Key management issues in PGP Logan Wang Key management issues in PGP
Public Key Cryptography Is an encryption scheme that uses two keys Can provide confidentiality, authentication, integrity and non- repudiation Allows for more than just encryption/decryption Digital signatures Message integrity Key exchange
Key management system Manages public keys that have been collected Verifies the private key is legitimate The way in which this is done is where PGP and PKI are different
PKI (Public Key Infrastructure) Usually Hierarchical model Certificates are public keys that have been signed by another entity CA (Certification Authority) issues certificates Root CA – self signed certificate CRL – Certificate revocation list X.509 certificate (not a complete list) Subject and subject key Issuer Validity period Certificate signature
PKI Hierarchical system, relies on trustworthy CA
PGP (Pretty Good Privacy) Created by Phil Zimmermann and released on the internet in 1991 Provides cryptographic protection of files and email PGP is now commercial, but there is free versions for non- commercial use OpenPGP is a set of standards which describes the formats for encrypted messages, keys, and digital signatures. GPG (GNU Privacy Guard) – open-source implementation of the standards set by OpenPGP, is the usual implementation found on Linux systems.
PGP – Key management Supports the Web Of Trust model PGP software will generate keys for the user and help user manage them A PGP Key consists of: Owner’s name the numerical value of the key what the key is to be used for (e.g., for signing; for encryption) the algorithm the key is to be used with, e.g. El Gamal; RSA; DSA an expiration date
PGP – Key management Need to store lots of keys Own private key (stored encrypted) Own public key and public keys of others (stored in the open) PGP software stores them in a file, called “keyring” Keyring also stores certificates of other people which have been signed by the user A public key stored in the user’s public keyring will have: PGP key information The trust, assigned by the user: Full trust Marginal trust Untrusted Unknown Zero or more signatures
PGP – Web of trust Community based trust model that entirely rely on its users Everybody is a CA, every user can sign certificates The idea of Web of trust is that you verify someone’s identity and decide to trust in them to trust people for you Public key sharing done: Physically Key servers Email or friends
Web of trust Sources for images: https://0x00sec.org/t/pgp-the-web-of-trust/1404 http://www.phillylinux.org/keys/historical.html – graphed with sig2dot
Web of trust William Stallings, Cryptography and Network Security, Principles and Practice, Prentice Hall, 1999.
PGP - revocation To revoke a certificate: User needs to generate the revocation information when they create the key If key is lost, it’s impossible to generate the revocation information Only user can revoke certificate Telling everyone about the revocation: Need to publish at all locations where the public key was provided Hard to know who has it
PGP Key management issues Lack of standards for identification verification Allows each person control Revocation notification Need to maintain keys, web of trust, and to configure mail client Can be tricked into receiving illegitimate keys Quite complicated for the average user Can be difficult for a new certificate to get in
Key signing party
PGP VS PKI Quick, easy to set up Does not require entire infrastructure Good for informal groups Certificate has multiple levels of trust Revocation is harder Lack of standards Distribute to a large amount of users More control over subordinates Certificate is either trusted or not trusted Revocation is easier Clear standards
PGP – secrecy issues No forward secrecy Forward secrecy means that encrypted communications and sessions recorded in the past cannot be retrieved and decrypted, if the secret key or password is compromised in the future Example: Alice and Bob establish communication, Eve is listening and stores all encrypted messages. Sometime later, Eve is able to obtain Bob’s private key. Eve can now read all of Bob’s past emails. Additionally Eve has evidence in the form of a cryptographic digital signature that Alice was the one who sent the messages. Not very private
Alternatives Signal It uses the Internet to send one-to-one and group messages, which can include images and video messages, and make one-to-one voice and video calls. Signal uses standard cellular mobile numbers as identifiers, and uses end-to-end encryption to secure all communications to other Signal users. The applications include mechanisms by which users can independently verify the identity of their messaging correspondents and the integrity of the data channel. BUT it’s not email
Solution Is there a need for one? Secrecy is important but… PGP is reliable old technology that provides adequate encryption to those who need it No new technology for email has been developed and if that technology was to be developed can it be trusted and deployed
Questions?