Presentation is loading. Please wait.

Presentation is loading. Please wait.

PGP Overview 2004/11/30 Information-Center meeting peterkim.

Published byTobias Weaver Modified over 9 years ago

Similar presentations

Presentation on theme: "PGP Overview 2004/11/30 Information-Center meeting peterkim."— Presentation transcript:

1 PGP Overview 2004/11/30 Information-Center meeting peterkim

2 Email servers POP3: Post Office Protocol, port #110 IMAP: Internet Mail Access Protocol, port #143 SMTP: Simple Main Transfer Protocol, port #25

3 Pretty good privacy (PGP) Internet e-mail encryption scheme, de-facto standard. uses symmetric key cryptography, public key cryptography, hash function, and digital signature as described. provides secrecy, sender authentication, integrity. inventor, Phil Zimmerman, a undergraduate from FAU in 1991. ---BEGIN PGP SIGNED MESSAGE-- - Hash: SHA1 Bob:My husband is out of town tonight.Passionately yours, Alice ---BEGIN PGP SIGNATURE--- Version: PGP 5.0 Charset: noconv yhHJRHhGJGhgg/12EpJ+lo8gE4vB3 mqJhFEvZP9t6n7G6m5Gw2 ---END PGP SIGNATURE--- A PGP signed message:

4 PGP overview — mechanism Anybody creates his/her RSA public key and private key (512, 768, or 1024 bits) (automatically generated by PGP) Anybody (e.g., Alice) can send encrypted (as well as signed) email to anybody else (e.g., Bob).  Generate a one-time random key to encrypt the email using a secret key system (e.g., IDEA)  Encrypt the random key with Bob ’ s public key  May sign the email with her own private key  May compress the email before encryption Bob can use his private key to decrypt the encrypted email.  Moreover, “ pass phrase ” is required for decryption  The “ pass phrase ” is typed by Bob when PGP generates RSA keys for him

5 PGP overview — key distribution Public key system (RSA), key distribution  PEM: rigid hierarchy of CAs.  S/MIME: (being agnostic), assume that a number of parallel independent hierarchies.  PGP: anarchy, each user decides which keys to trust. You contact Alice in person to get Alice ’ s public key, and trust it You find the public key of Alice on her web page or from email, you can copy it to your PGP system to trust it if you want. Public key server (e.g., http://math-www.uni- paderborn.de/pgp/).

6 PGP--certificates Certificates are an optional in PGP anyone can issue a certificate to anyone else If you trust Alice and get Carol ’ s public key certificate signed by Alice, you will trust Carol ’ s public key If you get Carol ’ s two public key certificates, one signed by Alice, and the other signed by Bob, both Alice and Bob are trusted by you, then you can trust both Carol ’ s certificates. Therefore PGP is very flexible and easy to use

7 Security services for Email Privacy/confidentiality Authentication Integrity Non-repudiation Proof of submission (same as certified mail) Proof of delivery (same as post mail request return receipt) Anonymity Message flow confidentiality Containment Audit Accounting Self destruct Message sequence integrity

8 Secure e-mail (Encode and check sign) Alice:  generates random symmetric private key, K S.  encrypts message with K S (for efficiency)  also encrypts K S with Bob’s public key.  sends both K S (m) and K B (K S ) to Bob.  Alice wants to send confidential e-mail, m, to Bob. K S ( ). K B ( ). + + - K S (m ) K B (K S ) + m KSKS KSKS KBKB + Internet K S ( ). K B ( ). - KBKB - KSKS m K S (m ) K B (K S ) +

9 Secure e-mail (Encode and check sign) Bob:  uses his private key to decrypt and recover K S  uses K S to decrypt K S (m) to recover m  Alice wants to send confidential e-mail, m, to Bob. K S ( ). K B ( ). + + - K S (m ) K B (K S ) + m KSKS KSKS KBKB + Internet K S ( ). K B ( ). - KBKB - KSKS m K S (m ) K B (K S ) +

10 Secure e-mail (Sign) Alice wants to provide sender authentication message integrity. Alice digitally signs message. sends both message (in the clear) and digital signature. H( ). K A ( ). - + - H(m ) K A (H(m)) - m KAKA - Internet m K A ( ). + KAKA + K A (H(m)) - m H( ). H(m ) compare

11 Secure e-mail (Another Application) Alice wants to provide secrecy, sender authentication, message integrity. Alice uses three keys: her private key, Bob’s public key, newly created symmetric key H( ). K A ( ). - + K A (H(m)) - m KAKA - m K S ( ). K B ( ). + + K B (K S ) + KSKS KBKB + Internet KSKS

12 PGP overview Not just for email, it performs encryption and integrity protection on files  Your email is treated as a file  Encrypt the file  Send the encrypted file by regular e-mailer.  The receiver saves the email to a file and then, decrypt the file by PGP Directly embedded in email for convenience. Visit: http://www.pitt.edu/~poole/PGP.htm

13 Certificate and key revocation You can revoke (delete) any public key anytime A public key of a person can be revoked by the corresponding private key The issuer of a certificate can revoke the certificate  Does not mean that the holder of revoked certificate is a bad person, but the issuers does not want to vouch for its authenticity. Validity period of a key and a certificate

14 PGP — key ring A data structure containing key materials  pubring.pgp: containing your public keys, other people ’ s public keys, information about people, and certificates.  secring.pgp: containing your private keys. Three trust levels currently in PGP: none, partial, complete. A trust level of a person may determine the trust level of the certificates signed by the person.

15 Final Demo Show WinPT - Windows Privacy Tools Windows Privacy Tools (WinPT) is a collection of multilingual applications for digital encryption and signing of content. WinPT is GnuPG-based, compatible with OpenPGP compliant software (like PGP) and free for commercial and personal use under the GPL. http://winpt.sourceforge.net/en/

Download ppt "PGP Overview 2004/11/30 Information-Center meeting peterkim."

Similar presentations

Email Security 1. email is one of the most widely used and regarded network services currently message contents are not secure may be inspected either.

Security 1. is one of the most widely used and regarded network services currently message contents are not secure may be inspected either.
Cryptography Chapter 7 Part 4 Pages 833 to 874. PKI Public Key Infrastructure Framework for Public Key Cryptography and for Secret key exchange.

Cryptography Chapter 7 Part 4 Pages 833 to 874. PKI Public Key Infrastructure Framework for Public Key Cryptography and for Secret key exchange.
Authentication Cristian Solano. Cryptography is the science of using mathematics to encrypt and decrypt data. Public Key Cryptography –Problems with key.

Authentication Cristian Solano. Cryptography is the science of using mathematics to encrypt and decrypt data. Public Key Cryptography –Problems with key.
Lecture 5: Email security: PGP Anish Arora CSE 5473 Introduction to Network Security.

Lecture 5: security: PGP Anish Arora CSE 5473 Introduction to Network Security.
Lecture 5: Email security: PGP Anish Arora CIS694K Introduction to Network Security.

Lecture 5: security: PGP Anish Arora CIS694K Introduction to Network Security.
Shouting from the Rooftops: Improving Email Security Dr. Maury Pinsk FRCPC University of Alberta Division of Pediatric Nephrology.

Shouting from the Rooftops: Improving Security Dr. Maury Pinsk FRCPC University of Alberta Division of Pediatric Nephrology.
CS470, A.SelcukE-mail Security1 CS 470 Introduction to Applied Cryptography Instructor: Ali Aydin Selcuk.

CS470, A.Selcuk Security1 CS 470 Introduction to Applied Cryptography Instructor: Ali Aydin Selcuk.
8-1 Internet security threats Mapping: m before attacking: gather information – find out what services are implemented on network  Use ping to determine.

8-1 Internet security threats Mapping: m before attacking: gather information – find out what services are implemented on network  Use ping to determine.
8: Network Security8-1 22 – Integrity, Firewalls.

8: Network Security – Integrity, Firewalls.
Electronic mail security -- Pretty Good Privacy.

Electronic mail security -- Pretty Good Privacy.
Henric Johnson1 Electronic mail security Henric Johnson Blekinge Institute of Technology, Sweden

Henric Johnson1 Electronic mail security Henric Johnson Blekinge Institute of Technology, Sweden
Cryptography and Network Security Chapter 15 Fourth Edition by William Stallings Lecture slides by Lawrie Brown.

Cryptography and Network Security Chapter 15 Fourth Edition by William Stallings Lecture slides by Lawrie Brown.
Email Security Jonathan Calazan December 12, 2005.

Security Jonathan Calazan December 12, 2005.
TrustPort Public Key Infrastructure. WWW.TRUSTPORT.COM Keep It Secure Table of contents  Security of electronic communications  Using asymmetric cryptography.

TrustPort Public Key Infrastructure. Keep It Secure Table of contents  Security of electronic communications  Using asymmetric cryptography.
Electronic Mail Security. Authentication and confidentiality problems Two systems: - PGP (Pretty Good Privacy) - S/MIME (Science Multipurpose Internet.

Electronic Mail Security. Authentication and confidentiality problems Two systems: - PGP (Pretty Good Privacy) - S/MIME (Science Multipurpose Internet.
SMUCSE 5349/49 Email Security. SMUCSE 5349/7349 Threats Threats to the security of e-mail itself –Loss of confidentiality E-mails are sent in clear over.

SMUCSE 5349/49 Security. SMUCSE 5349/7349 Threats Threats to the security of itself –Loss of confidentiality s are sent in clear over.
Chapter 31 Network Security

Chapter 31 Network Security
Digital Certificates With Chuck Easttom. Digital Signatures  Digital Signature is usually the encryption of a message or message digest with the sender's.

Digital Certificates With Chuck Easttom. Digital Signatures  Digital Signature is usually the encryption of a message or message digest with the sender's.
Pretty Good Privacy by Philip Zimmerman presented by: Chris Ward.

Pretty Good Privacy by Philip Zimmerman presented by: Chris Ward.
24-1 Last time □ Message Integrity □ Authentication □ Key distribution and certification.

24-1 Last time □ Message Integrity □ Authentication □ Key distribution and certification.

Similar presentations

Ads by Google