OpenPGP/GnuPG Encryption

Tanner Lovelace – Slide 1

RshqSJS/JqxSJ HqfubswlrqRshqSJS/JqxSJ Hqfubswlrq

Wdqqhu OryhodfhWdqqhu OryhodfhWuldqjoh Olqxa Xvhuv JurxsWuldqjoh Olqxa Xvhuv Jurxs

11-Dsulo-200211-Dsulo-2002


OpenPGP/GnuPG EncryptionOpenPGP/GnuPG Encryption

Tanner LovelaceTanner LovelaceTriangle Linux Users GroupTriangle Linux Users Group

11-April-200211-April-2002


What is Cryptography?What is Cryptography?

• CryptographyCryptography–The science of using mathematics to The science of using mathematics to

encryptencrypt and and decryptdecrypt data. data.–A method of A method of securelysecurely sending data over an sending data over an

insecureinsecure communications medium. communications medium.• CryptanalysisCryptanalysis

–The science of analyzing and breaking The science of analyzing and breaking secure communications.secure communications.

• Cryptology is the combination of the two.Cryptology is the combination of the two.


There are two kinds of cryptography in this There are two kinds of cryptography in this world: cryptography that will stop your kid world: cryptography that will stop your kid sister from reading your files, and sister from reading your files, and cryptography that will stop major governments cryptography that will stop major governments from reading your files.from reading your files.

---- Bruce Schneier, Bruce Schneier, Applied CryptographyApplied Cryptography


Why do you need cryptography?Why do you need cryptography?

• PrivacyPrivacy–Keep communications secretKeep communications secret

• IntegrityIntegrity–Keep communications secureKeep communications secure

• AuthenticationAuthentication–Know who you’re communicating withKnow who you’re communicating with

• NonrepudiationNonrepudiation–A sender shouldn’t be able to deny that A sender shouldn’t be able to deny that

they sent a messagethey sent a message


Cryptography BackgroundCryptography Background

• Two main types of cryptographyTwo main types of cryptography–SymmetricSymmetric

»Same key encrypts/decryptsSame key encrypts/decrypts»DES, AES, IDEADES, AES, IDEA

–AsymmetricAsymmetric»Different keys for encryption/decryptionDifferent keys for encryption/decryption»Also called public key cryptographyAlso called public key cryptography»RSA, Diffie-Hellman, ElGamalRSA, Diffie-Hellman, ElGamal


Bits, bytes, and Key Lengths, oh my!Bits, bytes, and Key Lengths, oh my!

• Which is better? Which is better? –128 bit keys?128 bit keys?–1024 bit keys?1024 bit keys?

• Answer: neitherAnswer: neither–Symmetric encryption is much faster than Symmetric encryption is much faster than

asymmetricasymmetric–Asymmetric makes communicating with Asymmetric makes communicating with

people you don’t know much easierpeople you don’t know much easier


How does encryption work?How does encryption work?

Encryption DecryptionPlaintext

Ciphertext

OriginalPlaintext

EncryptionKey

DecryptionKey

• AsymmetricAsymmetric

Encryption DecryptionPlaintext

Ciphertext

OriginalPlaintext

Key Key• SymmetricSymmetric


How do I know this is secure?How do I know this is secure?

• SymmetricSymmetric–The only way to decrypt without the key is to try The only way to decrypt without the key is to try

all possible combinations.all possible combinations.» With a 128 bit key, there are 2With a 128 bit key, there are 2128128 possible possible

combinationscombinations» ComparisonComparison

»Our sun should go nova in approximately 2Our sun should go nova in approximately 23030 years years»The universe is only 2The universe is only 23434 years old. years old.

• AsymmetricAsymmetric–You don’t, but smart people think it is.You don’t, but smart people think it is.


Not Secure?!? What’s up?Not Secure?!? What’s up?

• Asymmetric algorithms are built upon certain Asymmetric algorithms are built upon certain assumptions that have not been provedassumptions that have not been proved–Factoring large numbersFactoring large numbers–Computing discrete logrithmsComputing discrete logrithms

• These are similar to the P vs. NP problem in These are similar to the P vs. NP problem in classical computer scienceclassical computer science–Which is why you hear the press talking Which is why you hear the press talking

about the possibility of codes being broken about the possibility of codes being broken easily.easily.


Public Key AlgorithmsPublic Key Algorithms

• Diffie-Hellman (key exchange)Diffie-Hellman (key exchange)–First public key algorithm published (1976)First public key algorithm published (1976)

» Whitfield Diffie and Martin HellmanWhitfield Diffie and Martin Hellman–Alice and Bob chose a large prime Alice and Bob chose a large prime nn and another and another

number number gg..–Alice chooses a random Alice chooses a random largelarge integer integer aa and sends and sends

Bob Bob XX = = ggaa mod mod nn..–Bob chooses a random Bob chooses a random largelarge integer integer bb and sends and sends

Alice Alice YY = = ggbb mod mod nn..–Alice computes Alice computes kk = = YYaa mod mod nn..–Bob computes Bob computes k’k’ = = XXbb mod mod nn..–kk and and k’k’ are equal ( are equal (ggab ab mod mod nn) and cannot be ) and cannot be

computed by someone watching the exchange!computed by someone watching the exchange!


Public Key AlgorithmsPublic Key Algorithms

• RSA (Rivest, Shamir, and Adleman) [1977]RSA (Rivest, Shamir, and Adleman) [1977]–Choose two random large prime numbers Choose two random large prime numbers pp and and qq..–Compute Compute n = pqn = pq..–Choose a number Choose a number ee such that such that ee is between 1 and is between 1 and pqpq

and and ee is is relatively primerelatively prime to ( to (pp – 1)( – 1)(q – q – 1).1).–Compute Compute dd from from e e ((dd = e = e-1-1 mod (( mod ((pp-1)(-1)(qq-1)))-1)))

» Multiplicative inverseMultiplicative inverse

–To encrypt, calculate To encrypt, calculate cc = = mmee mod mod nn..–To decrypt, calculate To decrypt, calculate mm = = ccdd mod mod nn..


What is OpenPGP/GnuPGWhat is OpenPGP/GnuPG

• Pretty Good PrivacyPretty Good Privacy– Encryption program written by Phill Zimmerman in 1991.Encryption program written by Phill Zimmerman in 1991.– Zimmerman was later criminally charged with releasing it Zimmerman was later criminally charged with releasing it

on the Internet. (Charges were eventually dropped.)on the Internet. (Charges were eventually dropped.)

• OpenPGPOpenPGP– A standard for encrypted/signed messages.A standard for encrypted/signed messages.– RFC 2440, November 1998RFC 2440, November 1998

• Gnu Privacy GuardGnu Privacy Guard– An implementation of OpenPGP.An implementation of OpenPGP.– Does not use patented algorithms.Does not use patented algorithms.


What can PGP/GnuPG do?What can PGP/GnuPG do?

• Encrypt / DecryptEncrypt / Decrypt–MessagesMessages–FilesFiles

• Digital SignaturesDigital Signatures• Key managementKey management

–Create secret and public keysCreate secret and public keys–Manage a list of keysManage a list of keys–Certify keysCertify keys–Revoke or disable keysRevoke or disable keys


EncryptionEncryption

• PGP uses multiple forms of encryption to encrypt PGP uses multiple forms of encryption to encrypt different parts of a messagedifferent parts of a message–Symmetric encryption fastSymmetric encryption fast–Asymmetric encryption easy to distributeAsymmetric encryption easy to distribute

• Message is encrypted with a symmetric algorithmMessage is encrypted with a symmetric algorithm• Symmetric Symmetric session keysession key is encrypted with an is encrypted with an

asymmetric algorithm.asymmetric algorithm.

• In addition, the message is compressed beforehand, In addition, the message is compressed beforehand, just to remove redundancy that could help just to remove redundancy that could help cryptanalysis.cryptanalysis.





• To encrypt a file, you need to specify optionsTo encrypt a file, you need to specify options–Recepient (can be yourself)Recepient (can be yourself)–Binary or ascii modeBinary or ascii mode–Output filenameOutput filename–Input filenameInput filename

% gpg -r [UID]-a –o [outname] –e [file]% gpg -r [UID]-a –o [outname] –e [file]

• Will also work with streams.Will also work with streams.


DecryptionDecryption

• Only need to specify the decrypt optionOnly need to specify the decrypt option

% gpg -d [file]% gpg -d [file]

• Will prompt for pass phraseWill prompt for pass phrase


SignatureSignature

• IntegrityIntegrity–Message is hashedMessage is hashed–Hash is encrypted with private keyHash is encrypted with private key–Message can be hashed again to prove it hasn’t Message can be hashed again to prove it hasn’t

changed.changed.• AuthenticationAuthentication

–Hash can be decrypted with a public keyHash can be decrypted with a public key–Proves that the private key was used to encrypt.Proves that the private key was used to encrypt.

» But not necessarily that a particular person encrypted But not necessarily that a particular person encrypted the message. What?!?the message. What?!?


SignatureSignature

• Can be combined with encryptionCan be combined with encryption• Can be integrated or detachedCan be integrated or detached

% gpg –a --sign[file]% gpg –a --sign[file]

% gpg –a --detach-sign[file]% gpg –a --detach-sign[file]

• Detached signatures are useful for signing binary Detached signatures are useful for signing binary packages.packages.–Used with rpm (--addsign and –resign options)Used with rpm (--addsign and –resign options)


Key ManagementKey Management

• Session keysSession keys–Created at useCreated at use–Only used onceOnly used once–Need a Need a very goodvery good source of randomness source of randomness

• Asymmetric keysAsymmetric keys–GPG allows you to create and manageGPG allows you to create and manage–Public portion of key can be publishedPublic portion of key can be published


Web of TrustWeb of Trust

• How do you know what keys to trust?How do you know what keys to trust?–You can only physically check a finite You can only physically check a finite

number of keysnumber of keys• PGP allows you to PGP allows you to signsign someone elses key. someone elses key.

–Done when you have verified that a key is Done when you have verified that a key is valid.valid.

–Allows you to accept the validity of a key of Allows you to accept the validity of a key of someone you’ve never met.someone you’ve never met.

» If Alice trusts Bob and Bob trusts Charles, then If Alice trusts Bob and Bob trusts Charles, then Alice can also trust Charles.Alice can also trust Charles.


Web of TrustWeb of Trust


GPG Key CreationGPG Key Creation

% gpg --gen-key% gpg --gen-key

• Generates a public/private key pair.Generates a public/private key pair.–Because of the RSA patent, it defaults to Because of the RSA patent, it defaults to

using DH/ElGamal (Discrete Logorithm using DH/ElGamal (Discrete Logorithm Problem)Problem)

–Choose a key length (use at least 1024 Choose a key length (use at least 1024 bits)bits)

–User data (name, e-mail)User data (name, e-mail)–Pass Pass phrasephrase


Key revocationKey revocation

• Always generate a revocation certificate after Always generate a revocation certificate after creating a key!creating a key!–If you lose your pass phrase, will allow you If you lose your pass phrase, will allow you

to cancel your key.to cancel your key.% gpg --gen-revoke [UID]% gpg --gen-revoke [UID]

• Need the pass phrase (to get to the secret Need the pass phrase (to get to the secret key)key)


Key functionsKey functions

• List keys and signaturesList keys and signatures% gpg --list-keys% gpg --list-keys% gpg --list-sigs% gpg --list-sigs% gpg --fingerprint% gpg --fingerprint

• ImportImport% gpg --import [filename]% gpg --import [filename]

• ExportExport% gpg --export [UID]% gpg --export [UID]

• By default export is binary. Use “-a” to do ascii-By default export is binary. Use “-a” to do ascii-armor.armor.


Key serversKey servers

• You could exchange keys by e-mail or web page, but You could exchange keys by e-mail or web page, but there is a better way.there is a better way.

• PGP and GnuPG support a remote key serverPGP and GnuPG support a remote key server

• SendSend% gpg --keyserver [ks] --send-key [UID]% gpg --keyserver [ks] --send-key [UID]

• ReceiveReceive% gpg --keyserver [ks] --recv-key [UID]% gpg --keyserver [ks] --recv-key [UID]

• Default key server can be put in options file.Default key server can be put in options file.– If default server set, gpg will automatically look If default server set, gpg will automatically look

there for new keys.there for new keys.


Key signingKey signing

• ONLY SIGN A KEY WHEN YOU ARE ABSOLUTELY ONLY SIGN A KEY WHEN YOU ARE ABSOLUTELY SURE IT IS AUTHENTIC!!!SURE IT IS AUTHENTIC!!!

• Use the edit key functionUse the edit key function% gpg --edit-key [UID]% gpg --edit-key [UID]

–Will bring up a command promptWill bring up a command prompt–Can sign, revoke, change trust, delete, etc…Can sign, revoke, change trust, delete, etc…>sign>sign

• Make sure you send the newly signed key to a key Make sure you send the newly signed key to a key server.server.


ConclusionConclusion

• GPG is a tool you can use to improve GPG is a tool you can use to improve communication security.communication security.–Don’t consider it an end result, but a link in Don’t consider it an end result, but a link in

a chain.a chain.• It is integrated into a few packages, but the It is integrated into a few packages, but the

interface could be betterinterface could be better–Barrier to useBarrier to use

• Better when used all the time.Better when used all the time.


ReferencesReferences

• Garfinkel, Simson, Garfinkel, Simson, PGP, Pretty Good PrivacyPGP, Pretty Good Privacy, 1995, , 1995, O’Reilly & Associates.O’Reilly & Associates.

• Schneier, Bruce, Schneier, Bruce, Applied CryptographyApplied Cryptography, 1996, , 1996, Wiley.Wiley.

• Various crypto linksVarious crypto links– http://www.x5.net/faqs/crypto/http://www.x5.net/faqs/crypto/– http://www.pgpi.org/doc/guide/6.5/en/intro/http://www.pgpi.org/doc/guide/6.5/en/intro/– http://www.dewinter.com/gnupg_howto/english/GPGMiniHowto-1.htmlhttp://www.dewinter.com/gnupg_howto/english/GPGMiniHowto-1.html– http://www.mcc.ac.uk/cos/security/PGP_why_and_how.htmlhttp://www.mcc.ac.uk/cos/security/PGP_why_and_how.html– http://www.wired.com/wired/archive/people/whitfield_diffie/http://www.wired.com/wired/archive/people/whitfield_diffie/– http://www.iae.nsk.su/pages/CRYPTO/rsafaq.htmlhttp://www.iae.nsk.su/pages/CRYPTO/rsafaq.html– http://www.philzimmermann.com/http://www.philzimmermann.com/– http://www.openpgp.org/http://www.openpgp.org/– http://www.gnupg.org/http://www.gnupg.org/

Technology

OpenPGP/GnuPG Encryption