Download presentation
Presentation is loading. Please wait.
Published byGeorge Stone Modified over 9 years ago
1
Electronic Commerce School of Library and Information Science PGP and cryptography I. What is encryption? Cryptographic systems II. What is PGP? How does it work?
2
Electronic Commerce School of Library and Information Science IV. PGP and cryptography What is encryption? Oesday isthay ountcay? Ps uijt? Encryption is a method for protecting information by making it as difficult as possible to read or view Why encrypt? Privacy Authentication Integrity Availability
3
Electronic Commerce School of Library and Information Science Plain text Cipher text Blah Blah Blah xdffhliouse345 fjged09e5fjsks qwfnxpdifuw0 awdbczoksrya aaksjhaswe4u fdnaweaa2wfs awrkjsfya38yf kpo80sdw304v Key Encryption Decryption The key uses a mathematical algorithm to transform plaintext into ciphertext and back again The basis of cryptography
4
Electronic Commerce School of Library and Information Science Cryptographic systems There are two kinds of cryptosystems: symmetric and asymmetric Symmetric cryptosystems use the same key (the secret key) to encrypt and decrypt a message Asymmetric cryptosystems use one key (the public key) to encrypt a message and a different key (the private key) to decrypt it These cryptosystems are also called “public key” cryptosystems
5
Electronic Commerce School of Library and Information Science http://www.certicom.com/ecc/wecc1.htm
6
Electronic Commerce School of Library and Information Science Symmetric cryptography (single or private key encryption) ~Two people agree on using a system* ~They agree to use a key ~ A takes a plaintext message, encrypts it with the system and the key ~A sends the ciphertext message to “ B ” @ ~B decrypts the message with the same system and key * Listen in on the agreement discussion @ Attack by interception
7
Electronic Commerce School of Library and Information Science http://www.certicom.com/ecc/wecc1.htm
8
Electronic Commerce School of Library and Information Science Asymmetric, or public-key cryptography is more secure It uses two keys, which are the property of people, not documents Public key This key is shared with the world It is used to encrypt messages but should not be used to decrypt them (with one exception) Private key This is your private key and should not be shared It is used to decrypt messages and should not be used for encryption (with one exception)
9
Electronic Commerce School of Library and Information Science PGP and cryptography I. What is encryption? Cryptographic systems II. What is PGP? How does it work?
10
Electronic Commerce School of Library and Information Science PGP, created by Phil Zimmermann, is a good example of public key cryptography It gives you privacy by allowing you to encrypt your files and email so that nobody can read them except the people you choose PGP allows you to create a digital signature on your files and email A digital signature allows a reader to verify that it was you who wrote the email and that the email has not been altered
11
Electronic Commerce School of Library and Information Science PGP is basically used for 3 things 1. Encrypting a message or file so that only the recipient can decrypt and read it The sender, by signing, guarantees to the recipient, that the message or file must have come from the sender and not an impostor 2. Clear signing a plain text message guarantees that it can only have come from the sender and not an impostor In a plain text message, text is readable by anyone, but a PGP signature is attached
12
Electronic Commerce School of Library and Information Science 3. Encrypting computer files so that they can't be decrypted by anyone other than the person who encrypted them PGP uses public and private keys Public keys are kept in individual key certificates These include the owner ’ s user ID (the person ’ s name), a timestamp of when the key pair was generated, and the actual key “ certificate ”
13
Electronic Commerce School of Library and Information Science Secret key certificates contain the secret key “ certificate ” Each secret key is also encrypted with its own password, in case it gets stolen A key file, or key ring contains one or more of these key certificates Public key rings contain public key certificates Secret key rings contain secret key certificates
14
Electronic Commerce School of Library and Information Science The keys are symmetrical and are generated from the same algorithm They are distinct Knowing the public key tells you nothing about the private key Anyone can slip a message under my door... Only I can use my key to open the door to get the message So long as I keep the key securely, no one has access to the message
15
Electronic Commerce School of Library and Information Science Using public key cryptography 1. A and B agree on a public key crypto system 2. B sends A her public key 3. A encrypts with B ’ s public key and sends the message to B 4. B decrypts the message using her private key Or: 1. A gets B ’ s public key from a secure database 2. A encrypts the message with B ’ s key and sends the message to B 3. B decrypts the message using her private key
16
Electronic Commerce School of Library and Information Science Blah A uses B ’ s public key B uses her secret key Encryption algorithm Decryption algorithm albhlabl BalhHbla albhhbla bahlBlah Encrypted message Public Key Encryption to produce to read Decrypted message
17
Electronic Commerce School of Library and Information Science Public key cryptography is strengthened by using a “ digital signature ” This allows “ digital authentication ” “ Non-reputiability ” is allows the receiver to verify that the sender actually sent the message This uses the exception mentioned earlier The private key is used to encrypt the digital signature The public key is used to decrypt the digital signature
18
Electronic Commerce School of Library and Information Science Simple form 1. A uses her private key to encrypt her signature 2. B uses A ’ s public key to decrypt the signature A more realistic version: 1. A creates a message and encrypts her signature with her private key 2. A encrypts the message and signature with B ’ s public key and sends it to B 3. B decrypts the message with her private key 4. B decrypts A ’ s signature using A ’ s public key, verifying the message
19
Electronic Commerce School of Library and Information Science A more secure version: 1. A signs a message with her private key, encrypts it with her public key and sends it to B 2. B decrypts with her private key and verifies the signature with A ’ s public key 3. B signs the same message with her private key, encrypts it with A ’ s public key and sends it back to A 4. A decrypts it with her private key and verifies B ’ s signature with B ’ s public key 5. If the message A has is the same one she sent, she knows B received it This can be used to sign digital contracts! Now, on to PGP
Similar presentations
© 2024 SlidePlayer.com Inc.
All rights reserved.