17
Outline Introduction PGP Operation PGP Key Management Pretty Good Privacy Mahalingam Ramkumar Mississippi State University, MS November 15, 2004 Ramkumar PGP

Pretty Good Privacy - SRM · PDF fileOutline Introduction PGP Operation PGP Key Management 1 Introduction PGP Services 2 PGP Operation PGP Components PGP Message Generation and Reception

Embed Size (px)

Citation preview

Page 1: Pretty Good Privacy - SRM · PDF fileOutline Introduction PGP Operation PGP Key Management 1 Introduction PGP Services 2 PGP Operation PGP Components PGP Message Generation and Reception

OutlineIntroduction

PGP OperationPGP Key Management

Pretty Good Privacy

Mahalingam RamkumarMississippi State University, MS

November 15, 2004

Ramkumar PGP

Page 2: Pretty Good Privacy - SRM · PDF fileOutline Introduction PGP Operation PGP Key Management 1 Introduction PGP Services 2 PGP Operation PGP Components PGP Message Generation and Reception

OutlineIntroduction

PGP OperationPGP Key Management

1 IntroductionPGP Services

2 PGP OperationPGP ComponentsPGP Message Generation and Reception

3 PGP Key ManagementStructure of Key Rings

Ramkumar PGP

Page 3: Pretty Good Privacy - SRM · PDF fileOutline Introduction PGP Operation PGP Key Management 1 Introduction PGP Services 2 PGP Operation PGP Components PGP Message Generation and Reception

OutlineIntroduction

PGP OperationPGP Key Management

Services

Services Provided by PGP

1 Digital Signature (DSS/SHA or RSA/SHA)

2 Message Encryption (CAST-128, IDEA, 3-DES in conjunctionwith RSA)

3 Compression (Lempel-Ziv)

4 E-mail compatibility (Radix-64 conversion)

5 Segmentation (to overcome maximum message length of50,000 bytes for SMTP)

Ramkumar PGP

Page 4: Pretty Good Privacy - SRM · PDF fileOutline Introduction PGP Operation PGP Key Management 1 Introduction PGP Services 2 PGP Operation PGP Components PGP Message Generation and Reception

OutlineIntroduction

PGP OperationPGP Key Management

Services

PGP Modes of Operation

1 Authentication (DSS/SHA or RSA/SHA)

2 Confidentiality (CAST-128, IDEA, 3-DES in conjunction withRSA)

3 Authentication and Confidentiality

Ramkumar PGP

Page 5: Pretty Good Privacy - SRM · PDF fileOutline Introduction PGP Operation PGP Key Management 1 Introduction PGP Services 2 PGP Operation PGP Components PGP Message Generation and Reception

OutlineIntroduction

PGP OperationPGP Key Management

Services

PGP Modes

Figure 15.1 PGP Cryptographic Functions

M

(c) Confidentiality and authentication

H

M

H

DP

Compare

KUa

| |

KRa

EP Z

EP

KUb

| |EC

Ks

DC

DP

KRb

Z-1

M

(b) Confidentiality only

DP

KRb

DC M

EP

KUb

EC | |

Ks

Z Z-1

H||

KRa

EPM

(a) Authentication only

Z Z-1

H

DP

Compare

KUa

M

EKRa[H(M)]Source A Destination B

EKUb[Ks]

EKRa[H(M)]EKUb[Ks]

Ramkumar PGP

Page 6: Pretty Good Privacy - SRM · PDF fileOutline Introduction PGP Operation PGP Key Management 1 Introduction PGP Services 2 PGP Operation PGP Components PGP Message Generation and Reception

OutlineIntroduction

PGP OperationPGP Key Management

Services

Transmission and Reception of PGP Messages

X ¨ file

Confidentialityrequired?

encrypt key, X

Yes

convert to radix 64X ¨ R64[X]

(a) Generic Transmission Diagram (from A) (b) Generic Reception Diagram (to B)

Figure 15.2 Transmission and Reception of PGP Messages

No

Confidentialityrequired?

decrypt key, X

Yes

No

convert from radix 64X ¨ R64–1[X]

CompressX ¨ Z(X)

Signaturerequired?

generate signatureX ¨ signature || X

Yes

No

DecompressX ¨ Z–1(X)

Signaturerequired?

strip signature from Xverify signature

Yes

No

X ¨ EKUb[Ks] || EKs[X]

K ¨ DKRb[EKUb[Ks]]X ¨ DK[X]

Ramkumar PGP

Page 7: Pretty Good Privacy - SRM · PDF fileOutline Introduction PGP Operation PGP Key Management 1 Introduction PGP Services 2 PGP Operation PGP Components PGP Message Generation and Reception

OutlineIntroduction

PGP OperationPGP Key Management

PGP ComponentsPGP - Sending and Receiving Messages

Keys

1 Four types of keys - passphrase, one-time session keys, publickeys, private keys

2 Two key rings - private and public

3 Private key ring is encrypted with passphrase

4 Every user has a public-private key pair

5 Can have multiple pairs.

Ramkumar PGP

Page 8: Pretty Good Privacy - SRM · PDF fileOutline Introduction PGP Operation PGP Key Management 1 Introduction PGP Services 2 PGP Operation PGP Components PGP Message Generation and Reception

OutlineIntroduction

PGP OperationPGP Key Management

PGP ComponentsPGP - Sending and Receiving Messages

PGP Message Components

1 Session key component

2 Signature

3 Message

Ramkumar PGP

Page 9: Pretty Good Privacy - SRM · PDF fileOutline Introduction PGP Operation PGP Key Management 1 Introduction PGP Services 2 PGP Operation PGP Components PGP Message Generation and Reception

OutlineIntroduction

PGP OperationPGP Key Management

PGP ComponentsPGP - Sending and Receiving Messages

Format of PGP Message

Content

Session keycomponent

Signature

Message

Leading two octetsof message digest

Key ID of sender'spublic key (KUa)

Key ID of recipient'spublic key (KUb)

Session key (Ks)

Timestamp

Message Digest

Filename

Timestamp

Data

Operation

EKUb

Notation:EKUb = encryption with user b's public keyEKRa = encryption with user a's private keyEKs = encryption with session keyZIP = Zip compression functionR64 = Radix-64 conversion function

Figure 15.3 General Format of PGP Message (from A to B)

ZIP

R64EKRa

EKs

Ramkumar PGP

Page 10: Pretty Good Privacy - SRM · PDF fileOutline Introduction PGP Operation PGP Key Management 1 Introduction PGP Services 2 PGP Operation PGP Components PGP Message Generation and Reception

OutlineIntroduction

PGP OperationPGP Key Management

PGP ComponentsPGP - Sending and Receiving Messages

PGP Message Generation

Private key ring

select encryptedprivate key

DC

MessageM

Key ID

message

IDA

H

messagedigest

EP | |

private keyKRa

EC

RNG

session keyKs

signature+ message

EP

Public key ring

IDBselect

public keyKUb

| |

encryptedsignature

+ message

Key ID

Output

Figure 15.5 PGP Message Generation (from User A to User B; no compression or radix 64 conversion)

Hpassphrase

Ramkumar PGP

Page 11: Pretty Good Privacy - SRM · PDF fileOutline Introduction PGP Operation PGP Key Management 1 Introduction PGP Services 2 PGP Operation PGP Components PGP Message Generation and Reception

OutlineIntroduction

PGP OperationPGP Key Management

PGP ComponentsPGP - Sending and Receiving Messages

PGP Message Reception

Figure 15.6 PGP Message Reception (from User A to User B; no compression or radix 64 conversion)

Public key ring

H

private keyKRb

select

passphrase

Private key ring

select encryptedprivate key

DC

encryptedmessage +signature

Encryptedsession key

receiver'sKey ID DP

session keyKs

DC

Encrypteddigest

sender'sKey ID

messageCompare

H

public keyKUa

DP

Ramkumar PGP

Page 12: Pretty Good Privacy - SRM · PDF fileOutline Introduction PGP Operation PGP Key Management 1 Introduction PGP Services 2 PGP Operation PGP Components PGP Message Generation and Reception

OutlineIntroduction

PGP OperationPGP Key Management

Structure of Key Rings

Private Key Ring

1 Timestamp

2 Key ID

3 Public key

4 Encrypted Private key (encrypted with passphrase)

5 User ID

Ramkumar PGP

Page 13: Pretty Good Privacy - SRM · PDF fileOutline Introduction PGP Operation PGP Key Management 1 Introduction PGP Services 2 PGP Operation PGP Components PGP Message Generation and Reception

OutlineIntroduction

PGP OperationPGP Key Management

Structure of Key Rings

Public Key Ring

1 Timestamp, Key ID, Public key, User ID,

2 Owner Trust (OT)

3 Key legitamacy (KL)

4 Signature(s)

5 Signature Trust(s) (ST)

Ramkumar PGP

Page 14: Pretty Good Privacy - SRM · PDF fileOutline Introduction PGP Operation PGP Key Management 1 Introduction PGP Services 2 PGP Operation PGP Components PGP Message Generation and Reception

OutlineIntroduction

PGP OperationPGP Key Management

Structure of Key Rings

Numerical Trust Assignment - for OT and ST

1 Undefined

2 Unknown

3 Usually not trusted

4 Usually trusted

5 Always trusted

6 Ultimate trust

Ramkumar PGP

Page 15: Pretty Good Privacy - SRM · PDF fileOutline Introduction PGP Operation PGP Key Management 1 Introduction PGP Services 2 PGP Operation PGP Components PGP Message Generation and Reception

OutlineIntroduction

PGP OperationPGP Key Management

Structure of Key Rings

Numerical Trust Assignment - KL

1 Undefined or Unknown

2 Not trusted

3 Marginally trusted

4 Complete trust

Ramkumar PGP

Page 16: Pretty Good Privacy - SRM · PDF fileOutline Introduction PGP Operation PGP Key Management 1 Introduction PGP Services 2 PGP Operation PGP Components PGP Message Generation and Reception

OutlineIntroduction

PGP OperationPGP Key Management

Structure of Key Rings

Relationship between KL, ST and OT

1 Consider public key of A signed by B and C

2 rA, rB and rC - rows in the public key ring corresponding to A,B and C .

3 Legitamacy entry for A depends on the “signature trusts” ofB and C in row rA.

4 ST of B in rA - copy of the OT in row rB5 ST of C in rA - copy of the OT in row rC6 “Owner Trust” manually assigned by the PGP user.

7 KL is a function of “weighted” STs

8 If any ST is “ultimate” - KL is assigned “complete trust”

9 X “usually trusted” signatures or Y for “always trusted”signatures for A (or any combination) would result in“complete trust” of A’s public key

Ramkumar PGP

Page 17: Pretty Good Privacy - SRM · PDF fileOutline Introduction PGP Operation PGP Key Management 1 Introduction PGP Services 2 PGP Operation PGP Components PGP Message Generation and Reception

OutlineIntroduction

PGP OperationPGP Key Management

Structure of Key Rings

Trust Propagation

You

A B C D E F

G H I J K L M N O

P Q R

S? ?

??

?

??

?X Y = X is signed by Y

= key's owner is trusted by you to sign keys

= key's owner is partly trusted by you to sign keys

= key is deemed legitimate by you

= unknown signatory

Figure 15.7 PGP Trust Model ExampleRamkumar PGP