LOCAL ENCRYPTION Using GPG keys in conjunction with UNIX password manager “Pass”.

Slides:

Advertisements

Similar presentations

Module XXI Cryptography

Advertisements

Security 1. is one of the most widely used and regarded network services currently message contents are not secure may be inspected either.

CIS 193A – Lesson6 CRYPTOGRAPHY RAPELCGRQ. CIS 193A – Lesson6 Focus Question Which cryptographic methods help computer users maintain confidentiality,

Outline Project 1 Hash functions and its application on security Modern cryptographic hash functions and message digest –MD5 –SHA.

NSRC Workshop Some fundamental security concerns... Confidentiality - could someone else read my data? Integrity - has my data been changed? Authentication.

Public Key Cryptography and GnuPG CPT 555 Network Security.

PGP Overview 2004/11/30 Information-Center meeting peterkim.

Lecture 5: security: PGP Anish Arora CIS694K Introduction to Network Security.

Security Overview Hofstra University University College for Continuing Education - Advanced Java Programming Lecturer: Engin Yalt May 24, 2006.

Chapter 9 - Control in Computerized Environment ATG 383 – Spring 2002.

Cryptography and Network Security Chapter 15 Fourth Edition by William Stallings Lecture slides by Lawrie Brown.

Pretty Good Privacy (PGP)

Lecture 9: Security via PGP CS 436/636/736 Spring 2012 Nitesh Saxena.

Beginning PGP 2600 JAN09. What? OpenPGP is the proposed standard. – (RFC 2440, 3156, 4880, 5081, etc) OpenPGP is not a program. PGP and GnuPG are computer.

PGP Encryption Justin Shelby. Encryption Methods  There are two basic key types for cryptography Symmetric Asymmetric.

Trusted Key Server OpenPKSD TKS Hironobu SUZUKI IWFST 2005 International Workshop on Future Software Technology.

Linux Networking and Security Chapter 8 Making Data Secure.

E-Commerce Security Technologies : Theft of credit card numbers Denial of service attacks (System not availability ) Consumer privacy (Confidentiality.

Crypto Bro Rigby. History

Security.  is one of the most widely used and regarded network services  currently message contents are not secure may be inspected either.

Chapter 6 Electronic Mail Security MSc. NGUYEN CAO DAT Dr. TRAN VAN HOAI 1.

PGP ENCRYPTION Prepared by Noel Kigaraba. Introduction This presentation explains the basic information about PGP encryption software. It discusses the.

Cryptography and Network Security (CS435) Part Twelve (Electronic Mail Security)

Chapter 15: Electronic Mail Security

CSCE 815 Network Security Lecture 11 Security PGP February 25, 2003.

SECURITY – Chapter 15 SECURITY – Chapter 15 ….for authentication and confidentiality PGP 1.Uses best algorithms as building blocks 2.General.

NETWORK SECURITY.

Security PGP IT352 | Network Security |Najwa AlGhamdi 1.

By: Anuj Sharma. Topics covered:  GIT Introduction  GIT Benefits over different tools  GIT workflow  GIT server creation  How to use GIT for first.

Distribution Development Security Jeremiah Yongue.

Security Using PGP - Prajakta Bahekar. Importance of Security is one of the most widely used network service on Computer Currently .

Electronic Mail Security Prepared by Dr. Lamiaa Elshenawy

Security  is one of the most widely used and regarded network services  currently message contents are not secure may be inspected either.

By Marwan Al-Namari & Hafezah Ben Othman Author: William Stallings College of Computer Science at Al-Qunfudah Umm Al-Qura University, KSA, Makkah 1.

Security By Meenal Mandalia. What is ? stands for Electronic Mail. much the same as a letter, only that it is exchanged in a different.

2013Prof. Reuven Aviv, Mail Security1 Pretty Good Privacy (PGP) Prof. Reuven Aviv Dept. of Computer Science Tel Hai Academic College.

@Yuan Xue Case Study (Mid-term question) Bob sells BatLab Software License Alice buys BatLab Credit card information Number of.

Lecture 8 (Chapter 18) Electronic Mail Security Prepared by Dr. Lamiaa M. Elshenawy 1.

第五章电子邮件安全. Security is one of the most widely used and regarded network services currently message contents are not secure –may be inspected.

Security Depart. of Computer Science and Engineering 刘胜利 ( Liu Shengli) Tel:

PGP Introduction and Keysigning Joel Jaeggli For SSE AFNOG 2011.

and File Security With GnuPG Matt Brodeur

PV204 Security technologies

Key management issues in PGP

chownIoT Secure Handling of Smart Home IoT Devices Ownership Change

Web Applications Security Cryptography 1

Security is one of the most widely used and regarded network services

e-Health Platform End 2 End encryption

GnuPG The GNU Privacy Guard

CIW Lesson 7 Part A Name: _______________________________________

Chap 6: Security and Protection

PHP: Security issues FdSc Module 109 Server side scripting and

Security through Encryption

SSH: SECURE LOGIN CONNECTIONS OVER THE INTERNET

Network Security – Kerberos

An Installation Guide of PGP on Windows 2000

Hiding Information, Encryption, and Bypasses

Public Key Infrastructure

Electronic Mail Security

Module 2 OBJECTIVE 14: Compare various security mechanisms.

Exercise 8: Securing Pretty Good Privacy

Exercise: Hashing, Password security, And File Integrity

Chapter 3 - Public-Key Cryptography & Authentication

….for authentication and confidentiality PGP

Scott Miller TSM Team Lead Ray Mah Architect, Foundation

PGP CSC 492 Presentation May 2, 2007 Brandon Skari Ruby Matejcik.

Presentation transcript:

LOCAL ENCRYPTION Using GPG keys in conjunction with UNIX password manager “Pass”.

Scope of Presentation ■Estimated time: 1 hour. –Pass may be out of scope for presentation if we run long. ■Intended Goals: –Review history of PGP, GPG, and cryptography theory –Generate keypair with Raspberry Pi using thermal noise for TRNG –Separate master key with public key and signing subkeys –Add subkey to Yubikey for hardware smartcard –Store keypair in case of catastrophic failure or loss of keys –Brief overview of UNIX password manager ”Pass” ■All information can be found at murraycolin.org 1. Distil Networks 2 will have a blog post coming shortly, which will contain more information and be linked at aforementioned site

History of PGP, OpenPGP, and GPG ■PGP (Pretty Good Privacy) was created in 1991 and was the first software that was widely available implementing public key cryptiongraphy 1. ■In July 1997, Zimmermann proposed to the IETF to implement a new open standard OpenPGP. –RFC was created, and then RFC4880 is the current working standard 3. ■GPG (or GnuPG or GNU Privacy Guard) was then created, which is an OpenPGP compliant software written under the GPL

Cryptography Theory ■Computer are bad at generating random numbers on their own. –To a computerlooks as random as –Source 1 ■In order to create more entropy, we need to gather random variables from the physical environment (e.g. thermal noise or radiation). –Here is a link to a very interesting Youtube video explaining entropy a bit more in depth, in addition to providing another tool to generate entropy hardware-random-number-generator/ 2.

Cryptography Theory Continued ■No algorithm is safe forever: given enough time, any cryptography can be cracked. –The goal of a cryptographic algorithm is not to generate a “perfectly random” number, but to delay forced decryption for as long as possible. ■To elaborate: if computers become fast enough to throw enough numbers at a problem to brute force it (like with SHA1 1 ), the goal of an algorithm is to delay the inevitable for as long as possible. –1.024 MHz, $25.4 billion in MHz, $35 in –(Complete Apollo 11 program)(Raspberry Pi 2) 1.

Setting Up Environment ■Install Raspbian on Raspberry Pi and update/upgrade from repo. ■Install the rng-tools from apt-get. ■Set up BCM as according to website 1 –For information regarding BCM 2708 vs BCM 2835, please see blog. ■For all following slides, assume RSA hardware-random-number-generator/

Commands To Run On Pi ■sudo cat /dev/hwrng –Used in separate terminal to read thermal noise. ■gpg2 -–gen-key –1 (RSA and RSA (default)) –1y (1 year) –Fill out desired info accurately.

Commands To Run On Pi Continued ■gpg2 --expert --edit-key {Genereated Key} ■setpref SHA512 SHA384 SHA256 SHA224 AES256 AES192 AES TWOFISH ZLIB BZIP2 ZIP UNCOMPRESSED ■addkey –8 (RSA (set your own capabilities)) –a, s, e, q

Generate Revocation Keys ■gpg --armor –output {DESIREDNAME}.asc –gen-revoke {KEYID} –Use command for each key on keyring. ■Generate QR code for easier entry in case storage fails 1. –More backups do not hurt. If the SD card fails, a physical print out is always smart. ■cat {desiredname}.asc, and print output for text. 1.

Exporting Keys ■gpg –armor –export {KEYID} > {DESIREDPUBLICNAME}.asc –Exporting Public Key. ■gpg –armor –export-secret-keys {KEYID} > {DESIREDPRIVATENAME}.asc –Exporting Master Key (for backup). ■gpg –armor –export-secret-subkeys {KEYID} > {DESIREDSUBKEYNAME}.asc. –Exporting Signing Keys.

Importing Keys ■gpg --allow-secret-key-import –import {DESIREDSUBKEYNAME}.asc. ■gpg –import {DESIREDPUBLICNAME}.asc. ■gpg –list-keys –Verify public key installed on local computer. ■gpg –list-secret-keys –Verify signing subkey installed on local computer. ■gpg –edit-key {KEYID} ■trust, save.

Setup Yubikey Environment ■gpg --card-edit ■admin –Default admin PIN ” ” –Default user PIN “123456” ■passwd –1 for PIN, 3 for admin.

Adding to Yubikey ■gpg --expert --edit-key {signing subkey} ■toggle ■8 (RSA (set your own capabilities)) ■A, S, E –Authenticate, Sign, Encrypt. ■keytocard ■1 ■keytocard ■2 ■keytocard ■3 ■key 1, key 2, and key 3 to verify keys were copied to Yubikey.

Key Storage

Pass (Time Permitting) ■ ■Live demonstration.

Thank You For Your Time! ■Find me on the web: – - Portfolio – - Blog ■Where I work: – ■Tell me how I can improve and send me public keys at: