beyond good & evil: the nuts and bolts of drm - dave cramer - ebookcraft 2017
Post on 05-Apr-2017
83 Views
Preview:
TRANSCRIPT
<nav role="doc-‐toc"><ol><li>Toolbox: nuts and bolts <ol><li>Ciphers <li>Symmetric key cryptography <li>Public Key Encryption <li>Hashes <li>Digital Signatures <li>Certificates</ol> <li>Application: Secure Browsing <li>Copyright <ol><li>ebook DRM <li>Readium LCP
text C A L L M E I S H M A E L
key E B O O K C R A F T E B O
cipher G B Z Z W G Z S M F E F Z
key E B O
text C A
echo "Call me Ishmael" | openssl enc -‐e -‐aes-‐256-‐cbc -‐a -‐p
enter aes-‐256-‐cbc encryption password:
salt=364338BE2F9FE6FC key=AE99F254C8F7D4314494B62736AD3E97ACCC454134F48D486FCA9C248F138C45
iv =A3FCB694B8CEFA792854874826F6D415
U2FsdGVkX182Qzi+L5/m/PdnBH6KrzpCgW92xFCQbUXSpwGg0t7p3XrjNNyqEZOl
echo "U2FsdGVkX182Qzi+L5/m/PdnBH6KrzpCgW92xFCQbUXSpwGg0t7p3XrjNNyqEZOl" | openssl aes-‐256-‐cbc -‐d -‐a
enter aes-‐256-‐cbc decryption password:
Call me Ishmael
135066410865995223349603216278805969938881475605667027524485143851526510604859533833940287150571909441798207282164471551373680419703964191743046496589274256239341020864383202110372958725762358509643110564073501508187510676594629205563685529475213500852879416377328533906109750544334999811150056977236890927563
The Math
1. Pick two large prime numbers P and Q
2. Multiply them together to form N = P*Q
3. Pick E, an odd number between 3 and N-1 that’s relatively prime to (P-1)(Q-1)
4. Compute D such that DE = 1 mod (P-1)(Q-1)
Do The Math
1. P = 11, Q = 13
2. Multiply them together to form N = 143
3. E = 7, which is not a factor of (P-1)(Q-1)=120
4. 7D= 1 mod 120 = 103
5. D = 103
Public Key is (143, 7) Private Key is (143, 103)
Encrypt(m) = mE mod PQ
Message is “99” (ascii code for “c”)
Encrypt(99) = 997 mod 143
Encrypt(99) = 93206534790699 mod 143
Encrypt(99) = 44
Decrypt(ciphertext) = message = cD mod(PQ) m = 44103 mod 143 m = 18863647751783874097093622186761307641671395896510124670027581034745115835900579054247760433265371183425069323507066622936418037086042241347409034030626680951825376477184 mod 143 m = 99
ISBN Multiplier Result9 1 97 3 218 1 81 3 39 1 92 3 66 1 68 3 245 1 55 3 157 1 78 3 24
(3) 137
137 mod 10 = 7 10 -‐7 = 3
ISBN Multiplier Result9 1 97 3 218 1 81 3 39 1 92 3 68 1 86 3 185 1 55 3 157 1 78 3 24
(3) 133
133 mod 10 = 3 10 -‐ 3 = 7
WRONG
Adler-32 Hash Exampletext ascii A B
c 99 1 + 99 100 0 + 100 100a 97 100 + 97 197 100 + 197 297l 108 197 + 108 305 297 + 305 602l 108 305 + 108 413 602 + 413 1015
32 413 + 32 445 1015 + 445 1460m 109 445 + 109 554 1460 + 554 2014e 101 554 + 101 655 2014 + 655 2669
32 655 + 32 687 2669 + 687 3356i 105 687 + 105 792 3356 + 792 4148s 115 792 + 115 907 4148 + 907 5055h 104 907 + 104 1011 5055 + 1011 6066m 109 1011 + 109 1120 6066 + 1120 7186a 97 1120 + 97
971217 7186 + 1217 8403
e 101 1217 + 101 1318 8403 + 1318 9721l 108 1318 + 108 1426 9721 + 1426 11147
1426 = hex 0592 11147 = hex 2b8b Hash = 2b8b0592
message ciphertext
ciphertext message
message+
message
Signing
Verifying
message=
private key
public key
REM15M:~ cramerd$ openssl genrsa -‐aes128 -‐passout pass:ebookcraft -‐out private.pem 4096 Generating RSA private key, 4096 bit long modulus ........................++ ...........................................................................................................++ e is 65537 (0x10001)
REM15M:~ cramerd$ openssl rsa -‐in private.pem -‐passin pass:ebookcraft -‐pubout -‐out public.pem writing RSA key
REM15M:~ cramerd$ openssl dgst -‐sha256 -‐sign private.pem -‐out /tmp/sign.sha256 text-‐ to-‐sign.txt Enter pass phrase for private.pem:
REM15:~ cramerd$ openssl base64 -‐in /tmp/sign.sha256 -‐out text-‐signed.txt
REM15M:~ cramerd$ openssl base64 -‐d -‐in text-‐signed.txt -‐out /tmp/sign.sha256
REM15M:~ cramerd$ openssl dgst -‐sha256 -‐verify public.pem -‐signature /tmp/sign.sha256 text-‐to-‐sign.txt
Verified OK
REM15M-‐CRAMERD:readium-‐lcp-‐server cramerd$ openssl req -‐out CSR.csr -‐new -‐newkey rsa:2048 -‐nodes -‐keyout privateKey.key Generating a 2048 bit RSA private key ...........................................+++ .+++ writing new private key to 'privateKey.key' -‐-‐-‐-‐-‐ You are about to be asked to enter information that will be incorporated into your certificate request. What you are about to enter is what is called a Distinguished Name or a DN. There are quite a few fields but you can leave some blank For some fields there will be a default value, If you enter '.', the field will be left blank. -‐-‐-‐-‐-‐ Country Name (2 letter code) [AU]:CA State or Province Name (full name) [Some-‐State]:Ontario Locality Name (eg, city) []:Toronto Organization Name (eg, company) [Internet Widgits Pty Ltd]:ebookcraft appreciation society ltd Organizational Unit Name (eg, section) []: Common Name (e.g. server FQDN or YOUR name) []:ebookcraftrocks.com Email Address []:
Please enter the following 'extra' attributes to be sent with your certificate request A challenge password []:123456
-‐-‐-‐-‐-‐BEGIN CERTIFICATE REQUEST-‐-‐-‐-‐-‐ MIIC2TCCAcECAQAwfTELMAkGA1UEBhMCQ0ExEDAOBgNVBAgTB09udGFyaW8xEDAO BgNVBAcTB1Rvcm9udG8xLDAqBgNVBAoTI2Vib29rY3JhZnQgYXBwcmVjaWF0aW9u IHNvY2lldHkgbHRkMRwwGgYDVQQDExNlYm9va2NyYWZ0cm9ja3MuY29tMIIBIjAN BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA+mOAIZG8lP+OIBuk6J6bPCqhT+Gx jEKzwFpOIGIV6B/uRtUJX/BF8nb6KAaoOuRab0a4yIdPNlEgvExbkGkdQdDVsc+K Qxub1SeJF2zNFlAhtmuvsLbm9ONoAFfcn0O/pwMZzbQj0bZy7U3srNee8/OvGCD5 bQdu6+ZKH+OeC5QUmPpbjv5uOmGIcT5Q0hUBP33T4XTj5vhVzSgdmhGY02T+BTC5 3V1sB+glJ11lCpTTjmdEUcVfUeagZ1UZtLHC7zMXiJuSYurCYproXIADVGvKRe4C /otZQm/T6ULReYzw7w8YygyxgRvHJAjvZKU47/wm+ShuX/A1H4D8iUKmqQIDAQAB oBcwFQYJKoZIhvcNAQkHMQgTBjEyMzQ1NjANBgkqhkiG9w0BAQUFAAOCAQEAgNDm Znf5GPCyb4Y2600/SFPioOui4BZucsip+QQpj0zNx1oo3Jlrng9vqcT78KniCGNv Zn/Un+FBXy2kOI9IQe4wYWg+u0ggVxVNTP52x5Ug3RXvAT5iTm3q1AojeIU7FYBT aZD/GNsDAEecyb5xB3T97MJCo4HtH+vLVrRXPnUgAXg9HGm4tSi6oQOsVYy+y6xU LUbWO97sWNmKTxzXkDfDbSYYTsB1PzTbDFWzX1ed+jZZFynUUavktS8ky7ImlYH0 yvpaZP3MCVE1xQCLjqAua9FmR4H6ns0y9haWxCVzXHzseyRRzfyBmXD7AkSuElVI dpOUa7WVxwra4uXIRw== -‐-‐-‐-‐-‐END CERTIFICATE REQUEST-‐-‐-‐-‐-‐
Acronyms
• HTTPS = HTTP over TLS or HTTP over SSL
• TLS = Transport Layer Seurity
• SSL = Secure Sockets Layer
–The Statute of Anne, 1710
Whereas Printers, Booksellers, and other Persons, have of late frequently taken the Liberty of Printing, Reprinting, and Publishing, or causing to be Printed, Reprinted, and Published Books, and other Writings, without the Consent of the Authors or Proprietors of such Books and Writings, to their very great Detriment, and too often to the Ruin of them and their Families: For Preventing therefore such Practices for the future, and for the Encouragement of Learned Men to Compose and Write useful Books; May it please Your Majesty, that it may be Enacted…
–Defective by Design
“the practice of imposing technological restrictions that control what users can
do with digital media.”
ebook DRM systems
Scheme Users
Apple FairPlay iBooks
Kindle Kindle
Adobe B&N, Kobo, Overdrive, Google Play
Sony UMRS Numilog (France)
Readium LCP just getting started
Readium LCP Goals• Avoid vendor lock-in
• Support library use cases
• Relatively simple and inexpensive to operate
• Support for a11y
• Allow offline use; still function if a provider goes out of business
EPUB lcpencrypt
Passphrase
LCP License Server
encrypted EPUB
LCP License encrypted EPUB
content key
+
Free AdviceWho Are You? What Should You Do?
Library Use DRM, but make it as user-friendly as possible.
Trade PublisherScrew DRM. Make it easier to buy your
books than pirate them. Look at watermarking.
Put books on the web.
Educational Publisher You already made a pact with the Devil. Use DRM.
Legislator, lobbyist, rule-maker, judge Hang your head in shame.
top related