Gnu Privacy Guard

1
Gnu Privacy Guard

• CSE 539
• 1/28/2003
• Austin Godber
• godber_at_asu.edu

2
Introduction

• Concepts you may encounter in this class
• Encryption
• Symmetric Key Cryptography Schneier Ch. 12-14
• Asymmetric Key Cryptography Sch. Ch. 19-20
• One Way Hash Functions Sch. Ch. 18
• Digital Signatures Sch. Ch. 20
• Pseudo Random Number Generation Sch. Ch. 17

3
Theory

• Symmetric Key Cryptography
• Both parties share the same key, same key is used
  to encrypt and decrypt.
• Algorithms DES, 3DES, IDEA, Blowfish, AES
  (Rijndael)
• Based on many rounds of modification of blocks of
  data.
• Capable of (confidentiality, authentication)
• Problems Key Distribution

4
Theory

• Asymmetric Key Cryptography (Public Key)
• Each party has a pair of keys. One is made
  public and one is kept private. Public key is
  used to encrypt, private key is used to decrypt.
• Algorithms - RSA, Diffie-Hellman, Elliptic Curves
• Based on large prime numbers and modular
  exponentiation. Number Theory anyone?
• Capable of (confidentiality, authentication)
• Encrypt
• Decrypt
• Sign
• Problems - Much Slower than Symmetric
  Cryptosystems (1000 times for equivalent security)

5
Theory

• Hybrid
• Symmetric ciphers have key distribution problems
• Asymmetric have speed problems, but greatly
  simplified key distribution
• A hybrid system uses both
• A message is encrypted with a symmetric session
  key, this session key is then encrypted with the
  recipients public key. Thus only the recipient
  can decrypt it.

6
Pretty Good Privacy and Gnu Privacy Guard

• Pretty Good Privacy
• Philip Zimmerman
• Released in 1991
• 3 year criminal investigation was eventually
  dropped
• Gnu Privacy Guard
• Open source
• OpenPGP compliant (RFC 2440)

7
GPG Overview

• Create Key and Key Revocation Certificate
• Share/Verify Keys
• Web Page
• Key Server
• Finger Information (.plan)
• Use Keys
• Issue Revocation Certificate, or Key Expires

8
Trust

• Key Verification
• Verify Key owners Identity (harder than it
  sounds)
• Check the Keys information (including the key
  fingerprint)
• Public Key Infrastructure (PKI)
• Web Of Trust (PGP uses this)
• Key Ring Trust Fields
• Key Legitimacy Field
• Signature Trust Field
• Owner Trust Field

9
Key Revocation

• Keys may expire
• A key should have at most a several year
  lifetime.
• Keys may need to be revoked
• Making a revocation certificate requires the
  private key so be sure you create it BEFORE you
  loose your key and need it!

10
GPG Command Line Usage

• Key Generation
• gpg --gen-key
• Key Server Submission
• gpg --keyserver ltkeyservergt --send-key
  ltYour_Key_IDgt
• Key Management
• gpg --list-keys
• gpg --list-secret-keys
• gpg --edit-key C01BAFC3
• sec 1024D/C01BAFC3 2000-09-21 Demo User
  ltdemo_at_nonexistent.nowhere
• ssb 2048g/7A4087F3 2000-09-21
• gpg --edit-key C01BAFC3

11
GPG Command Line Usage

• Encrypting
• Symmetric
• Hybrid
• gpg e FILENAME
• gpg r RECIPIENT ae FILENAME
• Decrypting
• gpg d ENCRYPTED-FILENAME
• Signing
• Key
• gpg --keyserver ltkeyservergt --recv-keys
  ltKey_IDgt
• gpg --fingerprint ltKey_IDgt
• gpg --sign-key ltKey_IDgt

12
GPG Options File

• File is
• ./.gnupg/options
• Can set defaults
• Keyserver
• Default private key
• Trust policies
• Many other options

13
GPG Incorporating Into Clients

• Mail User Agents
• Mutt, Pine, Kmail, exmh, EMACS, Outlook, Eudora
• Other Front Ends
• GNOME, tk, Windows, kgpg
• IM Clients
• For GAIM I was wrong, there are none, but see
  BLAIM (Blowfish Plugin for GAIM) or proxide
• ICQ Miranda ICQ
• See the Front Ends page

14
GPG Incorporating into MUTT

• Possibly your scenario
• You receive email on an ASU IMAP server
• You typically use a Linux box that you trust
• You could configure Mutt to connect to the IMAP
  server and use GPG
• How? The .muttrc file (GPG MUTT)
• set imap_userUSERNAME
• set imap_checkinterval60
• set spoolfileimap1.asu.eduinbox
• set pgp_autosignyes

15
GPG Incorporating Into MUTT

• Latest Version of MUTT includes everything you
  need
• The last screen right before you actually commit
  to sending the mail you can hit the letter p
  and it will present you with options
• Warning, MUTT caches your passphrase (depending
  on config), you can force it to forget with CTRL-f

16
Compatability

• Check the PGPGPG HOWTO
• Encrypting TO a user of PGP 5.0
• Decrypting with a PGP DSS/Diffie-Hellman key

17
Other Uses

• Encrypt personal email
• Encrypt files
• Sign email
• Sign source code or binary packages

18
Resources

• See the supplemental web page -
  http//www.public.asu.edu/auasg/gpg/
• GPG (NIX, Windows, OS X) - http//www.gnupg.org/
• PGP Freeware 8.0 (Windows, Mac)
  http//www.pgp.com/
• RFC 2440 http//www.ietf.org/rfc/rfc2440.txt