/which key(s) does he send?

David Morgan 2006-2013

Secret-key crypto: data sender is key sender

What if its public-key? more guys/keys

if there are 2 guys, there are 2 key pairs (4 keys)

who sends the key?

what key does he send?

what does that accomplish?

David Morgan 2006-2013

only public keys can be sent!

so either guy could be the key sender

and he would send his public key (only! ever!)

sepending who sends, accomplishes

Data receiver as key sender

David Morgan 2006-2013

Functional achievement checklist

David Morgan 2006-2013

Data sender as key sender

David Morgan 2006-2013

Functional achievement checklist

David Morgan 2006-2013

But cant we have both together?

Certainly! if you just encrypt and decrypt twice

Encrypting the whole message

Encrypt the token instead of the message

called a message digest or hash

Confidential and authentic*

encrypt and sign

authentic but not confidential*

David Morgan 2006-2013

gpg default directories and files

gpg key management options

David Morgan 2006-2013

gpg encryption options