Pretty Good Privacy (PGP) - PowerPoint PPT Presentation

1 / 15
About This Presentation
Title:

Pretty Good Privacy (PGP)

Description:

Internet e-mail encryption scheme, de-facto standard. ... inventor, Phil Zimmerman, a undergraduate from FAU in 1991. ---BEGIN PGP SIGNED MESSAGE ... – PowerPoint PPT presentation

Number of Views:572
Avg rating:3.0/5.0
Slides: 16
Provided by: xuka5
Category:
Tags: pgp | good | internet | inventor | of | pretty | privacy | the

less

Transcript and Presenter's Notes

Title: Pretty Good Privacy (PGP)


1
PGP Overview 2004/11/30 Information-Center
meeting peterkim
2
Email servers
POP3 Post Office Protocol, port 110 IMAP
Internet Mail Access Protocol, port 143 SMTP
Simple Main Transfer Protocol, port 25
3
Pretty good privacy (PGP)
  • Internet e-mail encryption scheme, de-facto
    standard.
  • uses symmetric key cryptography, public key
    cryptography, hash function, and digital
    signature as described.
  • provides secrecy, sender authentication,
    integrity.
  • inventor, Phil Zimmerman, a undergraduate from
    FAU in 1991.

A PGP signed message
  • ---BEGIN PGP SIGNED MESSAGE---
  • Hash SHA1
  • BobMy husband is out of town tonight.Passionately
    yours, Alice
  • ---BEGIN PGP SIGNATURE---
  • Version PGP 5.0
  • Charset noconv
  • yhHJRHhGJGhgg/12EpJlo8gE4vB3mqJhFEvZP9t6n7G6m5Gw2
  • ---END PGP SIGNATURE---

4
PGP overview mechanism
  • Anybody creates his/her RSA public key and
    private key (512, 768, or 1024 bits)
    (automatically generated by PGP)
  • Anybody (e.g., Alice) can send encrypted (as well
    as signed) email to anybody else (e.g., Bob).
  • Generate a one-time random key to encrypt the
    email using a secret key system (e.g., IDEA)
  • Encrypt the random key with Bobs public key
  • May sign the email with her own private key
  • May compress the email before encryption
  • Bob can use his private key to decrypt the
    encrypted email.
  • Moreover, pass phrase is required for
    decryption
  • The pass phrase is typed by Bob when PGP
    generates RSA keys for him

5
PGP overviewkey distribution
  • Public key system (RSA), key distribution
  • PEM rigid hierarchy of CAs.
  • S/MIME (being agnostic), assume that a number of
    parallel independent hierarchies.
  • PGP anarchy, each user decides which keys to
    trust.
  • You contact Alice in person to get Alices public
    key, and trust it
  • You find the public key of Alice on her web page
    or from email, you can copy it to your PGP system
    to trust it if you want.
  • Public key server (e.g., http//math-www.uni-pader
    born.de/pgp/).

6
PGP--certificates
  • Certificates are an optional in PGP
  • anyone can issue a certificate to anyone else
  • If you trust Alice and get Carols public key
    certificate signed by Alice, you will trust
    Carols public key
  • If you get Carols two public key certificates,
    one signed by Alice, and the other signed by Bob,
    both Alice and Bob are trusted by you, then you
    can trust both Carols certificates.
  • Therefore PGP is very flexible and easy to use

7
Security services for Email
  • Privacy/confidentiality
  • Authentication
  • Integrity
  • Non-repudiation
  • Proof of submission (same as certified mail)
  • Proof of delivery (same as post mail request
    return receipt)
  • Anonymity
  • Message flow confidentiality
  • Containment
  • Audit
  • Accounting
  • Self destruct
  • Message sequence integrity

8
Secure e-mail (Encode and check sign)
  • Alice wants to send confidential e-mail, m, to
    Bob.
  • Alice
  • generates random symmetric private key, KS.
  • encrypts message with KS (for efficiency)
  • also encrypts KS with Bobs public key.
  • sends both KS(m) and KB(KS) to Bob.

9
Secure e-mail (Encode and check sign)
  • Alice wants to send confidential e-mail, m, to
    Bob.
  • Bob
  • uses his private key to decrypt and recover KS
  • uses KS to decrypt KS(m) to recover m

10
Secure e-mail (Sign)
  • Alice wants to provide sender authentication
    message integrity.
  • Alice digitally signs message.
  • sends both message (in the clear) and digital
    signature.

11
Secure e-mail (Another Application)
  • Alice wants to provide secrecy, sender
    authentication, message integrity.

Alice uses three keys her private key, Bobs
public key, newly created symmetric key
12
PGP overview
  • Not just for email, it performs encryption and
    integrity protection on files
  • Your email is treated as a file
  • Encrypt the file
  • Send the encrypted file by regular e-mailer.
  • The receiver saves the email to a file and then,
    decrypt the file by PGP
  • Directly embedded in email for convenience.
  • Visit http//www.pitt.edu/poole/PGP.htm

13
Certificate and key revocation
  • You can revoke (delete) any public key anytime
  • A public key of a person can be revoked by the
    corresponding private key
  • The issuer of a certificate can revoke the
    certificate
  • Does not mean that the holder of revoked
    certificate is a bad person, but the issuers does
    not want to vouch for its authenticity.
  • Validity period of a key and a certificate

14
PGPkey ring
  • A data structure containing key materials
  • pubring.pgp containing your public keys, other
    peoples public keys, information about people,
    and certificates.
  • secring.pgp containing your private keys.
  • Three trust levels currently in PGP none,
    partial, complete.
  • A trust level of a person may determine the trust
    level of the certificates signed by the person.

15
Final Demo Show
  • WinPT - Windows Privacy Tools
  • Windows Privacy Tools (WinPT) is a collection of
    multilingual applications for digital encryption
    and signing of content. WinPT is GnuPG-based,
    compatible with OpenPGP compliant software (like
    PGP) and free for commercial and personal use
    under the GPL.
  • http//winpt.sourceforge.net/en/ 
Write a Comment
User Comments (0)
About PowerShow.com