using pgp for securing the email
TRANSCRIPT
Using PGP for securing the emailConfidentiality and authentication over unsecure channels
Student: Gianni Fiore
PGP Overview• Pretty Good Privacy (PGP) is a security standard which aims to:• Protect a binary target information from unauthorized eyes
• Files, emails, phone calls, chat messages, etc …• Confidentiality within a limited set of people
• Provide authentication over data• Undeniable digital signatures• Data ownership certification
• Estabilish a secure digital communication channel over an unsecure physical channel
• PGP became a de facto standard for email communication because it addressed email protocols limits
• Its author, Phil Zimmerman, is a cyber security scientist and an human rights activist.
Authentication with PGP1. Hash of target is calculated2. Hash is encrypted with writer’s private key3. Encrypted hash is tailored to the target
-----BEGIN PGP SIGNED MESSAGE-----Hash: [used hash algorithm]
TARGET CONTENT-----BEGIN PGP SIGNATURE-----Version: [signature software version]
TARGET CONTENT ENCRYPTED HASH-----END PGP SIGNATURE-----
4. Readers can decrypt hash with writer’s public key and then match it with their own calculated hash
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
No Regrets About Developing PGP The Friday September 21st Washington Post carried an article by Ariana Cha that I feel misrepresents my views on the role of PGP encryption software in the September 11th terrorist attacks. She interviewed me on Monday September 17th, and we talked about how I felt about the possibility that the terrorists might have used PGP in planning their attack. The article states that as the inventor of PGP, I was "overwhelmed with feelings of guilt". I never implied that in the interview, and specifically went out of my way to
[…]
- Philip Zimmermann 24 September 2001(This letter may be widely circulated)
-----BEGIN PGP SIGNATURE-----Version: PGP 7.0.3 iQA/AwUBO69LAsdGNjmy13leEQIDcgCg4bJ1T4rhvd3qTGximJ9YYw1ErmYAnjjy V0jxraVXJPDdeVCqt7EZSWZn =7vuw -----END PGP SIGNATURE-----
Confidentiality with PGP1. Target is encrypted with random session key2. Session key is encrypted with readers’ public key
Note: a key can be encrypted more than one time, producinga set of encrypted values referred to the same key.
3. Encrypted target and encrypted session key[s] are joint together-----BEGIN PGP MESSAGE-----Charset: [used charset encoding]Version: [encryption software version]
TARGET CONTENT-----END PGP MESSAGE-----
4. Readers can decrypt session key with their private key and then use it to decrypt the target
-----BEGIN PGP MESSAGE----- Charset: utf-8Version: GnuPG v2
hQEMA1e5z5QZk2BfAQf+KY/xL8hYrzTY4B2WnHXrxPl7X0ASl3PbQNwnJWUBQ1vC/jFjNzuzIwVAU3lEpNHqr00Lw6CHCwbklttiHat++8J/2CxD/S0jhhgTo+oOuqrdHuse6agG3hqCRq1Oa2JlYQqvDBfzWvdVC6gt24sAwnPL97QZ5A2hHfAYzV66KkcTqG75beAMoM7XtrcgPGBWkgcgZ1hOf8MAT42BQ5+GEaQ1mi3y3k0UdXNLtXO+GCoRyLOtqSlmI6AzQ+HGwDDDUZp7yonohUnPcUXu+mkIug/gcRWRwIlSJ9HkwcJZ5QlYJg7UvOhU9UwmwPqNqdMHUCHeHABtKobkkECvPY4NSIUBDAMOFqxuoKQ1pwEIAL7Yd7/BJ4yi2C/2tIoQzXXMwZctDHbtT2c1N9Ni9G41nxkQEt5yYRJjYBdm6e4ICRUiGRTourQMvhEObaUwaBJDT8dkdpZSDKiawirwaa6s1mj/JoO1B60CdzxD5bk/W9C6XN1NVmHt+PlJRZoCxbRpSv4rWctERIlDXsP/BE0VbfL7T6QifR2umzHRkswkkXHuYL9Z0Id6xOw/XF3Payz+bxxTwFy2+jlEHwLs/nW7YfL5/turZG2edo9xfPozF9+1d/Ha5G9WoGsnxEun75YsS+C283a0jzzlMf2nCH+REMhKNtqxzLQFaLsHKHVJCSqROJ2fqjuaDlk9uXRDH8bSwLwBYKuiKZhOGWw0XuffKinkTMBjO93MigJdphpGTC7ZXn2sDbGVrj3h1eDjAGzGzzbD6Z5+AR6v4Jf1NXrzdZ9DRegedic/Fndd3kQxnQZm5ZHPE/hpjXC62MG/ypjWZUOmvWWzYx/J+go1jOr01qeDhqJtLAAngjAJQk6Gwm3xApDdBgHFVoUeFmSViRUDCXhxQ1nO2+6DwoS0gstYrTvFVIXFtfam+qwwZVAa/B2oLI8GzwQvgE2cbuAgLVy/Tx6xZQnSs7Cey/AZfG5QBbajxwXNWKQIAQeA54+gB5GCpMFANZap99NvUnqThpHy4uDkZ/hV43b+ZseOIr9eJwQ46KjGBKS7HKT3O1rQvtbnmxkg0Tf1mah8KtQ7TQN/aGoOtlGFi4TajgBABWYktZJOFqtf7Us4h90KdXy272YKWgCdwuY9SzPdgPxzNMOAickNcZXcpaRD/Nja8W9suJivK4q5JSh5K3b7nYWSOorYiMVyOs8oJWgPOcTx2w===SlpZ-----END PGP MESSAGE-----
Authentication and confidentialityA signed target can further be encrypted to get both authentication and confidentiality over an unsecure channel:
Enforcing email protocolsPGP solves several email protocols problems:
Email without PGP Email with PGP
Confidentiality
Authentication
Data Integrity
Metadata confidentiality
PGP Keys ManagementEach PGP user can create its own keypair, i.e. a public key and its correspondent RSA private key.Private keys are meant to be known only to the user who creates the keypair and are protected by a passphrase.Public keys can be shared with others using a channel of preference• Word of mouth• Key signing party• Key servers
PHIL ZIMMERMANN PUBLIC KEYS
Current DSS/Diffie-Hellman Key:Key fingerprint:055F C78F 1121 9349 2C4F 37AF C746 3639 B2D7 795E Older DSS/Diffie-Hellman Key:Key fingerprint:17AF BAAF 2106 4E51 3F03 7E6E 63CB 691D FAEB D5FC Ancient RSA Key:Key fingerprint:9E94 4513 3983 5F70 7BE7 D8ED C4BE 5AA6
PGP KeyringsAs for the PGP standard, RSA keys are stored in keyrings.Each user has:• A public keyring, with its own public
keys and public keys of users who knows, used to verify signatures and to encrypt data.
• A private keyring, with its own private keys, used to sign and to decrypt data.
PGP and the Web of TrustEach PGP user can sign other users’ public keys, certifying publicly that they are really associated to their identities.To each public key owner can be associated a level of trust, i.e. an indicator about how must the user is trustworthy in the activity of giving trust to third users.Levels of trust network forms a Web of Trust (WoT), a connected graph (according to the Small World Effect) which give peer users the ability to gain digital trustworthiness depending on other users’ trust in real world.
PGP and mailing lists securityWhen it comes to mailing lists, PGP model does not deal with it in a direct mode, since it was designed for one-to-one communications.In a mailing list, there are multiple communication partners. Supposing all of them are using PGP, there are still problems:• How to encrypt mailing list content in such a way that:
• All mailing list’s members can read it• All mailing list’s members can post without loosing confidentiality• All other users which are not members of the mailing list in no way can
access the content• Mailing lists member can prove their membership to mailing list and their
personal identity to other members
Let’s use Google Groups mailing list service to inspect the problem.
PGP and Google GroupsSuppose a Google Group has been created and all authorized people have been joined it. Despite they trust that Google won’t reveal mailing list content to third parties, users decide they don’t want to let even Google servers access their communication content.Group members should first using the group itself to communicate each other their public keys (note that Google won’t reveal automatically other members’ email). There are two possible PGP solutions:• SOLUTION 1: Since everyone know other people’s public key, each
message can be encrypted with PGP using all public keys of group members and can be signed with own private key. Each member can decrypt with its own private key.
• SOLUTION 2: A group leader should create a new keypair for the Google Group email and distribute it to all the members encrypting it with their public keys. Since everyone share a keypair, they can encrypt their posts with group’s public key, signing them with own private key, and decrypting them with group’s private key locally.
PGP and Google GroupsSOLUTION 1: Since everyone knows other people public key, each message can be encrypted with PGP using all public keys of group members and can be signed with own private key. Each member can decrypt with its own private key.• PROS: No need for a group leader and further keypairs. If an user leaves the group, it
suffices to not encrypt anymore with its public key. If an user join the group, it suffices to add its public key to encryption phase.
• CONS: Higher complexity for group members to maintain manually a set of allowed public keys. New users can’t access mailing list’s history unless someone would encrypt for him old content.
SOLUTION 2: A group leader should create a new keypair for the Google Group email and distribute it to all the members encrypting it with their public keys. Since everyone share a keypair, they can encrypt their posts with group’s public key, signing them with own private key, and decrypting them with group’s private key locally.• PROS: Limited complexity for group members. New users have full access to mailing list
access. Stronger signatures on messages (both own private key and group private key).• CONS: Need for a group leader. Exiting users can continue decrypting messages, unless
group leader changes group keypair.
PGP and Google GroupsLet’s inspect deeply the second solution with an example:
GnuPGMost widely used open source solution for PGP usage is the multiplatform software GnuPG.It can generate keypairs, manage them in keyrings and transfer a copy to known key servers for other users to pull them. Once in the keyring, keys can be used for encryption, decryption, signature, signature validation and combination of them.It also offers a keyring manager which allow to set for each key a level of trust among: unknown, never, marginal, full and ultimate.
Mail User Agents compatibilitySeveral Mail User Agents can access PGP functionalities using third-parties components.Since they need, by design, to collect the history of sent emails, usually they encrypt emails with both receivers public key and public key of sender itself. This way the sender can access his mailbox later being able to decrypt what he wrote.Most plugins interact also with desktop installations of OpenPGP software such as GnuPG to automatically import keyrings.
Mozilla Thunderbird & EnigmailMozilla Thunderbird mail client can work in conjunction with addon Enigmail to use PGP. It is interfaced with GnuPG for keyrings management.
Gmail & MailvelopeGmail email client can work in conjunction with browser extension Mailvelope to use PGP. It allow import of keys to build a copy of the keyrings for extension usage.
PGP implementationsPGP is today a proprietary integrated software. An open version of PGP is OpenPGP, correspondent to standard RFC4880Several implementation exists, as full encryption software programs, mobile applications, software/language modules, or browser extension for email clients.PGP is used in a wide variety of security applications, including email exchange, chat, phone calls, files, directories and whole hard disks.