Presentation is loading. Please wait.

Presentation is loading. Please wait.

and File Security With GnuPG Matt Brodeur

Published byHenry Barrett Modified over 8 years ago

Similar presentations

Presentation on theme: "and File Security With GnuPG Matt Brodeur"— Presentation transcript:

1 E-Mail and File Security With GnuPG Matt Brodeur mbrodeur@nexttime.com

2 Introduction – What is GnuPG? ● Pretty Good Privacy (PGP) ● Created by Philip Zimmerman in 1991 ● Now sold by PGP Corporation ● GNU Privacy Guard ● "GnuPG is a complete and free replacement for PGP." (FSF) ● GnuPG implements the OpenPGP (RFC2440) standard

3 Introduction – What is OpenPGP? ● OpenPGP is part of a protocol that provides cryptographic security for electronic communication ● OpenPGP provides the four essential components of secure communication ● Authentication ● Integrity ● Nonrepudiation ● Confidentiality

4 Why use PGP? ● OpenPGP can protect ● Financial information ● Business plans ● Sensitive data ● Software distribution ● Public announcements

5 How? - Install Software ● http://www.gnupg.org/download.html http://www.gnupg.org/download.html ● Latest versions are 1.4.6 and 2.0.2 ● Available precompiled for most systems, source for others. ● Windows - http://www.gpg4win.orghttp://www.gpg4win.org ● Check your distribution, you might already have it.

6 Public Key Cryptography ● Symmetric Encryption ● Split Key Encryption – Public Key – Private Key ● Digital Signatures / Hybrid Encryption

7 Web of Trust ● How can you trust someone you've never met? ● Verify the Validity of the keys for people you know, and Trust them to verify others.

8 How? - Create Keys ● gpg –gen-key ● Key Length ● DSA (Signing Key) will be 1024 bits ● ElGamal (Encryption Key) can be between 1024 and 4096 bits ● "The longer the key the more secure it is against brute-force attacks, but for almost all purposes the default keysize is adequate since it would be cheaper to circumvent the encryption than try to break it." (GPH) ● USE A GOOD PASSPHRASE

9 Keys – Expiration and Revocation ● Suggested method (GPH) ● No expiration on main (signing) key ● Expire encryption keys regularly ● USE A GOOD PASSPHRASE ● Generate a revocation certificate (--gen-revoke) immediately ● Store in a safe place ● AWAY from secret key

10 Certificate Structure ● Keys, User IDs and Fingerprints are contained in a Certificate ● Certificates are identified by their primary Signing Key ID

11 Keys – Multiple Identities ● You may have multiple IDs on one certificate ● --edit-key, adduid ● IDs may be added but never removed ● One can revoke a UID's self-signature ● Multiple keys can be used instead

12 Keys - Verification ● Key ID vs Fingerprint ● A Fingerprint is a hash of the key data ● A (DSA) Key ID is a subset of the Fingerprint ● One must check owner's identity, Key ID, and fingerprint ● Take note of how certain you are of someone's identity...and how well others are checking, too.

13 Keys - Signing ● gpg --edit-key ● "sign" command ● gpg --sign-key ● Indicate how closely you have verified the owner's identity (Validity) ● Validity is stored with the signed key and shared with the world ● Indicate how much you trust the owner to verify the identity of others (Ownertrust) ● Ownertrust is a personal assessment and is stored locally ● Local signatures (lsign)

14 Useful Commands / Options ● --keyserver [keyserver name] ● --send-keys [UID/KeyID/etc] ● --recv-keys [KeyID only] ● --search-keys [string] ● Searches server for matching keys ● --refresh-keys ● Retrieves latest version of all keys on your public ring ● Keyserver name and options can be set in ~/.gnupg/gpg.conf

15 Useful Commands / Options ● --policy-url ● Link a signing policy page to a signature ● addphoto, showphoto (--edit-key commands) --photo-viewer option ● Attach a photograph to a key ● Common Problem: "WARNING: using insecure memory!" ● GPG needs to lock memory to prevent paging sensitive data

16 CAFF – Signing the easier way ● Certificate Authority Fire and Forget (CAFF) ● http://pgp-tools.alioth.debian.org/ http://pgp-tools.alioth.debian.org/ ● Feed it a list of Key IDs and follow the prompts ● Retrieves ● Signs ● Splits ● Encrypts ● Mails

17 Advanced Topics / Issues ● E-Mail headers are unencrypted ● Including Subject ● PGP/GPG interoperability ● http://www.gnupg.org/(en)/documentation/faqs.html#q5 ● PGP-MIME vs Traditional PGP ● Capability vs Compatibility ● Good mailers should support both

18 Conclusion - Links ● This Presentation ● http://www.nexttime.com/mbrodeur/GPG2007/ ● GnuPG Home Page (Downloads, Frontends, FAQ, GPH) ● http://www.gnupg.org ● RFC 2440 (OpenPGP Message Format) ● ftp://ftp.rfc-editor.org/in-notes/rfc2440.txt ftp://ftp.rfc-editor.org/in-notes/rfc2440.txt ● OpenPGP vs S/MIME ● http://www.imc.org/smime-pgpmime.html http://www.imc.org/smime-pgpmime.html

19

20

21

Download ppt "and File Security With GnuPG Matt Brodeur"

Similar presentations

Cryptography Chapter 7 Part 4 Pages 833 to 874. PKI Public Key Infrastructure Framework for Public Key Cryptography and for Secret key exchange.

Cryptography Chapter 7 Part 4 Pages 833 to 874. PKI Public Key Infrastructure Framework for Public Key Cryptography and for Secret key exchange.
CIS 193A – Lesson6 CRYPTOGRAPHY RAPELCGRQ. CIS 193A – Lesson6 Focus Question Which cryptographic methods help computer users maintain confidentiality,

CIS 193A – Lesson6 CRYPTOGRAPHY RAPELCGRQ. CIS 193A – Lesson6 Focus Question Which cryptographic methods help computer users maintain confidentiality,
Public Key Cryptography and GnuPG CPT 555 Network Security.

Public Key Cryptography and GnuPG CPT 555 Network Security.
PGP Overview 2004/11/30 Information-Center meeting peterkim.

PGP Overview 2004/11/30 Information-Center meeting peterkim.
Lecture 5: Email security: PGP Anish Arora CSE 5473 Introduction to Network Security.

Lecture 5: security: PGP Anish Arora CSE 5473 Introduction to Network Security.
Lecture 5: Email security: PGP Anish Arora CIS694K Introduction to Network Security.

Lecture 5: security: PGP Anish Arora CIS694K Introduction to Network Security.
Public Key Infrastructure (PKI) Providing secure communications and authentication over an open network.

Public Key Infrastructure (PKI) Providing secure communications and authentication over an open network.
CS470, A.SelcukE-mail Security1 CS 470 Introduction to Applied Cryptography Instructor: Ali Aydin Selcuk.

CS470, A.Selcuk Security1 CS 470 Introduction to Applied Cryptography Instructor: Ali Aydin Selcuk.
Henric Johnson1 Electronic mail security Henric Johnson Blekinge Institute of Technology, Sweden

Henric Johnson1 Electronic mail security Henric Johnson Blekinge Institute of Technology, Sweden
Digital Signature Xiaoyan Guo/102587 Xiaohang Luo/104446.

Digital Signature Xiaoyan Guo/ Xiaohang Luo/
SMUCSE 5349/49 Email Security. SMUCSE 5349/7349 Threats Threats to the security of e-mail itself –Loss of confidentiality E-mails are sent in clear over.

SMUCSE 5349/49 Security. SMUCSE 5349/7349 Threats Threats to the security of itself –Loss of confidentiality s are sent in clear over.
Masud Hasan 03-60-475 Secure Email Project 1. Secure Email It uses Digital Certificate combined with S/MIME capable email clients to digitally sign and.

Masud Hasan Secure Project 1. Secure It uses Digital Certificate combined with S/MIME capable clients to digitally sign and.
Electronic Mail Security

Electronic Mail Security
Secure e-mail r How do you do it? m Need to worry about sniffing, modifying, end- user masquerading, replaying. m If sender and receiver have shared secret.

Secure r How do you do it? m Need to worry about sniffing, modifying, end- user masquerading, replaying. m If sender and receiver have shared secret.
16.1 Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction or display. Chapter 16 Security at the Application Layer: PGP and.

16.1 Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction or display. Chapter 16 Security at the Application Layer: PGP and.
Chapter 9: Using and Managing Keys Security+ Guide to Network Security Fundamentals Second Edition.

Chapter 9: Using and Managing Keys Security+ Guide to Network Security Fundamentals Second Edition.
Chapter 6 Electronic Mail Security MSc. NGUYEN CAO DAT Dr. TRAN VAN HOAI 1.

Chapter 6 Electronic Mail Security MSc. NGUYEN CAO DAT Dr. TRAN VAN HOAI 1.
Certificate-Based Operations. Module Objectives By the end of this module participants will be able to: Define how cryptography is used to secure information.

Certificate-Based Operations. Module Objectives By the end of this module participants will be able to: Define how cryptography is used to secure information.
Cryptography and Network Security (CS435) Part Twelve (Electronic Mail Security)

Cryptography and Network Security (CS435) Part Twelve (Electronic Mail Security)
1 Electronic Mail Security Outline Pretty good privacy S/MIME Based on slides by Dr. Lawrie Brown of the Australian Defence Force Academy, University College,

1 Electronic Mail Security Outline Pretty good privacy S/MIME Based on slides by Dr. Lawrie Brown of the Australian Defence Force Academy, University College,

Similar presentations

Ads by Google