Getting Started With PGP - UPenn ISCGetting Started with PGP November, 2005 ISC/Information Security [email protected] Problem: E-mail is insecure • More like a postcard than

Getting Started With PGP

Digital Signature and Encryption for E-

mail and Data Files

ISC/Information Security

Getting Started with PGP

November, 2005ISC/Information Security

[email protected]

Problem: E-mail is insecure

• More like a postcard than a letter

• Can be read by any number of people in transit

• If recipient’s account is compromised, may be

read by unauthorized person(s)

• Network sniffing may capture and reveal content

to unauthorized person(s)



[email protected]

Problem: E-mail is easily forged

• Current protocols date back to early 1970s

• Headers, especially “From:” are ridiculously easy

to forge

• If sender account is compromised, may not

actually have been sent by that person

• How can you verify the sender’s identity?



[email protected]

Problem: Sensitive & Confidential Data on

Hard Drives

• Especially Laptops!

• If system is compromised or stolen, lots of

potential fallout:

– Permanent loss of irreplaceable and/or proprietary

data

– Exposure of secret or sensitive information

– Financial loss

– Disclosure requirements

• …to name just a few!



[email protected]

Problem: Sensitive & Confidential Data on

Hard Drives (Cont.)

• Data from deleted files can be forensically recovered

– Unallocated disk space often still retains data from file that most recently occupied it

– “Slack space”, i.e., allocated but not used

• On Windows systems, can still have data from a deleted file

• Unix/linux systems will fill this space with ‘0’s’

• Data can even be recovered from a drive that:

– Has been re-formatted!

– No longer runs (platters can be removed and examined)

• How do you securely delete sensitive files?

– DoD 5220.22-M standards

– www.dss.mil/isec/nispom_0195.htm



[email protected]

Solution(?): Windows EFS

• Offers “one-click” encryption of individual files and/or entire folders

• Problem: Encryption removed when file copied or moved to other media, e.g. floppy disc or CD

• Problem: Management of encryption/decryption keys is not “user-friendly” (more on keys in a few minutes)…lost or corrupted key may mean loss of data - FOREVER!

• Problem: EFS can be circumvented if Administrator account is compromised

• Problem: Windows XP/2000 ONLY…

• Problem: Doesn’t deal with e-mail at all

• Problem: No secure delete/wipe capability



[email protected]

Solution: PGP (“Pretty Good Privacy”)

• Developed in 1991 by Phil Zimmerman

• Based on public/private key pair cryptography

principle developed by Whitfield Diffie

• Provides highly secure, portable encryption

and signature for any digital data - including

e-mail

• Includes secure wipe utility conforming to

DoD 5220.22-M standards (3 passes or more)

• Available for all versions of Windows and

Mac OS

• Freeware unix/linux equivalent GPG (“GNU

Privacy Guard”) available



[email protected]

PGP: Drawbacks

• Not all that “user friendly”

• Public/private key concepts take some getting used to

• Doesn’t scale well to large user groups

• Requires understanding of and adherence to key

maintenance standards and practices

– If your private key is lost, corrupted or compromised, you have to

generate a new one and start all over again



[email protected]

PGP: Licensing

• Freeware Windows & Mac versions available from MIT: web.mit.edu/network/pgp.html

– For personal use only!

– GUI and/or command line interface

– For US download and use only, due to export restrictions

– In many countries, import and use of encrypting software is illegal!

– Some will jail you for not providing a decryption key

• Commercial Windows & Mac versions available from PGP Inc.: www.pgp.com

– Generally about $50 per user license

– Expect to use commercial product if needed in conjunction with your job at Penn

• GPG for unix/linux available as freeware from www.gnupg.org

– Also works on Mac OS X: http://macgpg.sourceforge.net/ (Thanks to Larry Macy for providing info and URL)

• Most versions include “plug-ins” for popular e-mail clients, e.g. Eudora



[email protected]

PGP: How Does It Work?

• Let’s start with some basics of cryptography, and

the high-level mathematics underneath it

• Don’t worry, there won’t be a pop quiz at the end

of this presentation…this is just to give you an

idea of what’s going on.



[email protected]

Some Quick Definitions

• Cryptography: the art and science of encrypting and

decrypting secure messages

• Cryptanalysis: the art and science of breaking

cryptography

• Cryptology: the mathematics of cryptography and

cryptanalysis

• Algorithm: a mathematical function/process used for

encryption, decryption and verification

• Key: a string (or number) used for character-by-character

encryption and decryption



[email protected]

(Digital) Keys

• In computer cryptography, a key is simply a binary

number of varying length, depending on the type of

cryptography being used

– “Symmetric” cryptography generally relies on keys of 128 bits or

more (e.g. most web browser SSL sessions)

– “Asymmetric” cryptography requires keys of minimum 1024-bit

length (2048 is typical these days)

• A properly generated key can only be cracked by “brute

force” - and only then after thousands of years (even at

today’s processing speeds)



[email protected]

Keys: Encoding and Decoding

(A bit oversimplified)

One typical way keys are used to encrypt/decrypt is by use of “exclusive-OR” (XOR) logic:

• If the bit to be encrypted is the same as the corresponding key bit, the encrypted bit is 0

• If they are different, the resulting encrypted bit is 1

• Without the key, you can’t be sure what the original bit was

• Simple keys like this are vulnerable to “known text” attacks

TEXT KEY RESULT

0 0 0

0 1 1

1 0 1

1 1 0



[email protected]

“Symmetric” Cryptography

• Relies on both sender and recipient having identical copies of the encryption key - or access to a “third party” that can verify that both have the correct key (e.g. online “certificate authority”)

• Can use relatively low key lengths

– 128 bits is more or less standard

– 56 bits has been cracked

• Problem: secure key distribution



[email protected]

“Asymmetric” Cryptography

(aka “Public/Private Key”)

• Sender generates a “public/private” key pair

• The “public” key can be freely given out

– Published on website, in e-mail sigs, etc.

– Some people put them on the back of their business cards

• The “private” key is guarded at all costs

– If lost, corrupted or compromised, a new pair must be generated

– All your contacts must be notified and supplied with the new public key

• Data encrypted to the public key can only be decrypted by the corresponding private key - and vice versa

• PGP is based on “public/private” key cryptography



[email protected]

How are public/private key pairs generated?

• Oversimplifying a bit again, but they are essentially based on mathematical operations involving two really, really large prime numbers

• Prime numbers have been proven to have no known predictive pattern

• Remember “factoring” from your 3rd grade math?

– It’s easy to factor the smaller numbers into primes: 14, 24, 49, etc

• Even?…divisible by 2

• Digits add up to a number divisible by 3?…then 3 is also a factor

• Last digit is 5 or 0?…divisible by 5

– A LOT harder as the numbers get bigger - in fact, impossible



[email protected]

What is this number?

(225964951)-1

(To write it out in decimal form would require 7,816,230 digits - at 1 digit per second, it would take more than 90 days, non-stop)



[email protected]

The (Currently) Largest Known Prime

Number

(225964951)-1

Source: primes.utm.edu/largest.html

(A really good site for “Stupid Number Tricks”)



[email protected]

PGP Public/Private Key Pair Strength

• The public key is mathematically derived from the private key

• The private key relies on the “computational difficulty” of deriving

the large primes used to generate it

• Private key lengths of 1024 bits are probably OK, but 2048 is the

accepted standard for most users

• Key lengths over 2048 bits are more secure, but tend to eat up

processing power

• Some keys still use the RSA standard, but most keys nowadays are

generated using the Diffie-Hellman standard

• Even at these lengths, “known text” attacks are a danger



[email protected]

Algorithms

• Used to induce “randomness” in encoded message

• Helps reduce “known text” vulnerability

• “Encrypting” algorithms are designed to be reversible

(they have to be, don’t they?)

– Some well-known ones: DES, 3DES, AES, Blowfish, RSA

• “Hashing” algorithms are “one-way”, i.e., irreversible

– Used to provide “signature”, or “shared secret” verification

– Used for password storage on most operating systems

– Well-known ones include MD5, SHA (used by PGP)



[email protected]

Example: MD5

Input Output

1 B026324c6904b2a9cb4b88d6d61c81d1

2 26ab0db90d72e28ad0ba1e22ee510510

3 6d7fce9fee471194aa8b5b6e47267f03

4 48a24b70a0b376535542b996af517398

5 1dcca23355272056f04fe8bf20edfce0



[email protected]

PGP Encryption

• Encrypting algorithm is applied to the data

• Appropriate key is applied to the result

– Private key, if encrypting your own file data

– Recipient’s public key, if sending e-mail

• Why not the other way around?



[email protected]

Well-known Algorithms

• The best-known algorithms are used to remove patterns

and predictability from encoded messages

• They are not secret - in fact, they are made public and

subjected to rigorous testing by mathematical peers.

Proprietary algorithms are not generally accepted in

public cryptographic circles.

• Encryption algorithms are reversible - they have to be

• Applying the key before the algorithm is pointless,

because the algorithm can be reversed, leaving the key

exposed to “known text” and “brute force” attacks



[email protected]

Where’s the Security?

In a public/private key cryptography environment,

the strength lies in the length and protection of

the private key - not in the algorithm



[email protected]

Digital Signatures

• Usually applied to e-mail messages to verify the sender’s identity

• Sender “signs” the message with his private key

– Hashing algorithm is applied as well

– Hashing also provides check on message integrity

• Anyone who has sender’s public key can apply it to verify sender’s identity

– ONLY someone who has the corresponding private key could have sent it

– Hashing also verifies that the message was not altered in transit



[email protected]

What does a “Public Key” look like?

-----BEGIN PGP PUBLIC KEY BLOCK-----

Version: PGP for Personal Privacy 5.0

mQGiBDcox8ARBADlerXzXx0sVf7tWg/x/FBCuZ8w2o/5kwZricxuhuFLV1htdRjG

iWoHZrjmWEApYn4ikfbTtf9bqLI/rV+dxupsTrNf0dytYHv2rqmF+RlKOcmraSFH

RJlFKaDQgf0rKCJrH8skif/pMUasHO15ESKU+K67K3C0BsiP1LO1jue9JwCg/64p

vGo+6GmqyPP8dB5VmH3TTSUEAJy5W/rgDQCEkiu8b8KyimI9pLTmfUVr6GB11JZR

FdOsZROt8ymRGd7rmLZDV/fQN+IbL79+2m6NS+DuO1zYXKnE8mwEcp7U4ggU73bH

8joGdp+D4gKX/s9uGZi1h0al1AV3xlKM2zU/M7c7MJhkPbcQbfHKNK+earE51FaW

zd/MA/4/Pi6O5qLxHRdRsQYux4aG7DPcIWU0yqpQLP5/s6iYpFawSTqw1MHEyPK6

R5BcqcYL99wva9meS08M9MfYKO0Ce6x9Tf3CS7goEn94xwU9pgPgejpRlxv3SF9l

cXhMfkD3T1TgR0XrGkmE+7TpsH7D5XUfrLiAwfP3RnK4DPjUbbRLSW5mb3JtYXRp

b24gU2VjdXJpdHkgYXQgVW5pdmVyc2l0eSBvZiBQZW5uc3lsdmFuaWEgPHNlY3Vy

aXR5QGlzYy51cGVubi5lZHU+iQB1AwUQNynGnVcYQO1Qt5kZAQFg2AL/ds5fHHmg

WHVPL7VUmUv0xlVlNzaS4kz0S+57lPcghO5F1nBQxztE+ekde18D9QLC8S3S0GDw

Q7CHSrIFlKQ9WTDYv3ruP48VZvJ8q5FfI81ypojMvxBePxn647Bfov84iQA/AwUQ

NynGss3oSRS59y8HEQJziACfTxlMW2pKKCXr/+sk3ivFtMUzppcAn06yEouF4x5Y

g0p2hWUnKIQGGIhkiQA/AwUQNynGwqDFmzsT2y3tEQIZKACg2gdxZsq8IwtTcqW5

eTQF2OJw7i0AmwbGp3hD8XO5nH+mNDFIa3I978gciQCVAwUQNynMBEZOdo0DD6gN

AQHmlwP9GK8h9NI09fClK91IGcT5gFtK9q695UUDWi7+gIGTGz5yIkXbnZCUZFPm

y6FLyVpUQNVyBVXD+6aMJr3flxz0Es32mY7rgYKHITz+mmyoKB6CDz2K1Ov3a6Mw

W5VlN5eHPgug2imSETO4NGOdeL67LX93bYEHba1D9/2gcG909WSJAEsEEBECAAsF

Ajcox8AECwMBAgAKCRCgxZs7E9st7eiaAKC6jhAEhnhnDLr5B4V2H7SYOkokHwCe

OYexEbEe0Xf2VnJO6K2MmcdmN/OJAFUDBRA3KMo/hsldwo1DqVkBAZxcAf9c6OcH

RkI9ohqQFV+XmYcgRuPuLL2oD6MT/ZvLu0Gp6RucDWEoA8iQFUNte73wsAkYRU0/

Zz4KoiVbtqolta+FiQA/AwUQNyjKSuyQdaHLkpQqEQKeOQCg1vU+iQp2iqHWq5on

vydUxAmTU7wAn2e/uhmCjmMXjiBec+ZP0kEbScLWiQA/AwUQNym9aUXWdKqHR/jl

EQKNfACg8C+pTwIM+JVnELL4GJAfWE4X33sAnRiA9UHf3SzmidVB72m0E4HaKzMs

iQCVAwUQNynMAUZOdo0DD6gNAQFChgQAo69r5WRVrJAzF49CLiOIDmRAZ3eV3MYm

xfMZKao2H21Tkr72CnN3y91t+XDXjJN+ciVUZuFKNmF+ubwJ9ittfzsdcuo5bUCk

bvuAAtfE3utniYvgDmWNMRzAt720cTZjVTU8nvcZbUlHJx/PSqO/FrgAT0Fenmwm

CJDFbu8+SA+5Ag0ENyjHwBAIAPZCV7cIfwgXcqK61qlC8wXo+VMROU+28W65Szgg

2gGnVqMU6Y9AVfPQB8bLQ6mUrfdMZIZJ+AyDvWXpF9Sh01D49Vlf3HZSTz09jdvO

meFXklnN/biudE/F/Ha8g8VHMGHOfMlm/xX5u/2RXscBqtNbno2gpXI61Brwv0YA

WCvl9Ij9WE5J280gtJ3kkQc2azNsOA1FHQ98iLMcfFstjvbzySPAQ/ClWxiNjrtV

jLhdONM0/XwXV0OjHRhs3jMhLLUq/zzhsSlAGBGNfISnCnLWhsQDGcgHKXrKlQzZ

lp+r0ApQmwJG0wg9ZqRdQZ+cfL2JSyIZJrqrol7DVekyCzsAAgIH/1pIvuZa4dPy

6Si59ZYQpuHNX1YEVRuUH5wEP0A0agNue0MOyg6liYFhx+mit7tEFe91wviQVU2v

FPthdoqlP0fFlXbMg4SM65U6/NliF5qv1MHfj7TVZ5MQrKGwk0uGYBhESzGat0rU

/j6v/XiU5Bzxd9r/Vr/HHSALfk9Q/8NhCXQPjaMuEym4CeVy/IbbuR472k5/O5+s

P0eK7xx4eDub+Yg1TELYBoheLvf/FzmNSML/rBpL4jP+ApJbHb/SjW5f0/0dOiUi

LmGHNR8zku46WTGd0eOKUoI7rRnNfFMnhFIgv4FunhI6h8alQDfBj31XkyGl40yV

+f5C6O30ZYyJAD8DBRg3KMfAoMWbOxPbLe0RAkPUAKCo4sGborU5vtJ0TTh+UcV8

k5ynyACeKbCeSGtAKrYcbCtROyRzYAP/BiI=

=SgNt

-----END PGP PUBLIC KEY BLOCK-----

Hashed “fingerprint”:7D91 F6E2 8BA6 F501 1550 A904 A0C5 9B3B 13DB 2DED

(Hexadecimal)

-OR -

klaxon miracle village tomorrow

obtuse paragon vapor adviser

backfield embezzle revenge alkali

ragtime resistor puppy councilman

Aztec suspicious button unify

(Keywords)



[email protected]

Public Key Distribution

• Published on your personal website

• Carry it around on floppy disc, CD-ROM, USB “jump

drive”, etc. for people to copy

• Send as e-mail attachment

• Upload it to a “key server”

• Print it out on a sheet of paper, along with the

“fingerprint”

– We’ll talk about “key signing parties” in a few minutes

• Rent a billboard…well, you get the idea



[email protected]

How do I know that’s really your public key?

• Generating public/private key pairs does NOT require any authentication - you can associate any name and e-mail address with a key pair you choose

• To be completely certain that a given public key actually belongs to the person it claims, you need to physically verify the person’s identity and key in person

– Ask for photo ID if necessary

– Ask the person to read the “fingerprint”, and verify against a printed copy

– Verify printed copy “fingerprint” against the electronic copy

OR…



[email protected]

Is the public key “signed”?

• PGP public keys can be “signed” by other private

keys as “third party” verification

• If the signer’s public key is one you already have,

you can use it to verify the signature

• If you can trust the signer’s key, you can trust the

signed key



[email protected]

PGP “Web of Trust”

• Built on a network of transitive trust relationships

– If Tom trusts Dick…

– And Dick trusts Harry…

– Then Tom can trust Harry

• Only in the context of identification and authentication

– Doesn’t necessarily mean Tom is assured Harry is a trustworthy

person…only that he really is Harry

• Functions as sort of an “ad hoc Certificate Authority”

• The more links in the chain, the more likely there’s a

weak link somewhere along the line



[email protected]

PGP “Key Signing Parties”

• Opportunity for several people to get together

and exchange public keys

• Held regularly by ISC Information Security

• Print out your public key & fingerprint, bring

with copy of your key - and your PennCard

• Security will verify all identities and keys, sign

and distribute them to all attendees



[email protected]

PGP “Keyring”



[email protected]

PGP Key

(General Info)



[email protected]

PGP Key

(SubKeys)



[email protected]



[email protected]



[email protected]



[email protected]



[email protected]



[email protected]



[email protected]

PGP Mail Menu Window (Mac OS X)

(Windows version uses tray icon/menu)



[email protected]

Preferences

(General)



[email protected]

Preferences

(Files)



[email protected]

Preferences

(Email)



[email protected]

Preferences

(Server)



[email protected]

Questions?

Comments?

Documents

Getting Started With PGP - UPenn ISCGetting Started with PGP November, 2005 ISC/Information Security [email protected] Problem: E-mail is insecure • More like a postcard than