Pertemuan #12 Pretty Good Privacy (Pretty Good Privacy) Kuliah Pengaman Jaringan
Overview of PGP Stands for Pretty Good Privacy Public key encryption program Originally written by Phil Zimmerman in 1991 Available in many different platforms, such as Windows, Unix, MS-DOS, OS/2, Mac-Intosh Freeware & commercial versions are available Primarily used for encrypting Combines conventional & public key cryptography, called “hybrid cryptosystem”
PGP Encryption
1. Compress the plaintext 2. Create a random session key 3. Plaintext is encrypted with the new session key, the result is ciphertext 4. Session key is encrypted to the recipient’s public key 5. Public-key-encrypted session key and the ciphertext are transmitted to the recipient
PGP Decryption
1. Recipient’s private key is used to open (decrypt) temporary session key 2. The decrypted session key is used to decrypt the conventionally-decrypted ciphertext 3. The result is the original message (plaintext)
Keys Basically really really big numbers Public key size & conventional cryptography’s secret key size are totally unrelated A conventional 80-bit key has the equivalent strength of a 1024-bit public key Bigger the key, harder to be derived, but also needs more computational power and time to use it for encrypting & decrypting PGP stores keys in encrypted form, in 2 files called “keyrings” (1 for public keys and 1 for private keys)
Digital Signatures Provides: Authentication Data integrity Non-repudation Serves the same purpose as handwritten signature But it’s nearly impossible to counterfeit Some people tend to use signatures more than they use encryption
Simple Digital Signatures
Hash Functions The system explained previously It is slow Produces enormous volume of data An improvement is the addition of one-way hash function in the process Takes variable-length input, produces fixed-length output, say 160 bits Change in the information will entirely produce different hash function output
Secure Digital Signatures
Digital Certificates Included with a person’s public key Help others verify that a key is genuine or valid Consists of three things: A public key Certificate information Identity information about the user such as name, user ID and so on One or more digital signatures
Anatomy Of A Certificate
Validity & Trust Validity is confidence that a public key certificate belongs to its purported owner You must constantly establish whether or not a particular certificate is authentic Some companies designate one or more Certificate Authorities CA checks the validity of all the certificates in the org and signs the good ones
Checking Validity Manually check the certificate’s fingerprint PGP cert’s fingerprint is unique It is a hash of the user’s cert, appears as one of cert properties You may call and ask the owner to read his/her fingerprint, but can you trust the voice if you don’t know his/her? Some people put their key’s fingerprint on their business card Trust a 3 rd individual has gone through the process of validating it, such as the CA Anyone who trust the CA will automatically consider any certs validated by the CA to be valid
Establishing Trust You validate keys You trust people More specifically, you trust people to validate other people’s keys Typically, unless the owner hands you the certificate, you have to go by someone’s word that it is valid
Meta & Trusted Introducers People completely trust the CA to establish certs’ validity Everyone relies upon the CA to manually validate for them CA can’t handle all of their validation process Therefore adding other validators to the system is necessary
Meta & Trusted Introducers Meta-introducer bestows not only key’s validity, but also bestows the ability to trust keys upon others, enable others to act as “trusted introducers” Trusted-introducers can validate keys to the same effect as that of meta-introducer But they can’t create new trusted-introducers
Trust Models In closed systems, it’s easy to trace a path of trust back to the root CA In real world users must often communicate with people outside, including some whom they’ve never met Establishing line of trust to those who haven’t been explicitly trusted a CA is difficult There are 3 different trust models
Model #1, Direct Trust Simplest trust model A user trusts a key is valid because he/she knows where it came from Example in web browser, CA’s keys are directly trusted because they were shipped by the manufacturer in the browser
Model #2, Hierarchical Trust There are numbers of “root” certificates from which trust extends Consider a big trust “tree” The “leaf” cert’s validity is verified by tracing backward from its certifier, to other certifier, until a directly trusted root certificate is found
Model #3, Web Of Trust Encompasses both of other models A cert might be trusted directly, or trusted in some chain going back to a directly trusted root certificate (the meta-introducer), or by some group of introducers
Trust Model Used in PGP PGP uses web of trust Any user can act as a certifying authority Any PGP user can validate another PGP user’s pub-key cert However, such cert is only valid to another user if recognizes the validator as a trusted introducer
What Is A Passphrase? Longer version of password & more secure Typically composed of multiple words The priv-key is encrypted on your disk using a hash of your passphrase as the secret key You use the passphrase to decrypt and use your priv-key If you forget the passphrase, you’re out of luck, since the priv-key is totally useless!
Key Splitting Secret is not a secret if known to more than one person Sharing a private key is necessary at times Given an example: Corporate Signing Keys It’s worthwhile for members to have access to the private key But this means any single person can act fully on behalf of the company
Key Splitting So it’s wise to split the key among multiple people More than one or two people will have to present a piece of the key in order to reconstitute it to a usable condition If too few pieces of the key are available, then the key is unusable If a secure network connection is used, the key’s shareholders need not be physically present to rejoin the key