Presentation is loading. Please wait.

Presentation is loading. Please wait.

LOCAL ENCRYPTION Using GPG keys in conjunction with UNIX password manager “Pass”.

Published byStephanie Boyd Modified over 8 years ago

Similar presentations

Presentation on theme: "LOCAL ENCRYPTION Using GPG keys in conjunction with UNIX password manager “Pass”."— Presentation transcript:

1 LOCAL ENCRYPTION Using GPG keys in conjunction with UNIX password manager “Pass”.

2 Scope of Presentation ■Estimated time: 1 hour. –Pass may be out of scope for presentation if we run long. ■Intended Goals: –Review history of PGP, GPG, and cryptography theory –Generate keypair with Raspberry Pi using thermal noise for TRNG –Separate master key with public key and signing subkeys –Add subkey to Yubikey for hardware smartcard –Store keypair in case of catastrophic failure or loss of keys –Brief overview of UNIX password manager ”Pass” ■All information can be found at murraycolin.org 1. Distil Networks 2 will have a blog post coming shortly, which will contain more information and be linked at aforementioned site. 1.https://murraycolin.org/2016/08/05/GPG.html/ 2.http://www.distilnetworks.com/

3 History of PGP, OpenPGP, and GPG ■PGP (Pretty Good Privacy) was created in 1991 and was the first software that was widely available implementing public key cryptiongraphy 1. ■In July 1997, Zimmermann proposed to the IETF to implement a new open standard OpenPGP. –RFC 2440 2 was created, and then RFC4880 is the current working standard 3. ■GPG (or GnuPG or GNU Privacy Guard) was then created, which is an OpenPGP compliant software written under the GPL 4. 1.https://philzimmermann.com/EN/findpgp/ 2.https://tools.ietf.org/html/rfc2440 3.https://tools.ietf.org/html/rfc4880 4.https://en.wikipedia.org/wiki/Pretty_Good_Privacy

4 Cryptography Theory ■Computer are bad at generating random numbers on their own. –To a computerlooks as random as –Source 1 ■In order to create more entropy, we need to gather random variables from the physical environment (e.g. thermal noise or radiation). –Here is a link to a very interesting Youtube video explaining entropy a bit more in depth, in addition to providing another tool to generate entropy 2. 1.http://scruss.com/blog/2013/06/07/well-that-was-unexpected-the-raspberry-pis- hardware-random-number-generator/ 2.https://www.youtube.com/watch?v=iDuhLQ43tvQ

5 Cryptography Theory Continued ■No algorithm is safe forever: given enough time, any cryptography can be cracked. –The goal of a cryptographic algorithm is not to generate a “perfectly random” number, but to delay forced decryption for as long as possible. ■To elaborate: if computers become fast enough to throw enough numbers at a problem to brute force it (like with SHA1 1 ), the goal of an algorithm is to delay the inevitable for as long as possible. –1.024 MHz, $25.4 billion in 1969.900MHz, $35 in 2016. –(Complete Apollo 11 program)(Raspberry Pi 2) 1.http://csrc.nist.gov/groups/ST/hash/statement.html

6 Setting Up Environment ■Install Raspbian on Raspberry Pi and update/upgrade from repo. ■Install the rng-tools from apt-get. ■Set up BCM as according to website 1 –For information regarding BCM 2708 vs BCM 2835, please see blog. ■For all following slides, assume RSA 4096. 1.http://scruss.com/blog/2013/06/07/well-that-was-unexpected-the-raspberry-pis- hardware-random-number-generator/

7 Commands To Run On Pi ■sudo cat /dev/hwrng –Used in separate terminal to read thermal noise. ■gpg2 -–gen-key –1 (RSA and RSA (default)) –1y (1 year) –Fill out desired info accurately.

8 Commands To Run On Pi Continued ■gpg2 --expert --edit-key {Genereated Key} ■setpref SHA512 SHA384 SHA256 SHA224 AES256 AES192 AES TWOFISH ZLIB BZIP2 ZIP UNCOMPRESSED ■addkey –8 (RSA (set your own capabilities)) –a, s, e, q

9 Generate Revocation Keys ■gpg --armor –output {DESIREDNAME}.asc –gen-revoke {KEYID} –Use command for each key on keyring. ■Generate QR code for easier entry in case storage fails 1. –More backups do not hurt. If the SD card fails, a physical print out is always smart. ■cat {desiredname}.asc, and print output for text. 1.http://www.qr-code-generator.com/

10 Exporting Keys ■gpg –armor –export {KEYID} > {DESIREDPUBLICNAME}.asc –Exporting Public Key. ■gpg –armor –export-secret-keys {KEYID} > {DESIREDPRIVATENAME}.asc –Exporting Master Key (for backup). ■gpg –armor –export-secret-subkeys {KEYID} > {DESIREDSUBKEYNAME}.asc. –Exporting Signing Keys.

11 Importing Keys ■gpg --allow-secret-key-import –import {DESIREDSUBKEYNAME}.asc. ■gpg –import {DESIREDPUBLICNAME}.asc. ■gpg –list-keys –Verify public key installed on local computer. ■gpg –list-secret-keys –Verify signing subkey installed on local computer. ■gpg –edit-key {KEYID} ■trust, save.

12 Setup Yubikey Environment ■gpg --card-edit ■admin –Default admin PIN ”12345678” –Default user PIN “123456” ■passwd –1 for PIN, 3 for admin.

13 Adding to Yubikey ■gpg --expert --edit-key {signing subkey} ■toggle ■8 (RSA (set your own capabilities)) ■A, S, E –Authenticate, Sign, Encrypt. ■keytocard ■1 ■keytocard ■2 ■keytocard ■3 ■key 1, key 2, and key 3 to verify keys were copied to Yubikey.

14 Key Storage

15 Pass (Time Permitting) ■https://www.passwordstore.org/ ■Live demonstration.

16 Thank You For Your Time! ■Find me on the web: –https://murraycolin.com/ - Portfolio –https://murraycolin.org/ - Blog ■Where I work: –http://www.distilnetworks.com/team/#p/colin-murray ■Tell me how I can improve and send me public keys at: –pacitpros@murraycolin.com

Download ppt "LOCAL ENCRYPTION Using GPG keys in conjunction with UNIX password manager “Pass”."

Similar presentations

Module XXI Cryptography

Module XXI Cryptography
Email Security 1. email is one of the most widely used and regarded network services currently message contents are not secure may be inspected either.

Security 1. is one of the most widely used and regarded network services currently message contents are not secure may be inspected either.
CIS 193A – Lesson6 CRYPTOGRAPHY RAPELCGRQ. CIS 193A – Lesson6 Focus Question Which cryptographic methods help computer users maintain confidentiality,

CIS 193A – Lesson6 CRYPTOGRAPHY RAPELCGRQ. CIS 193A – Lesson6 Focus Question Which cryptographic methods help computer users maintain confidentiality,
Outline Project 1 Hash functions and its application on security Modern cryptographic hash functions and message digest –MD5 –SHA.

Outline Project 1 Hash functions and its application on security Modern cryptographic hash functions and message digest –MD5 –SHA.
NSRC Workshop Some fundamental security concerns... Confidentiality - could someone else read my data? Integrity - has my data been changed? Authentication.

NSRC Workshop Some fundamental security concerns... Confidentiality - could someone else read my data? Integrity - has my data been changed? Authentication.
Public Key Cryptography and GnuPG CPT 555 Network Security.

Public Key Cryptography and GnuPG CPT 555 Network Security.
PGP Overview 2004/11/30 Information-Center meeting peterkim.

PGP Overview 2004/11/30 Information-Center meeting peterkim.
Lecture 5: Email security: PGP Anish Arora CIS694K Introduction to Network Security.

Lecture 5: security: PGP Anish Arora CIS694K Introduction to Network Security.
Security Overview Hofstra University University College for Continuing Education - Advanced Java Programming Lecturer: Engin Yalt May 24, 2006.

Security Overview Hofstra University University College for Continuing Education - Advanced Java Programming Lecturer: Engin Yalt May 24, 2006.
Chapter 9 - Control in Computerized Environment ATG 383 – Spring 2002.

Chapter 9 - Control in Computerized Environment ATG 383 – Spring 2002.
Cryptography and Network Security Chapter 15 Fourth Edition by William Stallings Lecture slides by Lawrie Brown.

Cryptography and Network Security Chapter 15 Fourth Edition by William Stallings Lecture slides by Lawrie Brown.
Pretty Good Privacy (PGP)

Pretty Good Privacy (PGP)
Lecture 9: Email Security via PGP CS 436/636/736 Spring 2012 Nitesh Saxena.

Lecture 9: Security via PGP CS 436/636/736 Spring 2012 Nitesh Saxena.
Beginning PGP 2600 JAN09. What? OpenPGP is the proposed standard. – (RFC 2440, 3156, 4880, 5081, etc) OpenPGP is not a program. PGP and GnuPG are computer.

Beginning PGP 2600 JAN09. What? OpenPGP is the proposed standard. – (RFC 2440, 3156, 4880, 5081, etc) OpenPGP is not a program. PGP and GnuPG are computer.
PGP Encryption Justin Shelby. Encryption Methods  There are two basic key types for cryptography Symmetric Asymmetric.

PGP Encryption Justin Shelby. Encryption Methods  There are two basic key types for cryptography Symmetric Asymmetric.
Trusted Key Server OpenPKSD TKS Hironobu SUZUKI IWFST 2005 International Workshop on Future Software Technology.

Trusted Key Server OpenPKSD TKS Hironobu SUZUKI IWFST 2005 International Workshop on Future Software Technology.
Linux Networking and Security Chapter 8 Making Data Secure.

Linux Networking and Security Chapter 8 Making Data Secure.
E-Commerce Security Technologies : Theft of credit card numbers Denial of service attacks (System not availability ) Consumer privacy (Confidentiality.

E-Commerce Security Technologies : Theft of credit card numbers Denial of service attacks (System not availability ) Consumer privacy (Confidentiality.
Crypto Bro Rigby. History

Crypto Bro Rigby. History
Email Security.  email is one of the most widely used and regarded network services  currently message contents are not secure may be inspected either.

Security.  is one of the most widely used and regarded network services  currently message contents are not secure may be inspected either.

Similar presentations

Ads by Google