ECE-6612

1
ECE-6612 http//www.ece.gatech.edu/copeland/jac/6
612/ Prof. John A. Copeland john.copeland_at_ece.ga
tech.edu 404 894-5177 fax 404 894-0035 Office
Klaus 3362 MWF after class email or call for
office visit Chapter 5a - Pretty Good Privacy
(PGP) Email (aka GPG or GnuPG - Gnu Privacy Guard)
2
Electronic Mail
In 1982, ARPANET email proposals were published
as RFC
821 (www.ietf.org/rfc/rfc0821.txt) and RFC 822

Email services since are based on these RFC's (
many later)

CCITT X.400 ISO MOTIS grew and waned as
competitors

"User Agents" UA, and "Message Transfer Agents"
MTA
Three parts to an email message

Envelope - information used to forward the
contents

Header - standard strings, some added in route.
gt
To Cc Bcc From Sender
gt
Received (added in route), Return-Path (by
final MTA)
gt
MIME headers added by RFC 1341 and 1521
gt

A. S. Tanenbaum, "Computer Networks," (3rd ed.)
p.651
2
3
MIME Headers
Multipurpose Internet Mail Extensions (MIME)
RFC 1341 and RFC 1521


MIME -Version
version number

Content-Description
human-readable string


Content-ID
unique identifier


Content-Transfer-Encoding
body encoding
gt
ASCII (Plain, quoted-printable, or Richtext)
gt
Binary (base64)

Content-Type
nature of the message
gt
Image (gif, jpeg), Video (mpeg),
gt
Application (Postscript, octet-stream)
gt
A.S.Tanenbaum, "Computer Networks," (3rd ed.)
p.653
3
4
Received from didier.ee.gatech.edu
(didier.ee.gatech.edu
130.207.230.10) by eagle.gcatt.gatech.edu
(8.8.8Sun/8.7.1) with
ESMTP id UAA00818 for ltcopeland_at_eagle.gcatt.gatech
.edugt Fri, 30 Jul
1999 200035 -0400 (EDT)
Received from bwnewsletter.com
(gw2.mcgraw-hill.com 198.45.19.20)
by didier.ee.gatech.edu (8.9.0/8.9.0) with ESMTP
id UAA16500
for ltjcopeland_at_
ece.gatech.edu
gt Fri, 30 Jul 1999 200033 -0400 (EDT)
The last Received line identifies the senders
IP
Received from NOP (152.159.60.175) by
bwnewsletter.com with SMTP
(Eudora Internet Mail Server 2.1) Fri, 30 Jul
1999 162421 -0400
Message-Id lt1.5.4.32.19990730202137.00672900_at_busi
nessweek.comgt
X-Sender mustread_at_businessweek.com (Unverified)
Gmail and Yahoo now hide this information on
email from a customer
X-Mailer Windows Eudora Light Version 1.5.4 (32)
Mime-Version 1.0
Date Fri, 30 Jul 1999 162137 -0400
To bwnewsletter_at_bwnewsletter.com (note I
was on a Bcc list)
From BW Online ltinsider_at_businessweek.comgt
Subject BUSINESS WEEK ONLINE INSIDER -- July 30
Content-Type text/plain charset"us-ascii"
Content-Length 7694
4
5
nslookup -qMX ee.gatech.edu
(nslookup -gt host)
ee.gatech.edu preference 10,
mail exchanger mail.ee.gatech.edu
ee.gatech.edu nameserver eeserv.ee.gatech.edu
ee.gatech.edu nameserver duchess.ee.gatech.edu
ee.gatech.edu nameserver didier.ee.gatech.edu
mail.ee.gatech.edu internet address
130.207.230.10
eeserv.ee.gatech.edu internet address
130.207.230.5
duchess.ee.gatech.edu internet address
130.207.230.13
didier.ee.gatech.edu internet address
130.207.230.10
5
6
nslookup -qmx mcgraw-hill.com
Non-authoritative answer
mcgraw-hill.com preference 20, mail exchanger
interlock.mgh.com
Authoritative answers can be found from
mcgraw-hill.com nameserver NS-01A.ANS.NET
mcgraw-hill.com nameserver NS-01B.ANS.NET
mcgraw-hill.com nameserver NS-02A.ANS.NET
mcgraw-hill.com nameserver NS-02B.ANS.NET
NS-01A.ANS.NET internet address 199.221.47.7
NS-01B.ANS.NET internet address 199.221.47.8
NS-02A.ANS.NET internet address 207.24.245.179
NS-02B.ANS.NET internet address 207.24.245.178
6
7
nslookup 198.45.19.20 can
also use host or dig
Name gw2.mcgraw-hill.com
Address 198.45.19.20
nslookup 152.159.60.175
can't find 152.159.60.175 Non-existent
host/domain
traceroute 152.159.60.175 on MS Windows,
open DOS, type tracert
1 24.88.12.129 (24.88.12.129
) 17ms
2 stn-mtn-rtrb.atl.mediaone.net. (24.88.0.254
) 18ms
3 24.93.64.69 (24.93.64.69
) 20ms
4 24.93.64.61 (24.93.64.61
) 17ms
5 24.93.64.57 (24.93.64.57
) 25ms
6 sgarden-sa-gsr.carolina.rr.com. (24.93.64.30
) 26ms
7 roc-gsr-greensboro-gsr.carolina. (24.93.64.17
) 29ms
8 24.93.64.45 (24.93.64.45
) 38ms
9 sjbrt01-vnbrt01.rr.com. (24.128.6.6
) 41ms
10 pnbrt01-vnbrt01.rr.com. (24.128.6.85
) 42ms
11 p217.t3.ans.net.
(192.157.69.52 ) 51ms
12 h13-1.t32-0.new-york.t3.ans.net.
(140.223.33.21 ) 49ms
13 f0-0.cnss33.new-york.t3.ans.net.
(140.222.32.193 ) 53ms
14 s0.enss3339.t3.ans.net.
(199.222.77.70 ) 61ms
15
16
7
8
whois 152.159.60.175 OrgName
McGraw Hill, Inc OrgID MCGRAW Address
148 Princeton Htstown Rd City
Hightstown StateProv NJ PostalCode
08520 Country US NetRange 152.159.0.0 -
152.159.255.255 CIDR 152.159.0.0/16 NetName
MHP-NET NameServer AUTH111.NS.UU.NET NameSer
ver AUTH120.NS.UU.NET Comment RegDate
1992-03-18 Updated 2004-04-01
RTechHandle MW1053-ARIN RTechName Weyman,
Mike RTechPhone 1-555609-426-5291 RTechEmail
mike_weyman_at_mgh.com RTechHandle
JGE8-ARIN RTechName Gervasio, John RTechPhone
1-555-426-5017 RTechEmail john_gervasio_at_mgh.co
m OrgTechHandle HOSTM339-ARIN OrgTechName
hostmaster OrgTechPhone 1-555-426-5291 OrgTechE
mail hostmaster_at_mgh.com
ARIN WHOIS database, last updated 2006-09-24
1910 Enter ? for additional hints on searching
ARIN's WHOIS database.
8
9
Security Services for Email
Privacy - only read by intended recipient
(confidentiality, access,
authorization)
Authentication - confidence in ID of sender
Non-repudiation - proof that sender sent it
(attribution)
Integrity - assurance of no data alteration
Less Common Proof of submission - was
sent to email server Proof of delivery - was
received (and read) by addressee (Web Bug)
9
10
Investigating Email You Receive
Look at Raw or Source Message to
see Headers HTML Links Investigate Source
(who sent it) - Lowest Received
header Active Links in lta href http//IP
or URLgt, text lt/agt Image Links in ltimg
srcURL or filename lt/imggt Programs to
Use nslookup - IP from URL, or URL from
IP whois - Register of domain (not
URL) traceroute - path of packets through routers
10
11
Privacy
Establishing Keys

Public Key Certification

Exchange Public Keys
Multiple Recipients

Encrypt message m with session key, S

Encrypt S with each recipient's key

Send S Kbob, S Kann, ... , m S
Authentication of Source

Hash (MD4, MD5, SHA1) of message, encrypt with
private key (provides ciphertext/plaintext pair)

Secret Key K MIC is hash of Km, or CBC residue
with K (assuming message not encrypted with K).
11
12
Message Integrity
The source authentication methods that
include a hash of the message provide MIC
Non-repudiation
Private-key signing provides non-repudiation.
Secret-key method requires a "Notary" to
"Sign" a time-stamp hash of the message
Proof of Delivery
Acknowledge before reading - can't prove m was
read.
Acknowledge after - may have read without
signing.
12
13
Names and Addresses
X.500 Name (ISO standard)

?/CUS/OCIA/OUdrugs/PN'Manny Norriega'
Internet Name

m_noriega_at_mail.drugpc.cia.gov or manny_at_cia.gov

ltuser account namegt _at_ ltDNS host name or aliasgt

using the alias "mail" lets mail server program be
moved from one host to another

in gatech.edu domain, "mail" is an alias for
"vip1.ecc".
Old message - later Non-reputiation

Need Notary to sign hash of message, Certificate
used to authenticate Public Key, and current CRL
13
14
PGP Email Sign (optional) before
Encryption (also optional)
From "PGP Freeware for MacOS, User's Guide"
Version 6.5, Network Associates, Inc., www.pgp.com
14
15
with signature attached if there is one
How PGP Encryption Works
R64 Encoding
From "PGP Freeware for MacOS, User's Guide"
Version 6.5, Network Associates, Inc., www.pgp.com
15
16
PGP Format
Sender
Public key Private key
1. ZIP Compress 2. Encrypt with Session Key 3.
Encode to text with R64
16
17
PGP Email Receiver
Typed Passphrase
Private Key Ring
Public Key Ring
H - Hash DC - Symmetric Decryption DP -
Pub./Priv. Decryption
Receivers Private Key
Senders Public Key
Session Key
Check Signature
Message
ZIP Decompress
R64 Decode to binary
p.144-145 ed.3
17
18
R64 Encode Every 3 bytes split into 4 6-bit
numbers
011001001011010101101010
n 0 to 63

01011001 01001011 01010101 01101010
printable characters a-z A-Z 0-9 / in a
received message, , gt, CR, LF, ... are
ignored
for most 6-bit inputs, R64(n) just adds 64
(puts an 01 in front)
18
19
ASCII Characters used for R64 Encoding
used to pad
19
20
To Jim Jones" ltjim_jones_at_hotmail.comgt From
John Copeland ltjohn.copeland_at_ece.gatech.edugt Subje
ct ECE8813 PGP Endeavor... Cc Bcc
X-Attachments -----BEGIN PGP MESSAGE-----
(both 5 s required) Version PGPfreeware 6.5.2
for non-commercial lthttp//www.pgp.comgt
(blank line required) qANQR1DBwU4D6cjDUQAxCwQB/9I
ZFOIuDSIIQbwa28SQ63DDioFb4bH4bmKfopX cvdDVQ1X53fSJ
zyLt12RslfQToje8YxRNidYMNg1zDTT7CR9q7LRFoAwBFVtQhW
J jFNXn1aE8oePReMi6vS0DXSSDfgDuUb1Rc8htHoeik6Oeb
e9R90J3d51yyCojV AHT01kWlpvJIZGKyT3PdCh9wlr1hQsUGt
o10t32fBGsJCXew/EClb554AnyYSzP8 KAjuw1NdKOBlze0DCi
O6Z5zDAxAwlqTxcm42tthF5zFbTk4UKV6ORzIuHmRO7xR 5Io
5nlM7T11PDaWqsjLr2ttrSySzARt5fAJ9l1mOHhSl1YebRjZP
axWwbsYuqN a0GYr2UdwgE1u5HQuhZbOIbSliShfKiNuDGHe
6VJrchROHnC9Po2JWAOD7wMFq6 STZ/MPGzViaCUaaWPLSKlei
URUh4Ly5/LaNYkaumO9vh241FPqtZKqRVmHRg6dY UdgoI3yf
c3JrvepFQT1yeRjEVrLQiUtyhcwdVoLjofgerGAfe3YuDCxM6w
LIuCf7 Ro9edu01qTiXJj25cXHxeNMdA1txLxR3ontbExowML
5kxs 68Hd -----END PGP MESSAGE----- (both
5 s required)
Radix-64 encoding of a binary (all 8-bit bytes)
message 6-bits at a time into 64 printable ASCII
characters (A-Z, a-z , 0-9, , / bytes 65-90,
97-122, 48-57, 47, 43) pad with .
20
21
21
22
Public Key Information - PGP Commercial
22
23
PGP Certificates
Anyone can issue a Certificate to anyone,
including themselves. Certificates can be
revoked by the issuer, if a Certificate-Server is
used that has a Revocation Database.
Privacy Enhanced Mail, another standard
Where PEM expands data into canonical form,

(33 for text, 78 after encryption R64)
PGP compresses data using ZIP(-50),
encrypts (optional), then converts to
R64 encoding (33)
23
24
Things of which to be aware
Neither PEM nor PGP encodes mail headers
Subject can give away useful info
To and From give an intruder traffic analysis
info
PGP gives recipient the original file name and
modification date.
PEM may be used in a local system with unknown
trustworthiness of certificates
Certificates often verify that sender is "John
Smith" but he may not be the "John Smith you
think. Anyone can copy pictures from the Web.
Public PGP Key servers allow anyone to send you
PGP encrypted mail, but their signature is easily
forged. They can give your name mail address to
spammers. Avoid them. Get PGP keys directly from
owners.
24
25
http//www.gnupg.org/
Includes binaries for GnuPG.
GPGTools
https//www.gpgtools.org
Email Program
http//www.mozilla.org/en-US/thunderbird/
https//addons.mozilla.org/en-US/ thunderbird/addo
n/enigmail/ (Extension for Thunderbird, NOT
recommended)
25
26
Using GnuPG (PGP)
2016 GnuPG has good GUI interfaces for
Thunderbird, Apple "Mail", and probably MS
Outlook. ---------------------------------------
------------------------------------- Install
GPGTools now you have the command line programs
available to generate keys, maintain key-chain
files, convert text files (.asc) into encrypted
and/or signed ciphertext files (.pgp). The .pgp
files can be emailed as attachments or, if the
are armored (R64 encoded,) they can be pasted
into the body of an email message.
--------------------------------------------------
----------------- Install Thunderbird email
program. Under the Tools menu, select
Add-ons. In the box at upper right that says
Search all add-ons, type Enigmail. If found,
install it otherwise download the .xpi file from
the link on previous slide, and then try again.
Once installed you will see in the top
Thunderbird menu OpenPGP next to Tools
26
27
Using Thunderbird with GnuPG
Read https//www.gnupg.org/documentation/index.ht
ml (link) for critical stuff like this You
need (to send PGP mail) gt a secret key
matching the mail address you want to write from
(see Mail.app gtSettings gt Accounts) gt the public
key of the recipient gt recipients and senders
mail address have to perfectly match the mail
addresses (as IDs) in the keys being used. 2016
??? For the Encrypt button to become
available, you need to enter the recipients mail
address - only then will that button be enabled
(and only if you have the matching Public Key).
27
28
Configuring Thunderbird for GT Mail
Top Menu File / New / Existing Mail Account ...
Type in your User Name and password.
Thunderbird will try to set up the configuration
automatically, and fail. Then you can input the
following information User Name (your GT id
primary mail name) Receiving Mail Server
Protocol imap (or pop if you want to
download mail) Server Name imap.mail.gatech.ed
u (or pop.mail.gatech.edu) Server Port 995
Security SSL/TLS Authentication Normal
Password Sending Mail Server Protocol smtp
Server Name smtp.mail.gatech.edu Server Port
465 Security SSL/TLS Authentication
Normal Password
28
29
A PGP Email or .asc File Looks Like This
http//cryptome.org/jya/openpgp-01.htm
Syntax Start Comments 1 Blank Line R64 lt78
char. (pad s)
Checksum Stop
-----BEGIN PGP MESSAGE----- Version
9.9.1.287 Comment Do not worry about "UNTRUSTED
Good Signature" qANQR1DBwEwD7GfrZjlPkZ0BB/9YW6/cT
pNVkwdyuTmlo/fcTB0lIjy6C4LnUtx2 10BwJCwdcFHcIkS9Iw
0/9wKNafArxciCwpSM2BBYePksl2JQUf7in8MILirKtd6 Foy
9yEJmtD5JzaVDF1tYElT9ntzNk2jvcengkD/PhkmEaTVIY1Cw
5Bf5HP6OPOE J4RqTRjaGjkGrmcP3zywjESzfk0iN2z2mtsDHu
fFqJ0hvQAusAZ2c5GjK9jUsvHy 8gzBW9aFlINHpWL90G3XGta
KfudM9QGTjXIs99Pfdj08jUd/xSnFsDW6ulhlluW pCwohtN0
6qN6VvI2vbC3eGV5RCd5b6iR3O26hY/NOssjI5jwcBOA72/fx
TdBTHg EAP8DJVFBQzRjn2RBWr7BozV3DlHXMr9kU02szQh4
WNU7ffEakhlnwDoqnHvh3 QfH/8G7heOlGjM3hITZj8rw66OQ/
s4o/8o7N1wERhJYc4/oWOmAopyy8jIliB9AK n90fKWbfrTUrS
hF1qJdQuLMV0E30lHsKDKDyZ9vhklt2D20D/3Yl0zRlEk4w5x9
c i3mZC2XpKsgmttRABg65R1E4tQqPNiQTuL3YrpQfgLT9rMpW
5UmyppSuZvD9CpsW IG7I8MT33eY5Eh4twTdErvpXNuUWDadi
Pb6J8ifpBfzhuzWhiom7KAI34y6OX5 sYyyZHtqxNxg6ziZ76
B/H/vaegD0sBrATEJtdnDAipPogZYAzwuQ8PCO985wHuu 2aF
bPaVqLPMWwwFck3bvV46E49RWIPgkJmpMiimaG236HdQbF4nhZ
gUjfggGE3cm qP9eChxuV8kyZLIgkh1CaKP/XQSZlpl2jsD0M
1Mq6ef4BZ3BNWTPLjYNGM1Yt/ 0NlLnAxUvZmVNJvuxdeNK
In7jkpK5w466wRaiffujLzwJdzwISIofm7oEp88dP A9udzotK
GMFOHi3tHwPioxl/PdMv34AlMPY2c2qDEcwBSKAYR8ASBM/n
ulY6bK wZwbYGlSdxT/FTDb9i32WuUU7HeUPZvFizUIPwFzPe
I8RlkaLdhsElmbPuGar5l C7PMoOHuCnnSB4DdgUEqM5ScJRI6
ToGDAjh3XZ9BRwfD0O8 auCB -----END PGP
MESSAGE----- DO NOT LET YOUR EMAIL PROGRAM
REFORMAT THIS AS RTF OR HTML.
29