pretty good privacy - srm · pdf fileoutline introduction pgp operation pgp key management 1...
TRANSCRIPT
OutlineIntroduction
PGP OperationPGP Key Management
Pretty Good Privacy
Mahalingam RamkumarMississippi State University, MS
November 15, 2004
Ramkumar PGP
OutlineIntroduction
PGP OperationPGP Key Management
1 IntroductionPGP Services
2 PGP OperationPGP ComponentsPGP Message Generation and Reception
3 PGP Key ManagementStructure of Key Rings
Ramkumar PGP
OutlineIntroduction
PGP OperationPGP Key Management
Services
Services Provided by PGP
1 Digital Signature (DSS/SHA or RSA/SHA)
2 Message Encryption (CAST-128, IDEA, 3-DES in conjunctionwith RSA)
3 Compression (Lempel-Ziv)
4 E-mail compatibility (Radix-64 conversion)
5 Segmentation (to overcome maximum message length of50,000 bytes for SMTP)
Ramkumar PGP
OutlineIntroduction
PGP OperationPGP Key Management
Services
PGP Modes of Operation
1 Authentication (DSS/SHA or RSA/SHA)
2 Confidentiality (CAST-128, IDEA, 3-DES in conjunction withRSA)
3 Authentication and Confidentiality
Ramkumar PGP
OutlineIntroduction
PGP OperationPGP Key Management
Services
PGP Modes
Figure 15.1 PGP Cryptographic Functions
M
(c) Confidentiality and authentication
H
M
H
DP
Compare
KUa
| |
KRa
EP Z
EP
KUb
| |EC
Ks
DC
DP
KRb
Z-1
M
(b) Confidentiality only
DP
KRb
DC M
EP
KUb
EC | |
Ks
Z Z-1
H||
KRa
EPM
(a) Authentication only
Z Z-1
H
DP
Compare
KUa
M
EKRa[H(M)]Source A Destination B
EKUb[Ks]
EKRa[H(M)]EKUb[Ks]
Ramkumar PGP
OutlineIntroduction
PGP OperationPGP Key Management
Services
Transmission and Reception of PGP Messages
X ¨ file
Confidentialityrequired?
encrypt key, X
Yes
convert to radix 64X ¨ R64[X]
(a) Generic Transmission Diagram (from A) (b) Generic Reception Diagram (to B)
Figure 15.2 Transmission and Reception of PGP Messages
No
Confidentialityrequired?
decrypt key, X
Yes
No
convert from radix 64X ¨ R64–1[X]
CompressX ¨ Z(X)
Signaturerequired?
generate signatureX ¨ signature || X
Yes
No
DecompressX ¨ Z–1(X)
Signaturerequired?
strip signature from Xverify signature
Yes
No
X ¨ EKUb[Ks] || EKs[X]
K ¨ DKRb[EKUb[Ks]]X ¨ DK[X]
Ramkumar PGP
OutlineIntroduction
PGP OperationPGP Key Management
PGP ComponentsPGP - Sending and Receiving Messages
Keys
1 Four types of keys - passphrase, one-time session keys, publickeys, private keys
2 Two key rings - private and public
3 Private key ring is encrypted with passphrase
4 Every user has a public-private key pair
5 Can have multiple pairs.
Ramkumar PGP
OutlineIntroduction
PGP OperationPGP Key Management
PGP ComponentsPGP - Sending and Receiving Messages
PGP Message Components
1 Session key component
2 Signature
3 Message
Ramkumar PGP
OutlineIntroduction
PGP OperationPGP Key Management
PGP ComponentsPGP - Sending and Receiving Messages
Format of PGP Message
Content
Session keycomponent
Signature
Message
Leading two octetsof message digest
Key ID of sender'spublic key (KUa)
Key ID of recipient'spublic key (KUb)
Session key (Ks)
Timestamp
Message Digest
Filename
Timestamp
Data
Operation
EKUb
Notation:EKUb = encryption with user b's public keyEKRa = encryption with user a's private keyEKs = encryption with session keyZIP = Zip compression functionR64 = Radix-64 conversion function
Figure 15.3 General Format of PGP Message (from A to B)
ZIP
R64EKRa
EKs
Ramkumar PGP
OutlineIntroduction
PGP OperationPGP Key Management
PGP ComponentsPGP - Sending and Receiving Messages
PGP Message Generation
Private key ring
select encryptedprivate key
DC
MessageM
Key ID
message
IDA
H
messagedigest
EP | |
private keyKRa
EC
RNG
session keyKs
signature+ message
EP
Public key ring
IDBselect
public keyKUb
| |
encryptedsignature
+ message
Key ID
Output
Figure 15.5 PGP Message Generation (from User A to User B; no compression or radix 64 conversion)
Hpassphrase
Ramkumar PGP
OutlineIntroduction
PGP OperationPGP Key Management
PGP ComponentsPGP - Sending and Receiving Messages
PGP Message Reception
Figure 15.6 PGP Message Reception (from User A to User B; no compression or radix 64 conversion)
Public key ring
H
private keyKRb
select
passphrase
Private key ring
select encryptedprivate key
DC
encryptedmessage +signature
Encryptedsession key
receiver'sKey ID DP
session keyKs
DC
Encrypteddigest
sender'sKey ID
messageCompare
H
public keyKUa
DP
Ramkumar PGP
OutlineIntroduction
PGP OperationPGP Key Management
Structure of Key Rings
Private Key Ring
1 Timestamp
2 Key ID
3 Public key
4 Encrypted Private key (encrypted with passphrase)
5 User ID
Ramkumar PGP
OutlineIntroduction
PGP OperationPGP Key Management
Structure of Key Rings
Public Key Ring
1 Timestamp, Key ID, Public key, User ID,
2 Owner Trust (OT)
3 Key legitamacy (KL)
4 Signature(s)
5 Signature Trust(s) (ST)
Ramkumar PGP
OutlineIntroduction
PGP OperationPGP Key Management
Structure of Key Rings
Numerical Trust Assignment - for OT and ST
1 Undefined
2 Unknown
3 Usually not trusted
4 Usually trusted
5 Always trusted
6 Ultimate trust
Ramkumar PGP
OutlineIntroduction
PGP OperationPGP Key Management
Structure of Key Rings
Numerical Trust Assignment - KL
1 Undefined or Unknown
2 Not trusted
3 Marginally trusted
4 Complete trust
Ramkumar PGP
OutlineIntroduction
PGP OperationPGP Key Management
Structure of Key Rings
Relationship between KL, ST and OT
1 Consider public key of A signed by B and C
2 rA, rB and rC - rows in the public key ring corresponding to A,B and C .
3 Legitamacy entry for A depends on the “signature trusts” ofB and C in row rA.
4 ST of B in rA - copy of the OT in row rB5 ST of C in rA - copy of the OT in row rC6 “Owner Trust” manually assigned by the PGP user.
7 KL is a function of “weighted” STs
8 If any ST is “ultimate” - KL is assigned “complete trust”
9 X “usually trusted” signatures or Y for “always trusted”signatures for A (or any combination) would result in“complete trust” of A’s public key
Ramkumar PGP
OutlineIntroduction
PGP OperationPGP Key Management
Structure of Key Rings
Trust Propagation
You
A B C D E F
G H I J K L M N O
P Q R
S? ?
??
?
??
?X Y = X is signed by Y
= key's owner is trusted by you to sign keys
= key's owner is partly trusted by you to sign keys
= key is deemed legitimate by you
= unknown signatory
Figure 15.7 PGP Trust Model ExampleRamkumar PGP