sign in sign up
<<
Home , Pretty Good Privacy

PRETTY GOOD (PGP)

Cryptographic Management 14/05/2018 Anirudh Parappil Menon Student Id: 611800390

https://www.digital-saint-malo.com/wp-content/uploads/2015/04/pgp_logo.jpg Table of Contents

■ Introduction ■ PGP Advantages and Growth factors ■ PGP Operations ■ PGP Trust Model ■ GNUPG Tool ■ PGP Issues ■ Possible Solutions ■ Conclusion ■ References Introduction

■ In current scenario, do you think your are secure? – No end to end

■ Do you feel someone is reading your emails? – NSA

■ Do you know who is the well known person used PGP? – Edward snowden

https://themerkle.com/hacker-collective-anonymous-plans-large-scale-attack-against-israel/ Introduction

■ Pretty good Privacy: PGP was developed by Phil Zimmerman in 1991. After several years later PGP is owned by Symantec Crops.

■ OpenPGP: In 1997 Zimmerman worked on an open source version of PGP encryption that employed that had no licensing issues and which was accepted by IETF.

■ GNUPG or GPG: GnuPGP was developed by and released in 1999 and is available as a free download. It is based on the OpenPGP standards established by the IETF so that it would be interoperable with Symantec's PGP tools as well as OpenPGP standards. PGP Advantages and Growth Factors

■ Available free worldwide – It is freely available worldwide in versions that run on variety of platforms. In addition commercial versions provides vendor support.

■ Uses best available cryptograhic algorithms – The package includes RSA, DSS, and Diffie-Hellman for public key encryption, CAST-128, IDEA, and 3DES for symmetric encryption, and SHA-1 for hash coding.

■ Wide range of Applicability – It has a wide range of applicability, encrypting contents to individuals who wish to communicate securely with others worldwide over the .

■ Not developed or controlled by government or standard organization. PGP Operations

Authentication

■ The service provided by PGP.

Cryptography and Network Security, William Stallings PGP Operations Confidentiality

■ PGP another service is confidentiality, which is encrypting for transmitting or to store files locally.

■ In PGP, each symmetric key is used only once. The session key is bound to the message. To protect the key, it is encrypted with the receiver’s public key.

Cryptography and Network Security, William Stallings PGP Operations Confidentiality and

Cryptography and Network Security, William Stallings PGP Operations

Compression ■ PGP compresses the message after applying the signature but before encryption. This has the benefit of saving space for e-mail transmission.

■ Z for compression and Z-1 for decompression

Email Compatibility ■ PGP provides the service of converting the binary stream to a stream of printable ASCII characters.

■ The scheme used for this purpose is radix-64 conversion. Each group of three octets of binary data is mapped into four ASCII characters. PGP Operations

Segmentation ■ E-mail facilities often are restricted to a maximum length. To accommodate this, PGP automatically subdivides a message that is too large into segments that are small enough to send via e-mail. PGP Trust Model

Cryptography and Network Security, William Stallings PGP Trust Model

■ The node labelled “You” refers to the entry in the public-key ring corresponding to this user. This key is legitimate, and the OWNERTRUST value is ultimate trust.

■ Each other node in the key ring has an OWNERTRUST value of undefined unless some other value is assigned by the user.

■ In this example, this user has specified that it always trusts the following users to sign other keys, they are D, E, F, L. This user partially trusts users A and B to sign other keys.

■ So the shading, of the nodes in Figure indicates the level of trust assigned by this user. The tree structure indicates which keys have been signed by which other users.

■ If a key is signed by a user whose key is also in this key ring, the arrow joins the signed key to the signatory.

■ If a key is signed by a user whose key is not present in this key ring, the arrow joins the signed key to a question mark, indicating that the signatory is unknown to this user. GNUPG TOOL GNUPG TOOL ■ Generating and Publishing a key

https://georgebrock.github.io/talks/pretty-good-introduction/ GNUPG TOOL

https://georgebrock.github.io/talks/pretty-good-introduction/ GNUPG TOOL ■ Finding and signing a key

https://georgebrock.github.io/talks/pretty-good-introduction/ GUI GNUPG Online PGP (URL:https://www.igolder.com/pgp/encryption/) PGP Issues ■ PGP using end to end encryption – End users may receive spam mails.

■ PGP Trust model issues – User need to find chain of introducers. – Suppose user X is compromised by adversary, other users who trust X would be in risk.

■ Two pair (sender - receiver) both ends should be agreed with using .

■ All configurations in PGP are done manually – Creating revoke certificate – Adding new user’s public key – verifying fingerprint. Possible Solutions

■ End users need to use Antispam soft-wares or filters

■ Communication can be made via reliable CA or trusted third party – Google, yahoo Conclusion

■ Most of the people are not aware about PGP.

■ Some users/Organizations feels very difficult to use PGP. – Due to manual configurations.

■ Some issues need to be addressed in PGP to make it perfect one.

■ Depends upon your usage of email. – If you(or organization) needs a , I suggest to use PGP. References

■ Stallings, W. Cryptography and network security (5th ed.).

■ A pretty good introduction to PGP. Retrieved from https://georgebrock.github.io/talks/pretty-good-introduction/

■ OpenPGP, PGP and GPG: What is the difference?. Retrieved from https://www.goanywhere.com/blog/2013/07/18/openpgp-pgp-gpg-difference

■ PGP Encryption Tool - iGolder. Retrieved from https://www.igolder.com/pgp/encryption/

■ Email Encryption. (2018). Retrieved from https://www.openpgp.org/software/

■ The GNU Privacy Handbook. (2018). Retrieved from https://www.gnupg.org/gph/en/manual.html Thankyou Questions?