DOCSLIB.ORG

PGP Command Line User Guide

Total Page:16

File Type:pdf, Size:1020Kb

Download full-text PDF Read full-text
PGP Command Line User Guide PGP Command Line User Guide Last updated: July 2020 Copyright statement Broadcom, the pulse logo, Connecting everything, and Symantec are among the trademarks of Broadcom. Copyright © 2020 Broadcom. All Rights Reserved. The term “Broadcom” refers to Broadcom Inc. and/or its subsidiaries. For more information, please visit www.broadcom.com. Broadcom reserves the right to make changes without further notice to any products or data herein to improve reliability, function, or design. Information furnished by Broadcom is believed to be accurate and reliable. However, Broadcom does not assume any liability arising out of the application or use of this information, nor the application or use of any product or circuit described herein, neither does it convey any license under its patent rights nor the rights of others. Contents About PGP Command Line 1 Important Concepts 1 Technical Support 2 Installing 5 Install Location 5 Installing on AIX 6 Installing on AIX 6 Changing the Home Directory on AIX 7 Uninstalling on AIX 7 Installing on HP-UX 8 Installing on HP-UX 8 Changing the Home Directory on HP-UX 9 Installing to a Non-Default Directory on HP-UX 9 Uninstalling on HP-UX 9 Installing on macOS 10 Installing on macOS 10 Changing the Home Directory on macOS 10 Uninstalling on macOS 11 Installing on Red Hat Enterprise Linux, SLES, or Fedora Core 11 Installing on Red Hat Enterprise Linux or Fedora Core 11 Changing the Home Directory on Linux or Fedora Core 12 Uninstalling on Linux or Fedora Core 12 Installing on Oracle Solaris 13 Installing on Oracle Solaris 13 Changing the Home Directory on Oracle Solaris 14 Uninstalling on Oracle Solaris 14 Installing on Windows 15 PGP Command Line for Windows and Symantec Encryption Desktop on the Same System 15 To Install on Windows 15 Changing the Home Directory on Windows 15 Uninstalling on Windows 16 Upgrading 16 Relocating 17 Licensing 19 Overview 19 Using a License Number 20 Using a License Authorization 20 Re-Licensing 20 ii Contents The Command-Line Interface 23 Overview 23 Flags and Arguments 24 Flags 25 Arguments 25 Configuration File 28 Keyserver Configuration File Settings 32 Environment Variables 33 Standard Input, Output, and Error 34 Redirecting an Existing File 34 Entering Data 34 Specifying a Key 35 'Secure' Options 36 First Steps 37 Overview 37 Creating Your Keypair 38 Protecting Your Private Key 40 Distributing Your Public Key 40 Posting Your Public Key to a Keyserver 41 Exporting Your Public Key to a Text File 41 Getting the Public Keys of Others 42 Finding a Public Key on a Keyserver 42 Importing a Public Key from a Keyserver 43 Verifying Keys 44 Cryptographic Operations 47 Overview 47 Commands 48 --armor (-a) 48 --clearsign 49 --decrypt 51 --detached (-b) 53 --dump-packets, --list-packets 54 --encrypt (-e) 55 --export-session-key 58 --list-sda 59 --list-archive 59 --sign (-s) 60 --symmetric (-c) 62 --verify 63 Key Listings 65 Overview 65 Commands 65 --fingerprint 66 --fingerprint-details 66 Contents iii --list-key-details 68 --list-keys (-l) 69 --list-keys-xml 70 --list-sig-details 70 --list-sigs 71 --list-userids 71 Working with Keyservers 73 Overview 73 Commands 74 --keyserver-disable 74 --keyserver-recv 74 --keyserver-remove 75 --keyserver-search 76 --keyserver-send 77 --keyserver-update 78 Managing Keys 79 Overview 81 Commands 81 --add-adk 81 --add-photoid 82 --add-preferred-cipher 82 --add-preferred-compression-algorithm 83 --add-preferred-email-encoding 83 --add-preferred-hash 84 --add-revoker 84 --add-userid 85 --cache-passphrase 85 --change-passphrase 86 --clear-key-flag 87 --disable 87 --enable 88 --export, --export-key-pair 88 --export-photoid 90 --gen-key 91 --gen-revocation 93 --gen-subkey 94 --get-email-encoding 94 --import 95 --join-key 96 --join-key-cache-only 99 --key-recon-send 100 --key-recon-recv-questions 101 --key-recon-recv 102 --remove 103 --remove-adk 103 --remove-all-adks 104 --remove-all-photoids 104 --remove-all-revokers 104 --remove-expiration-date 105 iv Contents --remove-key-pair 105 --remove-photoid 106 --remove-preferred-cipher 106 --remove-preferred-compression-algorithm 106 --remove-preferred-email-encoding 107 --remove-preferred-hash 107 --remove-preferred-keyserver 108 --remove-revoker 108 --remove-sig 109 --remove-subkey 109 --remove-userid 110 --revoke 110 --revoke-sig 111 --revoke-subkey 111 --send-shares 112 --set-expiration-date 112 --set-key-flag 113 --set-preferred-ciphers 113 --set-preferred-compression-algorithms 114 --set-preferred-email-encodings 114 --set-preferred-hashes 115 --set-preferred-keyserver 115 --set-primary-userid 116 --set-trust 116 --sign-key 117 --sign-userid 118 --split-key 119 Working with Email 123 Overview 123 Encrypt Email 124 Sign Email 125 Decrypt Email 126 Verify Email 126 Annotate Email 126 Working with a PGP Key Management Server 129 Overview 130 New Terms and Concepts 130 Relationship with a PGP KMS 131 Authentication for PGP KMS Operations 131 --decrypt 133 --encrypt (-e) 133 --create-mak 134 --export-mak 134 --export-mak-pair 135 Export Format 136 --import-mak 137 --request-cert 138 --edit-mak 138 --search-mak 139 Contents v --delete-mak 140 --create-mek-series 141 --edit-mek-series 141 --search-mek-series 142 --delete-mek-series 143 --create-mek 144 --import-mek 144 --export-mek 145 --edit-mek 145 --search-mek 146 --create-msd 147 --export-msd 148 --edit-msd 148 --search-msd 149 --delete-msd 150 --create-consumer 151 --search-consumer 151 --check-certificate-validity 152 Miscellaneous Commands 155 Overview 155 Commands 156 --agent 156 --create-keyrings 156 --help (-h) 157 --license-authorize 157 --purge-all-caches 157 --purge-keyring-cache 157 --purge-passphrase-cache 158 --speed-test 158 --version 158 --wipe 159 --check-sigs 159 --check-userids 160 Options 161 Using Options 161 Boolean Options 162 --alternate-format 162 --annotate 162 --archive 162 --banner 163 --biometric 164 --buffered-stdio 164 --compress, --compression 164 --details 165 --email 165 --encrypt-to-self 165 --eyes-only 166 --fast-key-gen 166 --fips-mode, --fips 166 vi Contents --force (-f) 167 --halt-on-error 167 --import-certificates 167 --keyring-cache 167 --large-keyrings 168 --marginal-as-valid 168 --master-key 168 --pass-through 168 --passphrase-cache 168 --photo 169 --quiet (-q) 169 --recursive 169 --reverse-sort, --reverse 169 --sda 169 --skep 170 --text-mode, --text (-t) 170 --truncate-passphrase 171 --verbose (-v) 171 --warn-adk 171 --wrapper-key 171 --xml 171 Integer Options 172 --3des 173 --aes128, --aes192, --aes256 173 --bits, --encryption-bits 173 --blowfish 174 --bzip2 174 --cast5 174 --creation-days 175 --expiration-days 175 --idea 175 --index 176 --keyring-cache-timeout 176 --keyserver-timeout 176 --md5 177 --passphrase-cache-timeout 177 --partitioned 177 --pgp-mime 178 --ripemd160 178 --sha, --sha256, --sha384, --sha512 179 --signing-bits 180 --skep-timeout 180 --threshold 180 --trust-depth 180 --twofish 181 --wipe-input-passes 181 --wipe-overwrite-passes 181 --wipe-passes 181 --wipe-temp-passes 182 --zip 182 --zlib 182 Enumeration Options 182 --auto-import-keys 182 --cipher 183 Contents vii --compression-algorithm 184 --compression-level 184 --email-encoding 185 --enforce-adk 185 --export-format 185 --hash 186 --import-format 187 --input-cleanup 187 --key-flag 188 --key-type 188 --manual-import-key-pairs 189 --manual-import-keys 189 --overwrite 189 --sig-type 190 --sort-order, --sort 190 --tar-cache-cleanup 190 --target-platform 191 --temp-cleanup 191 --trust 192 String Options 192 --auth-key 192 --auth-passphrase 192 --auth-username 192 --basic-constraint 193 --city, --common-name, --contact-email, --country 193 --comment 193 --creation-date 193 --default-key 194 --expiration-date 194 --export-passphrase 194 --extended-key-usage 195 --home-dir 195 --key-usage 195 --local-user (-u), --user 195 --license-number 196 --new-passphrase 196 --organization, --organizational-unit 196 --output (-o) 196 --output-file 197 --passphrase 197 --preferred-keyserver 197 --private-keyring 198 --proxy-passphrase, --proxy-server, --proxy-username 198 --public-keyring 199 --recon-server 199 --regular-expression 199 --random-seed 200 --root-path 200 --share-server 200 --state 200 --status-file 201 --subject-alternative-name 201 --symmetric-passphrase 201 --temp-dir 202 viii Contents List Options 202 --additional-recipient 202 --adk 202 --input (-i) 203 --question / --answer 203 --keyserver 203 --recipient (-r) 204 --revoker 204 --share 205 File Descriptors 206 --auth-passphrase-fd, auth-passphrase-fd8 206 --export-passphrase-fd, --export-passphrase-fd8 206 --new-passphrase-fd, --new-passphrase-fd8 206 --passphrase-fd 207 --proxy-passphrase-fd, --proxy-passphrase-fd8 207 --symmetric-passphrase-fd, --symmetric-passphrase-fd8 207 Lists 209 Basic Key List 209 The Default Key Column 210 The Algorithm Column 210 The Type Column 211 The Size/Type Column 211 The Flags Column 212 The Key ID Column 213 The User ID Column 213 Detailed Key List 214 Main Key Details 215 Subkey Details 221 ADK Details 223 Revoker Details 224 Key List in XML Format 224 Elements with fixed settings 228 X.509 Signatures 230 Detailed Signature List 231 Usage Scenarios 237 Secure Off-Site Backup 237 PGP Command Line and Symantec Encryption Desktop 237 Compression Saves Money 238 Surpasses Legal Requirements 239 Searching for Data on a PGP KMS 241 Overview 241 Operators 242 Types 242 Keyword Listing 242 Example Searches 244 For Linux and Mac OSX 244 Contents ix For Windows 244 More About Types 245 Time Fields 245 Boolean Values 245 Open PGP Algorithms 246 Open PGP Key
Load more

Recommended publications
  • MASTERCLASS GNUPG MASTERCLASS You Wouldn’T Want Other People Opening Your Letters and BEN EVERARD Your Data Is No Different
    MASTERCLASS GNUPG MASTERCLASS You wouldn’t want other people opening your letters and BEN EVERARD your data is no different. Encrypt it today! SECURE EMAIL WITH GNUPG AND ENIGMAIL Send encrypted emails from your favourite email client. our typical email is about as secure as a The first thing that you need to do is create a key to JOHN LANE postcard, which is good news if you’re a represent your identity in the OpenPGP world. You’d Ygovernment agency. But you wouldn’t use a typically create one key per identity that you have. postcard for most things sent in the post; you’d use a Most people would have one identity, being sealed envelope. Email is no different; you just need themselves as a person. However, some may find an envelope – and it’s called “Encryption”. having separate personal and professional identities Since the early 1990s, the main way to encrypt useful. It’s a personal choice, but starting with a single email has been PGP, which stands for “Pretty Good key will help while you’re learning. Privacy”. It’s a protocol for the secure encryption of Launch Seahorse and click on the large plus-sign email that has since evolved into an open standard icon that’s just below the menu. Select ‘PGP Key’ and called OpenPGP. work your way through the screens that follow to supply your name and email address and then My lovely horse generate the key. The GNU Privacy Guard (GnuPG), is a free, GPL-licensed You can, optionally, use the Advanced Key Options implementation of the OpenPGP standard (there are to add a comment that can help others identify your other implementations, both free and commercial – key and to select the cipher, its strength and set when the PGP name now refers to a commercial product the key should expire.
    [Show full text]
  • Wiretapping End-To-End Encrypted Voip Calls Real-World Attacks on ZRTP
    Institute of Operating Systems and Computer Networks Wiretapping End-to-End Encrypted VoIP Calls Real-World Attacks on ZRTP Dominik Schürmann, Fabian Kabus, Gregor Hildermeier, Lars Wolf, 2017-07-18 wiretapping difficulty End-to-End Encryption SIP + DTLS-SRTP (SIP + Datagram Transport Layer Security-SRTP) End-to-End Encryption & Authentication SIP + SRTP + ZRTP Introduction Man-in-the-Middle ZRTP Attacks Conclusion End-to-End Security for Voice Calls Institute of Operating Systems and Computer Networks No End-to-End Security PSTN (Public Switched Telephone Network) SIP + (S)RTP (Session Initiation Protocol + Secure Real-Time Transport Protocol) 2017-07-18 Dominik Schürmann Wiretapping End-to-End Encrypted VoIP Calls Page 2 of 13 wiretapping difficulty End-to-End Encryption & Authentication SIP + SRTP + ZRTP Introduction Man-in-the-Middle ZRTP Attacks Conclusion End-to-End Security for Voice Calls Institute of Operating Systems and Computer Networks No End-to-End Security PSTN (Public Switched Telephone Network) SIP + (S)RTP (Session Initiation Protocol + Secure Real-Time Transport Protocol) End-to-End Encryption SIP + DTLS-SRTP (SIP + Datagram Transport Layer Security-SRTP) 2017-07-18 Dominik Schürmann Wiretapping End-to-End Encrypted VoIP Calls Page 2 of 13 wiretapping difficulty Introduction Man-in-the-Middle ZRTP Attacks Conclusion End-to-End Security for Voice Calls Institute of Operating Systems and Computer Networks No End-to-End Security PSTN (Public Switched Telephone Network) SIP + (S)RTP (Session Initiation Protocol + Secure Real-Time
    [Show full text]
  • Encryption Procedure
    Encrypting Software for Transmission to NIST 1. Scope NIST requires that all software submitted by the participants be signed and encrypted. Signing is done with the participant’s private key, and encrypting is done with the NIST project public key, which is published at http://www.nist.gov/itl/iad/ig/encrypt.cfm. NIST will validate all submitted materials using the participant’s public key, and the authenticity of that key will be verified using the key fingerprint. This fingerprint must be submitted to NIST as part of the signed participant agreement. By encrypting the submissions, we ensure privacy; by signing the submission, we ensure authenticity (the software actually belongs to the submitter). NIST will not take ownership of any submissions that are not signed and encrypted. All cryptographic operations (signing and encrypting) shall be performed with software that implements the OpenPGP standard, as described in Internet RFC 4880. The freely available Gnu Privacy Guard (GPG) software, available at www.gnupg.org, is one such implementation. 2. Submission of software to NIST NIST requires that all software submitted by the participants be signed and encrypted. Two keys pairs are needed: • Signing is done with the software provider's private key, and • Encryption is done with the NIST project public key, which is available at http://www.nist.gov/itl/iad/ig/encrypt.cfm 2.1. Project Specific Parameters The values for the project specific parameters (ProjectName, ProjectPublicKey, and ProjectEmail) mentioned in this document are found at http://www.nist.gov/itl/iad/ig/encrypt.cfm 1 2.2. Creating participant cryptographic key pair The steps below show how to create a public/private key pair and fingerprint using the GPG software.
    [Show full text]
  • CS 255: Intro to Cryptography 1 Introduction 2 End-To-End
    Programming Assignment 2 Winter 2021 CS 255: Intro to Cryptography Prof. Dan Boneh Due Monday, March 1st, 11:59pm 1 Introduction In this assignment, you are tasked with implementing a secure and efficient end-to-end encrypted chat client using the Double Ratchet Algorithm, a popular session setup protocol that powers real- world chat systems such as Signal and WhatsApp. As an additional challenge, assume you live in a country with government surveillance. Thereby, all messages sent are required to include the session key encrypted with a fixed public key issued by the government. In your implementation, you will make use of various cryptographic primitives we have discussed in class—notably, key exchange, public key encryption, digital signatures, and authenticated encryption. Because it is ill-advised to implement your own primitives in cryptography, you should use an established library: in this case, the Stanford Javascript Crypto Library (SJCL). We will provide starter code that contains a basic template, which you will be able to fill in to satisfy the functionality and security properties described below. 2 End-to-end Encrypted Chat Client 2.1 Implementation Details Your chat client will use the Double Ratchet Algorithm to provide end-to-end encrypted commu- nications with other clients. To evaluate your messaging client, we will check that two or more instances of your implementation it can communicate with each other properly. We feel that it is best to understand the Double Ratchet Algorithm straight from the source, so we ask that you read Sections 1, 2, and 3 of Signal’s published specification here: https://signal.
    [Show full text]
  • FALL 2020 E-NEWSLETTER at Digital Mountain We Assist Our Clients with Their Computer Forensics, E-Discovery, Cybersecurity and Data Analytics Needs
    FALL 2020 E-NEWSLETTER At Digital Mountain we assist our clients with their computer forensics, e-discovery, cybersecurity and data analytics needs. For this E-Newsletter, we focus on ephemeral communications and the affect of disappearing messages on discovery cases. Ephemeral Applications: Digital Trick or Treat The trick in trick or treating is one that has evolved from the neighbor who dons a monster mask when opening the door to the disappearance of peanut butter cups when Dad does the safety check of the night’s candy haul. Our digital communications have gone through an analogous transformation as we first marveled at how much data our devices could hold. Just as we upgraded from a small plastic pumpkin to a pillowcase for larger candy collections - we saved a growing plethora of emails, text messages, digital images, voice messages, and all manner of documents on mobile devices. Now, with the rise of discovery, we want our vulnerable data to disappear as if it were our least favorite candy. Ephemeral applications may be just the trick for that unwanted data. Call It What You Will There is no consensus about what constitutes an ephemeral application beyond the understanding that there is an element of impermanence. In 2016, three Georgia Tech College of Computing researchers proposed the creation of “ephemeral apps” that would allow users to engage with apps on a trial basis that would “pop-up instantaneously” on devices and then disappear after a certain period (https://www.cc.gatech.edu/~kbhardwa/papers/eapps.pdf). At the opposite end of the spectrum, in 2017 fan favorite Snapchat modified its app to allow recipients to determine when photographs and video would disappear rather than the burn after reading settings that propelled Snapchat’s rapid rise (https://www.vox.com/2017/5/9/15595040/snapchat-product-update-limitless-q1-earnings).
    [Show full text]
  • IB Case Study Vocabulary a Local Economy Driven by Blockchain (2020) Websites
    IB Case Study Vocabulary A local economy driven by blockchain (2020) Websites Merkle Tree: https://blockonomi.com/merkle-tree/ Blockchain: https://unwttng.com/what-is-a-blockchain Mining: https://www.buybitcoinworldwide.com/mining/ Attacks on Cryptocurrencies: https://blockgeeks.com/guides/hypothetical-attacks-on-cryptocurrencies/ Bitcoin Transaction Life Cycle: https://ducmanhphan.github.io/2018-12-18-Transaction-pool-in- blockchain/#transaction-pool 51 % attack - a potential attack on a blockchain network, where a single entity or organization can control the majority of the hash rate, potentially causing a network disruption. In such a scenario, the attacker would have enough mining power to intentionally exclude or modify the ordering of transactions. Block - records, which together form a blockchain. ... Blocks hold all the records of valid cryptocurrency transactions. They are hashed and encoded into a hash tree or Merkle tree. In the world of cryptocurrencies, blocks are like ledger pages while the whole record-keeping book is the blockchain. A block is a file that stores unalterable data related to the network. Blockchain - a data structure that holds transactional records and while ensuring security, transparency, and decentralization. You can also think of it as a chain or records stored in the forms of blocks which are controlled by no single authority. Block header – main way of identifying a block in a blockchain is via its block header hash. The block hash is responsible for block identification within a blockchain. In short, each block on the blockchain is identified by its block header hash. Each block is uniquely identified by a hash number that is obtained by double hashing the block header with the SHA256 algorithm.
    [Show full text]
  • Pgpfone Pretty Good Privacy Phone Owner’S Manual Version 1.0 Beta 7 -- 8 July 1996
    Phil’s Pretty Good Software Presents... PGPfone Pretty Good Privacy Phone Owner’s Manual Version 1.0 beta 7 -- 8 July 1996 Philip R. Zimmermann PGPfone Owner’s Manual PGPfone Owner’s Manual is written by Philip R. Zimmermann, and is (c) Copyright 1995-1996 Pretty Good Privacy Inc. All rights reserved. Pretty Good Privacy™, PGP®, Pretty Good Privacy Phone™, and PGPfone™ are all trademarks of Pretty Good Privacy Inc. Export of this software may be restricted by the U.S. government. PGPfone software is (c) Copyright 1995-1996 Pretty Good Privacy Inc. All rights reserved. Phil’s Pretty Good engineering team: PGPfone for the Apple Macintosh and Windows written mainly by Will Price. Phil Zimmermann: Overall application design, cryptographic and key management protocols, call setup negotiation, and, of course, the manual. Will Price: Overall application design. He persuaded the rest of the team to abandon the original DOS command-line approach and designed a multithreaded event-driven GUI architecture. Also greatly improved call setup protocols. Chris Hall: Did early work on call setup protocols and cryptographic and key management protocols, and did the first port to Windows. Colin Plumb: Cryptographic and key management protocols, call setup negotiation, and the fast multiprecision integer math package. Jeff Sorensen: Speech compression. Will Kinney: Optimization of GSM speech compression code. Kelly MacInnis: Early debugging of the Win95 version. Patrick Juola: Computational linguistic research for biometric word list. -2- PGPfone Owner’s
    [Show full text]
  • Internet Telephony with Linphone WELLWELL CONNECTEDCONNECTED
    Linphone COVER STORY Internet telephony with Linphone WELLWELL CONNECTEDCONNECTED When you want to call your friends in distant countries, don’t pick up municate with the VoIP provider, so you will need to install the library first. To do the phone; just put on your headset and fire up Linphone. so, open a terminal window, then be- come root by typing su and supplying BY SIMONE SCHÄFER the root password. Unpack the archive by typing tar xzf libosip2-2.2.0.tar.gz, ne of the most popular methods wants to take incoming calls via Purtel. and then change to the new directory (cd for accessing Voice over IP tech- The procedures are similar for other pro- libosip2-2.2.0). The following commands Onology is through a so-called viders. will build and install the library: softphone. A softphone is simply a com- puter program running on your desktop Installation ./configure --prefix=/usr that handles call establishment and com- The source code for the 1.1.0 release, make munication. Linphone [1] is one of the and the libraries, are available on the most popular softphone applications for DVD with this issue below LinuxUser/ Phone Numbers and SIP Ids Linux. Linphone is optimized for the linphone/. In the simplest of all cases, the phone Gnome desktop, although that doesn’t Mandriva Linux 2006 has the current number will be a simple telephone num- mean you can’t run it on KDE. This arti- 1.1.0 version. Gentoo Linux users can ber followed by the SIP domain, such as cles describes how to install, configure, install Linphone 1.1.0 simply by running [email protected].
    [Show full text]
  • Adding Public Key Security to SSH
    Adding Public Key Security to SSH A Thesis Submitted to the Faculty in partial fulfillment of the requirements for the degree of Master of Science in Computer Science by Yasir Ali DARTMOUTH COLLEGE Hanover, New Hampshire Feb, 20th, 2003 Examining Committee: ____________________________ Sean Smith (chair) ____________________________ Edward Feustel ____________________________ Christopher Hawblitzel !!!!!!!!!____________________________ !!!!!!!!!Carol Folt !!!!!!!!! Dean of Graduate Studies 1 2 Abstract SSH, the Secure Shell, is a popular software-based approach to network security. It is a protocol that allows user to log into another computer over a network, to execute commands in a remote machine, and to move files from one machine to another. It provides authentication and encrypted communications over unsecured channels. However, SSH protocol has an inherent security flaw. It is vulnerable to the “man-in-the- middle Attack”, when a user establishes his first SSH connection from a particular client to a remote machine. My thesis entails designing, evaluating and prototyping a public key infrastructure which can be used with the SSH2 protocol, in an academic setting, thus eliminating this vulnerability due to the man in the middle attack. The approach presented is different from the one that is based on the deployment of a Certificate Authority. My scheme does not necessarily require third party verification using a Certificate Authority; it is decentralized in nature and is relatively easy to set up. Keywords used: SSH, PKI, digital certificates, Certificate Authority, certification path, LDAP servers, Certificate Revocation List, X509v3 Certificate, OpenSSL, mutual authentication, and tunneled authentication. 3 Acknowledgments I want to thank Professor Sean Smith for his guidance, assistance and unremitting support over the last two years.
    [Show full text]
  • Universal Leaky Random Oracle
    Universal Leaky Random Oracle Guangjun Fan1, Yongbin Zhou2, Dengguo Feng1 1 Trusted Computing and Information Assurance Laboratory,Institute of Software,Chinese Academy of Sciences,Beijing,China [email protected] , [email protected] 2 State Key Laboratory of Information Security,Institute of Information Engineering,Chinese Academy of Sciences,Beijing,China [email protected] Abstract. Yoneyama et al. introduces the Leaky Random Oracle Model at ProvSec2008 to capture the leakages from the hash list of a hash func- tion used by a cryptography construction due to various attacks caused by sloppy usages or implementations in the real world. However, an im- portant fact is that such attacks would leak not only the hash list, but also other secret states (e.g. the secret key) outside the hash list. There- fore, the Leaky Random Oracle Model is very limited in the sense that it considers the leakages from the hash list alone, instead of taking into con- sideration other possible leakages from secret states simultaneously. In this paper, we present an augmented model of the Leaky Random Oracle Model. In our new model, both the secret key and the hash list can be leaked. Furthermore, the secret key can be leaked continually during the whole lifecycle of the cryptography construction. Hence, our new model is more universal and stronger than the Leaky Random Oracle Model and some other leakage models (e.g. only computation leaks model and memory leakage model). As an application example, we also present a public key encryption scheme which is provably IND-CCA secure in our new model.
    [Show full text]
  • How Secure Is Textsecure?
    How Secure is TextSecure? Tilman Frosch∗y, Christian Mainkay, Christoph Badery, Florian Bergsmay,Jorg¨ Schwenky, Thorsten Holzy ∗G DATA Advanced Analytics GmbH firstname.lastname @gdata.de f g yHorst Gortz¨ Institute for IT-Security Ruhr University Bochum firstname.lastname @rub.de f g Abstract—Instant Messaging has gained popularity by users without providing any kind of authentication. Today, many for both private and business communication as low-cost clients implement only client-to-server encryption via TLS, short message replacement on mobile devices. However, until although security mechanisms like Off the Record (OTR) recently, most mobile messaging apps did not protect confi- communication [3] or SCIMP [4] providing end-to-end con- dentiality or integrity of the messages. fidentiality and integrity are available. Press releases about mass surveillance performed by intelli- With the advent of smartphones, low-cost short-message gence services such as NSA and GCHQ motivated many people alternatives that use the data channel to communicate, to use alternative messaging solutions to preserve the security gained popularity. However, in the context of mobile ap- and privacy of their communication on the Internet. Initially plications, the assumption of classical instant messaging, fueled by Facebook’s acquisition of the hugely popular mobile for instance, that both parties are online at the time the messaging app WHATSAPP, alternatives claiming to provide conversation takes place, is no longer necessarily valid. secure communication experienced a significant increase of new Instead, the mobile context requires solutions that allow for users. asynchronous communication, where a party may be offline A messaging app that claims to provide secure instant for a prolonged time.
    [Show full text]
  • Detecting and Preventing Active Attacks Against Autocrypt Release 0.10.0
    Detecting and preventing active attacks against Autocrypt Release 0.10.0 NEXTLEAP researchers Jan 09, 2020 Contents 1 Introduction2 1.1 Attack model and terminology............................2 1.2 Problems of current key-verification techniques...................3 1.3 Integrating key verification with general workflows.................3 1.4 Supplementary key consistency through ClaimChains................4 1.5 Detecting inconsistencies through Gossip and DKIM................5 2 Securing communications against network adversaries6 2.1 Setup Contact protocol................................7 2.2 Verified Group protocol................................ 12 2.3 History-verification protocol............................. 17 2.4 Verifying keys through onion-queries......................... 20 3 Key consistency with ClaimChains 23 3.1 High level overview of the ClaimChain design.................... 23 3.2 Use and architecture................................. 24 3.3 Evaluating ClaimChains to guide verification.................... 26 4 Using Autocrypt key gossip to guide key verification 28 4.1 Attack Scenarios................................... 28 4.2 Probability of detecting an attack through out of band verification......... 29 5 Using DKIM signature checks to guide key verification 32 5.1 DKIM Signatures on Autocrypt Headers....................... 32 5.2 Device loss and MITM attacks............................ 33 5.3 Open Questions.................................... 34 1 1 Introduction This document considers how to secure Autocrypt1-capable mail apps against active network at- tackers. Autocrypt aims to achieve convenient end-to-end encryption of e-mail. The Level 1 Autocrypt specification offers users opt-in e-mail encryption, but only considers passive adver- saries. Active network adversaries, who could, for example, tamper with the Autocrypt header during e-mail message transport, are not considered in the Level 1 specification. Yet, such active attackers might undermine the security of Autocrypt.
    [Show full text]