Practical CryptographyA User's Guide

Hugo Mills

What's in this talk

● Introduction & Theory– Symmetric Crypto– Public Key Crypto– Encryption and signing

● GPG/PGP– What it is– Key creation and basic management– Encryption & decryption– Signing– Key management

What's in the next talk(s)?

● gpg– Mail client integration; GUIs

● ssh– Key creation; Use; Key management; Agents

● X.509 certificates– Generating certs; Management in browsers;

Apache and HTTPS

Theory: Traditional Crypto

QRGEFAJJTO

Hello,World

Symmetric Cryptography

Theory: Traditional Crypto

QRGEFAJJTO

Hello,World

QRGEFAJJTO

Hello,World

Symmetric systems

● DES● 3DES● AES (Rijndael)● Blowfish● Twofish

Theory: Public Key Crypto

QRGEFAJJTO

Hello,World

A

B

Theory: Public Key Crypto

QRGEFAJJTO

Hello,World

QRGEFAJJTO

Hello,World

A B

Public/Private Keys

● Public Key– Can be seen by

anyone– System still secure

● Private key– Must be kept secret– Can be used to find

matching public key

AB

● Keys generated together as a keypair

Public-key systems

● RSA● ElGamal● DSA

The Important Bit

What one key does,the other undoes.

Theory: Signatures

Hello,World

AB

Hello,World

20958

Hello,World

20958

Part 2

GPG (PGP)

GPG: What does it do?

● Everything:– Encryption– Decryption– Signing– Signature checking– Web of trust

Key creation

$ gpg --gen-key...Please select what kind of key you want: (1) DSA and Elgamal (default) (2) DSA (sign only) (5) RSA (sign only)Your selection? 1DSA keypair will have 1024 bits.ELG-E keys may be between 1024 and 4096 bits long.What keysize do you want? (2048) 2048Requested keysize is 2048 bits

Key creation

Please specify how long the key should be valid. 0 = key does not expire <n> = key expires in n days <n>w = key expires in n weeks <n>m = key expires in n months <n>y = key expires in n yearsKey is valid for? (0) 5yKey expires at Wed 30 Jan 2013 14:28:40 GMTIs this correct? (y/N) y

Key creation

You need a user ID to identify your key; the software constructs the user IDfrom the Real Name, Comment and Email Address in this form:"Heinrich Heine (Der Dichter) <heinrichh@...>"Real name: Harry PearceEmail address: pearceh@mi5.gov.ukComment: Section DYou selected this USER-ID:"Harry Pearce (Section D) <pearceh@mi5.gov.uk>"

Change (N)ame, (C)omment, (E)mail or (O)kay/(Q)uit? oYou need a Passphrase to protect your secret key.

Enter passphrase:

Key creation

gpg: key 603652F2 marked as ultimately trustedpublic and secret key created and signed.

gpg: checking the trustdbgpg: 3 marginal(s) needed, 1 complete(s) needed, PGP trust modelgpg: depth: 0 valid: 1 signed: 0 trust: 0-, 0q, 0n, 0m, 0f, 1ugpg: next trustdb check due at 2013-01-30pub 1024D/603652F2 2008-02-01 [expires: 2013-01-30] Key fingerprint = 628B 640D A7A6 4F98 D746 E355 8B26 B823 6036 52F2uid Harry Pearce (Head of Section D) <pearceh@mi5.gov.uk>sub 2048g/FFC30BC8 2008-02-01 [expires: 2013-01-30]

All done, keypair created.

Encryptionpearce@willow:~$ lsmy-secrets.txt

pearce@willow:~$ cat my-secrets.txt Section D personnelCarter, AdamYounis, ZafarPortman, JoWynn-Jones, MalcolmJames, Connie

Encryption$ gpg -e my-secrets.txt You did not specify a user ID. (you may use "-r")

Current recipients:

Enter the user ID. End with an empty line: pearceh@mi5.gov.uk

Current recipients:2048g/0FC718A8 2007-12-07 "Harry Pearce (Head of Section D) <pearceh@mi5.gov.uk>"

Enter the user ID. End with an empty line: $ lsmy-secrets.txt my-secrets.txt.gpg

Decryptionpearce@willow:~$ gpg -d my-secrets.txt.gpg

You need a passphrase to unlock the secret key foruser: “Harry Pearce (Section D) <pearceh@mi5.gov.uk>”2048-bit ELG-E key, ID FFC30BC8, created 2008-02-01 (main key ID 603652F2)

Enter passphrase:

Section D personnelCarter, AdamYounis, ZafarPortman, JoWynn-Jones, MalcolmJames, Connie

Signaturespearce@willow:~$ cat will.txt In the event of my death, I hereby leave all my worldly goods and chattels to the Battersea Dogs Home.

Harry Pearce.

pearce@willow:~$ gpg --clearsign will.txt

You need a passphrase to unlock the secret key foruser: "Harry Pearce (Section D) <pearceh@mi5.gov.uk>"1024-bit DSA key, ID 603652F2, created 2008-02-01

pearce@willow:~$ lsmy-secrets.txt my-secrets.txt.gpg will.txt will.txt.asc

Signaturespearce@willow:~$ cat will.txt.asc -----BEGIN PGP SIGNED MESSAGE-----Hash: SHA1

In the event of my death, I hereby leave all my worldly goods and chattelsto the Battersea Dogs Home.

Harry Pearce.-----BEGIN PGP SIGNATURE-----Version: GnuPG v1.4.6 (GNU/Linux)

iD8DBQFHoztsiya4I2A2UvIRAqHrAJ9SzWJkBcBQepCIrtZNTTz8gdqBuACfXlC2rWl83jYJKlJbmNx7THQRIWw==mBj0-----END PGP SIGNATURE-----

Verify a signaturepearce@willow:~$ gpg --verify will.txt.asc gpg: Signature made Fri 01 Feb 2008 15:31:56 GMT using DSA key ID 603652F2gpg: Good signature from "Harry Pearce (Section D) <pearceh@mi5.gov.uk>"

Key Distribution

● Q. How to get your public key to someone?● A. A Public Key server!●

● Upload your key to the server● Others can download it

– Verify your signatures– Encrypt files for you to read

Key Distributionpearceh@willow:~$ gpg --send-keys --keyserver

wwwkeys.uk.pgp.net 603652F2gpg: sending key 603652F2 to hkp server wwwkeys.uk.pgp.net

Key Distributionpearce@willow:~$ gpg --recv-keys --keyserver

wwwkeys.uk.pgp.net EA2B228Fgpg: requesting key EA2B228F from hkp server wwwkeys.uk.pgp.netgpg: key EA2B228F: public key "Hugo Mills (University of Southampton) <hugo@omii.ac.uk>" importedgpg: 3 marginal(s) needed, 1 complete(s) needed, PGP trust modelgpg: depth: 0 valid: 1 signed: 0 trust: 0-, 0q, 0n, 0m, 0f, 1ugpg: next trustdb check due at 2013-01-30gpg: Total number processed: 1gpg: imported: 1

Web Of Trust

● Q. How do I know the key is good?● A. Web of Trust●

● Signing a key– I have verified the identity of the person– I have verified that this key is controlled by

that person– I trust this person to perform those same

checks well

Web Of Trust

A

A

A

A

A

A

?A

Keysigning

● Signing a key is a statement that:– I believe and have verified that this key is

controlled by a person matching the identity in the key

– I trust this person to perform similarly good identity checks

●

● Beforehand– gpg --fingerprint 603652F2– Print out several copies on slips of paper

Keysigning● When you meet

– Exchange fingerprint slips and ID papers– Check ID papers against person (does the

photo match?)– Check ID papers against the key details– Initial the slip and keep it– Hand papers back

● What to accept for ID?– Passport, national ID card, photo driving

license, other government-issued photo ID– Some people only accept passport – up to you

Keysigning

● After you meet– gpg --recv-keys keyid– gpg --fingerprint keyid

● Check this with the fingerprint on paper

– dd if=/dev/urandom count=64 bs=1 | hexdump >person.gpg

● Encrypt and mail it to their email addresses, asking for it to be returned to you.

– Check the returned mail against the copy you kept

– Sign and upload the key

Keysigningpearce@willow:~$ gpg --ask-cert-level --sign-key EA2B228F[...]pub 1024D/EA2B228F created: 2007-09-06 expires: 2009-09-05 usage: SC trust: unknown validity: unknown Primary key fingerprint: 8995 11CC 3CA7 690C C09E 43B3 420D F030 EA2B 228F

Hugo Mills (University of Southampton) <hugo@omii.ac.uk>

This key is due to expire on 2009-09-05.How carefully have you verified the key you are about to sign actually belongsto the person named above? If you don't know what to answer, enter "0".

(0) I will not answer. (default) (1) I have not checked at all. (2) I have done casual checking. (3) I have done very careful checking.

KeysigningYour selection? (enter `?' for more information): 3Are you sure that you want to sign this key with yourkey "Harry Pearce (Section D) <pearceh@mi5.gov.uk>" (603652F2)

I have checked this key very carefully.

Really sign? (y/N) y

You need a passphrase to unlock the secret key foruser: "Harry Pearce (Section D) <pearceh@mi5.gov.uk>"1024-bit DSA key, ID 603652F2, created 2008-02-01

passphrase

pearce@willow:~$ gpg --send-keys EA2B228Fgpg: sending key EA2B228F to hkp server wwwkeys.uk.pgp.net

All done.

Key Management

● List public keys– gpg --list-keys

● List public keys and their fingerprints– gpg --fingerprint

● List public keys and their signatures– gpg --list-sigs

● Can do this for a particular key using key ID, name or email address to search

Key Management

● gpg --edit-key– Interactive key viewer and editor– Sign keys, check signatures, remove sigs– Add/remove subkeys (other identities, email

addresses, etc)– Change trust parameters– Revoke keys– Option to save changes on exit

Key Revocation

● If your key becomes compromised, or otherwise defunct– Private key file lost, stolen or compromised– Lost passphrase– No longer used– Newer key in use

● Use a revocation certificate to cancel your key

● Generate cert when you generate key

Key revocation

● Generate a revocation cert– gpg --gen-revoke 603652F2 >revoke.gpg

● Best when you generate the key● Keep this file safe

● To revoke the key, import it into GPG– gpg --import <revoke.gpg– gpg --send-keys 603652F2

Further reading

● gpg --edit-key has a “help” command● http://gnupg.org/

Any questions?