Presentation is loading. Please wait.

Presentation is loading. Please wait.

2013Prof. Reuven Aviv, Mail Security1 Pretty Good Privacy (PGP) Prof. Reuven Aviv Dept. of Computer Science Tel Hai Academic College.

Published byPatrick Copeland Modified over 7 years ago

Similar presentations

Presentation on theme: "2013Prof. Reuven Aviv, Mail Security1 Pretty Good Privacy (PGP) Prof. Reuven Aviv Dept. of Computer Science Tel Hai Academic College."— Presentation transcript:

1 2013Prof. Reuven Aviv, Mail Security1 Pretty Good Privacy (PGP) Prof. Reuven Aviv Dept. of Computer Science Tel Hai Academic College

2 PGP Operation PGP public key rings PGP public key management 2013Prof. Reuven Aviv, Mail Security#

3 PGP Operation Spring 2006Prof. Reuven Aviv, Mail Security3

4 Pretty Good Privacy (PGP) developed by Phil Zimmermann A software package. You can download and configure to use it with any email system Uses symmetric and public key cryptography Today used mainly within companies originally free, now also have commercial versions available The most interesting part is the public key management system

5 PGP Operation: Authentication 1.sender creates message 2.make SHA-1160-bit hash of message, H 3.append RSA signed hash to message 4.Send compressed message, Z 5.receiver decrypts & recovers hash code 6.receiver verifies received message hash

6 PGP Operation: Confidentiality 1.sender forms 128-bit random session key, Ks 2.encrypts compressed message with session key 3.attaches session key encrypted with RSA Pub (EP) 4.receiver decrypts & recovers session key 5.session key is used to decrypt message

7 PGP Operation: Confidentiality & Authentication create signature & attach to message encrypt compressed message & signature attach RSA encrypted session key

8 PGP Session Keys Sender generates a random session key for each message uses random inputs taken from previous uses and from keystroke timing of user Encrypted by recipient public key User might use several public/private keys Define a key identifier (KeyId) for each public key: the least significant 64-bits of the key –very likely be unique

9 3 parts of PGP Message Format

10 PGP Message: Notes Message digest: encrypted 160-bit SHA-1 hash –Sender adds the Leading 2 Octets of the un-encrypted hash –First 16 bits of the unencrypted hash. – helps the recipient to determine if he was able to decrypt correctly. It also serves as frame check sequence 2013Prof. Reuven Aviv, Mail Security#

11 PGP Public Key Rings Spring 2006Prof. Reuven Aviv, Mail Security11

12 PGP Public Key Ring  each PGP user has two keyrings: 1. Public-key ring: all the public-keys of other PGP users known to this user indexed by key ID

13 PGP Private Key Ring 2. public/private key pair(s) for this user private keys PR i (i=1, 2,…) are encrypted: User inserts its Passphrase P i and its PR i PGP creates a SHA-1 hash H(P i ). Encrypts the PR i.; H(P i ) is the encryption key 2013Prof. Reuven Aviv, Mail Security#

14 Usage of keys in message construction Signing: PGP requests the user his passphrase and the key-id. PGP then retrieves user’s private key, from the private key ring, –then PGP constructs the signature component Encryption: PGP creates session key, encrypts the message. PGP then retrieves the public key of recipient (recipient user_id is the index). –Then PGP construct the session key component 2013Prof. Reuven Aviv, Mail Security#

15 Using keys in Message Construction

16 Using keys in message Reception Decryption: Retrieve the receiver’s private key from the private-key ring using the key-ID field in the session component of the message as an index, and passphrase provided by the recipient. –Then PGP recovers the session key and decrypts Authentication: PGP retrieves the sender’s public key ring using the key-ID field in the signature component –Then recovers the message digest and compares to the computed digest #

17 Using keys in message Reception

18 PGP Public key management Spring 2006Prof. Reuven Aviv, Mail Security18

19 In PGP Users are CAs in PGP every user is a CA: signs & revokes certs User gets a public key and owner name in a “private certificates” signed by other users Each public key has key legitimacy level (keylegit) –trusting level of the bind of the key to owner PGP calculates keylegit of a public key according to the number of signatures attached to the certificates with this public key and the levels of trust in these signatures

20 PGP Key Management : sigtrust Each signature has a calculated sigtrust level: –untrusted, marginal, complete (last column in table) in the public key ring, each entry of a public key shows the sigtrust levels of the signatures of this key #

21 PGP Key Management: key legit Each public key has key legitimacy level (keylegit) –trusting level of the bind of the key to owner – not-trusted, marginal-trust, complete –Initially keylegit = not-trusted keylegit = complete if : 1 signature has sigtrust = complete-trust, or 2 signatures have sigtrust=marginal-trust Or other combinations. keylegit is written for each key in the public ring #

22 PGP Key Management: ownertrust An owner of key is assigned the level of the trust of that owner to sign other keys –Ownertrust: unknown, … usually trusted, always trusted, ultimate Ownertrust is assigned by the User upon receiving a cert –Then it is copied to the sigtrust of his signatures –keylegit is then updated The User periodically scans the key ring, updates ownertrust then sigtrust then keylegit Increasing # signatures or ownertrust increases keylegit #

23 public key ring: Ownertrust, Sigtrust, Keylegit 2013Prof. Reuven Aviv, Mail Security#

24 Example: Assume 2 partially trusted is sufficient K P, K Q signed by (fully trusted) L  keys trusted K H signed by A and B;  K H trusted K N signed by E  K N trusted N not trusted to sign;  K R not valid S signed by unknown # MeI partially Trust these I fully trust these

Download ppt "2013Prof. Reuven Aviv, Mail Security1 Pretty Good Privacy (PGP) Prof. Reuven Aviv Dept. of Computer Science Tel Hai Academic College."

Similar presentations

Cryptography and Network Security Chapter 18

Cryptography and Network Security Chapter 18
Email Security 1. email is one of the most widely used and regarded network services currently message contents are not secure may be inspected either.

Security 1. is one of the most widely used and regarded network services currently message contents are not secure may be inspected either.
Pretty Good Privacy Dan Fleck CS 469: Security Engineering These slides are modified with permission from Bill Young (Univ of Texas) Coming up: Pretty.

Pretty Good Privacy Dan Fleck CS 469: Security Engineering These slides are modified with permission from Bill Young (Univ of Texas) Coming up: Pretty.
CIS 193A – Lesson6 CRYPTOGRAPHY RAPELCGRQ. CIS 193A – Lesson6 Focus Question Which cryptographic methods help computer users maintain confidentiality,

CIS 193A – Lesson6 CRYPTOGRAPHY RAPELCGRQ. CIS 193A – Lesson6 Focus Question Which cryptographic methods help computer users maintain confidentiality,
PGP Overview 2004/11/30 Information-Center meeting peterkim.

PGP Overview 2004/11/30 Information-Center meeting peterkim.
Authentication Cristian Solano. Cryptography is the science of using mathematics to encrypt and decrypt data. Public Key Cryptography –Problems with key.

Authentication Cristian Solano. Cryptography is the science of using mathematics to encrypt and decrypt data. Public Key Cryptography –Problems with key.
Pretty Good Privacy (PGP). How PGP works PGP uses both public-key cryptography and symmetric key cryptography, and includes a system which binds the public.

Pretty Good Privacy (PGP). How PGP works PGP uses both public-key cryptography and symmetric key cryptography, and includes a system which binds the public.
Lecture 5: Email security: PGP Anish Arora CSE 5473 Introduction to Network Security.

Lecture 5: security: PGP Anish Arora CSE 5473 Introduction to Network Security.
Lecture 5: Email security: PGP Anish Arora CIS694K Introduction to Network Security.

Lecture 5: security: PGP Anish Arora CIS694K Introduction to Network Security.
Cryptography and Network Security Third Edition by William Stallings Lecture slides by Lawrie Brown.

Cryptography and Network Security Third Edition by William Stallings Lecture slides by Lawrie Brown.
Data & Network Security

Data & Network Security
Chapter 5 Electronic mail security. Outline Pretty good privacy S/MIME Recommended web sites.

Chapter 5 Electronic mail security. Outline Pretty good privacy S/MIME Recommended web sites.
Apr 9, 2002Mårten Trolin1 Previous lecture TLS details –Phases Handshake Securing messages –What the messages contain –Authentication The second assignment.

Apr 9, 2002Mårten Trolin1 Previous lecture TLS details –Phases Handshake Securing messages –What the messages contain –Authentication The second assignment.
1 Pertemuan 12 E-mail Security Matakuliah: H0242 / Keamanan Jaringan Tahun: 2006 Versi: 1.

1 Pertemuan 12 Security Matakuliah: H0242 / Keamanan Jaringan Tahun: 2006 Versi: 1.
NS-H0503-02/11041 E-mail Security. NS-H0503-02/11042 Email Security email is one of the most widely used and regarded network services currently message.

NS-H / Security. NS-H / Security is one of the most widely used and regarded network services currently message.
Electronic mail security

Electronic mail security
Electronic mail security -- Pretty Good Privacy.

Electronic mail security -- Pretty Good Privacy.
Lecture 12 e-mail Security. Summary  PEM  secure email  PGP  S/MIME.

Lecture 12 Security. Summary  PEM  secure  PGP  S/MIME.
Cryptography and Network Security Chapter 15 Fourth Edition by William Stallings Lecture slides by Lawrie Brown.

Cryptography and Network Security Chapter 15 Fourth Edition by William Stallings Lecture slides by Lawrie Brown.
Electronic Mail Security. Authentication and confidentiality problems Two systems: - PGP (Pretty Good Privacy) - S/MIME (Science Multipurpose Internet.

Electronic Mail Security. Authentication and confidentiality problems Two systems: - PGP (Pretty Good Privacy) - S/MIME (Science Multipurpose Internet.

Similar presentations

Ads by Google