Pretty Good Privacy PGP - PowerPoint PPT Presentation

1 / 9

About This Presentation

Title:

Pretty Good Privacy PGP

Description:

Number of Views:171

Avg rating:3.0/5.0

Slides: 10

Provided by: xuka

Category:

Tags: pgp | freeware | good | pretty | privacy

Transcript and Presenter's Notes

Title: Pretty Good Privacy PGP

1
Pretty Good Privacy (PGP)

Freeware for email by Phil Zimmermann since 1991
He was the target of a three-year criminal
investigation because of so-call violation of US
export law.
Although we honest people dont really think we
need to encrypt our emailwere not hiding
anything we should all start encrypting our
email so that in case someone needs privacy, the
poor soul wont arouse suspicion by being the
only one encrypting email.
if privacy is outlawed, only outlaws will have
privacy

2
PGP overview

3
PGP overview mechanism

Anybody creates his/her RSA public key and
private key (512, 768, or 1024 bits)
(automatically generated by PGP)
Anybody (e.g., Alice) can send encrypted (as well
as signed) email to anybody else (e.g., Bob).
Generate a one-time random key to encrypt the
email using a secret key system (e.g., IDEA)
Encrypt the random key with Bobs public key
May sign the email with her own private key
May compress the email before encryption
Bob can use his private key to decrypt the
encrypted email.
Moreover, pass phrase is required for
decryption
The pass phrase is typed by Bob when PGP
generates RSA keys for him

4
PGP overviewkey distribution

Public key system (RSA), key distribution
PEM rigid hierarchy of CAs.
S/MIME (being agnostic), assume that a number of
parallel independent hierarchies.
PGP anarchy, each user decides which keys to
trust.
You contact Alice in person to get Alices public
key, and trust it
You find the public key of Alice on her web page
or from email, you can copy it to your PGP system
to trust it if you want.
Public key server (e.g., http//math-www.uni-pader
born.de/pgp/).

5
PGP--certificates

Certificates are an optional in PGP
anyone can issue a certificate to anyone else
If you trust Alice and get Carols public key
certificate signed by Alice, you will trust
Carols public key
If you get Carols two public key certificates,
one signed by Alice, and the other signed by Bob,
both Alice and Bob are trusted by you, then you
can trust both Carols certificates.
Therefore PGP is very flexible and easy to use

6
PGP trust levels

Problem with PGP anarchistic structure
Alice was bribed to issue certificate for Carol
Alice was sloppy about checking (key,identity)
and sign the certificate.
Suppose Ted is honest and never sloppy, could you
trust Teds signature for Carols public key,
from whom he had a bitter divorce?
Solutions
All are determined by yourself
Give a trust level for a public key
Given a trust level for the certificates signed
by the key

7
Certificate and key revocation

You can revoke (delete) any public key anytime
A public key of a person can be revoked by the
corresponding private key
The issuer of a certificate can revoke the
certificate
Does not mean that the holder of revoked
certificate is a bad person, but the issuers does
not want to vouch for its authenticity.
Validity period of a key and a certificate

8
PGPkey ring

A data structure containing key materials
pubring.pgp containing your public keys, other
peoples public keys, information about people,
and certificates.
secring.pgp containing your private keys.
Three trust levels currently in PGP none,
partial, complete.
A trust level of a person may determine the trust
level of the certificates signed by the person.

9
PGP--fingerprint

A short, fixed-seize string intended to be a
unique representation of a string of arbitrary
length and obtained by a one-way hash function.
For PGP, the fingerprint is a 256 bit string for
a public key (which may be 1024 bits) by MD5
Purpose of a fingerprint for a public key is for
people to easy to remember and easy to verify the
public key

Write a Comment

User Comments (0)