CIS 193A – Lesson6 Focus Question Which cryptographic methods help computer users maintain confidentiality, integrity, and authenticity as they share person data with each other?
CIS 193A – Lesson6 Early Encryption Caesar’s Cipher –each letter of the alphabet was shift- ed to the right 3 positions, with x,y, and z wrapping back to a,b, and c. Rot13 –each letter of the alphabet was shift- ed to the right 13 positions, such that 2 such shifts restored the original text. These algorithms worked on the alphabets of natural language, with rot13 assuming the English alphabet.
CIS 193A – Lesson6 Symmetric Encryption Symmetric encryption replaces a ‘rule’ with a ‘key’ – an arbitrarily long string of characters known only to the sender and receiver, and used to produce the ciphertext. Examples: –3DES, CAST5, BLOWFISH, AES, TWOFISH Problem: –How to deliver the ‘key’ to the recipient without it being intercepted.
CIS 193A – Lesson6 Hashing Algorithms Hash algorithms are not true encryption because they are unidirectional: once encrypted they cannot be decrypted. Uses: a hash uniquely identifies an arbitrarily large source file and can verify the integrity of the file without disclosing its content. They are used in digital signatures, and as message digests, and checksums. Examples: –md2, md4, md5, sha, sha1, sha512, rmd160
CIS 193A – Lesson6 Asymmetric Encryption Solves the problem of a shared key. Two keys involve: public and private. Both keys encrypt, but decryption must occur with the alternate key. The private key is kept secret, the public key is freely made available to others – often by a public keyserver. The public key may be derived from the private key, but not vice versa. Private keys are usually protected with a passphrase.
CIS 193A – Lesson6 GNU Public Guard (GPG) A Free software implementation of Pretty Good Privacy (PGP) encryption. Supports symmetric and assymetric (PKI) encryption. Maintains a trusted database of public keys.
CIS 193A – Lesson6 GPG Symmetric Encryption Encrypted files may be stored in binary or ascii format. The ascii format of choice is usually base64. Examples: –gpg –c file1 # creates file1.gpg –gpg –ca file2 # creates file2.asc –gpg file1.gpg # decrypts file1 –gpg –-decrypt file1.asc # decrypts to # stdout Encryption requires supplying a passphrase.
CIS 193A – Lesson6 GPG Asymmetric Encryption Create your private/public keys: –gpg –-gen-key # go with the defaults # and supply passphrase View the keys you just created: –gpg –-list-public-keys –gpg –-list-secret-keys Add a trusted public key to your keyring: –gpg –-import keyfile # use –a if ascii –gpg –-fingerprint key_id # verify –gpg –-edit-key key_id # set trust value
CIS 193A – Lesson6 GPG Asymmetric Encryption Sharing a public key –gpg -a -–export id # sends to stdout –gpg [-a] –-output filename –-export id Send ASCII version through email or add to a keyserver: –gpg –-keyserver ip-addr –-send-keys id Pull from a keyserver: –gpg –-keyserver ip-addr –-recv-keys id –gpg –-keyserver ip-addr –-search-keys str
CIS 193A – Lesson6 GPG Signing files Signing a text file: –gpg –-clearsign filename # Save ASCII Detached Signature: –gpg -–detach-sign [-a] filename Verifying a signed, encrypted file: –gpg –-verify filename Verifying a detached signature: –gpg –verify file.sign file
CIS 193A – Lesson6 GPG Encrypting Files Simple encryption: –gpg –e [-a] –r public-key_id filename Sign and encrypt: –gpg –es [-a] –r public-key_id filename Decrypt a file signed or not: –gpg filename
CIS 193A – Lesson6 Focus Question Which cryptographic methods help computer users maintain confidentiality, integrity, and authenticity as they share person data with each other? Encryption algorithms use digital keys to scramble the bits in a message so that it is unreadable. Hashing algorithms produce small, unique, digital representa- tions of arbitrarily large files which can be used to guarantee integrity. Public/Private keys along with signed certificates can verify authenticity because of the dependence of the public keys on the private keys.