Presentation is loading. Please wait.

Presentation is loading. Please wait.

Key management issues in PGP

Published byJob Poole Modified over 7 years ago

Similar presentations

Presentation on theme: "Key management issues in PGP"— Presentation transcript:

1 Key management issues in PGP
Logan Wang Key management issues in PGP

2 Public Key Cryptography
Is an encryption scheme that uses two keys Can provide confidentiality, authentication, integrity and non- repudiation Allows for more than just encryption/decryption Digital signatures Message integrity Key exchange

3 Key management system Manages public keys that have been collected
Verifies the private key is legitimate The way in which this is done is where PGP and PKI are different

4 PKI (Public Key Infrastructure)
Usually Hierarchical model Certificates are public keys that have been signed by another entity CA (Certification Authority) issues certificates Root CA – self signed certificate CRL – Certificate revocation list X.509 certificate (not a complete list) Subject and subject key Issuer Validity period Certificate signature

5 PKI Hierarchical system, relies on trustworthy CA

6 PGP (Pretty Good Privacy)
Created by Phil Zimmermann and released on the internet in 1991 Provides cryptographic protection of files and PGP is now commercial, but there is free versions for non- commercial use OpenPGP is a set of standards which describes the formats for encrypted messages, keys, and digital signatures. GPG (GNU Privacy Guard) – open-source implementation of the standards set by OpenPGP, is the usual implementation found on Linux systems.

7 PGP – Key management Supports the Web Of Trust model
PGP software will generate keys for the user and help user manage them A PGP Key consists of: Owner’s name the numerical value of the key what the key is to be used for (e.g., for signing; for encryption) the algorithm the key is to be used with, e.g. El Gamal; RSA; DSA an expiration date

8 PGP – Key management Need to store lots of keys
Own private key (stored encrypted) Own public key and public keys of others (stored in the open) PGP software stores them in a file, called “keyring” Keyring also stores certificates of other people which have been signed by the user A public key stored in the user’s public keyring will have: PGP key information The trust, assigned by the user: Full trust Marginal trust Untrusted Unknown Zero or more signatures

9 PGP – Web of trust Community based trust model that entirely rely on its users Everybody is a CA, every user can sign certificates The idea of Web of trust is that you verify someone’s identity and decide to trust in them to trust people for you Public key sharing done: Physically Key servers or friends

10 Web of trust Sources for images: – graphed with sig2dot

11 Web of trust William Stallings, Cryptography and Network Security, Principles and Practice,  Prentice Hall, 1999.

12 PGP - revocation To revoke a certificate:
User needs to generate the revocation information when they create the key If key is lost, it’s impossible to generate the revocation information Only user can revoke certificate Telling everyone about the revocation: Need to publish at all locations where the public key was provided Hard to know who has it

13 PGP Key management issues
Lack of standards for identification verification Allows each person control Revocation notification Need to maintain keys, web of trust, and to configure mail client Can be tricked into receiving illegitimate keys Quite complicated for the average user Can be difficult for a new certificate to get in

14 Key signing party

15 PGP VS PKI Quick, easy to set up
Does not require entire infrastructure Good for informal groups Certificate has multiple levels of trust Revocation is harder Lack of standards Distribute to a large amount of users More control over subordinates Certificate is either trusted or not trusted Revocation is easier Clear standards

16 PGP – secrecy issues No forward secrecy
Forward secrecy means that encrypted communications and sessions recorded in the past cannot be retrieved and decrypted, if the secret key or password is compromised in the future Example: Alice and Bob establish communication, Eve is listening and stores all encrypted messages. Sometime later, Eve is able to obtain Bob’s private key. Eve can now read all of Bob’s past s. Additionally Eve has evidence in the form of a cryptographic digital signature that Alice was the one who sent the messages. Not very private

17 Alternatives Signal It uses the Internet to send one-to-one and group messages, which can include images and video messages, and make one-to-one voice and video calls. Signal uses standard cellular mobile numbers as identifiers, and uses end-to-end encryption to secure all communications to other Signal users. The applications include mechanisms by which users can independently verify the identity of their messaging correspondents and the integrity of the data channel. BUT it’s not

18 Solution Is there a need for one? Secrecy is important but…
PGP is reliable old technology that provides adequate encryption to those who need it No new technology for has been developed and if that technology was to be developed can it be trusted and deployed

19 Questions?

Download ppt "Key management issues in PGP"

Similar presentations

Chapter 14 – Authentication Applications

Chapter 14 – Authentication Applications
Authentication Applications. will consider authentication functions will consider authentication functions developed to support application-level authentication.

Authentication Applications. will consider authentication functions will consider authentication functions developed to support application-level authentication.
Key Management. Shared Key Exchange Problem How do Alice and Bob exchange a shared secret? Offline – Doesnt scale Using public key cryptography (possible)

Key Management. Shared Key Exchange Problem How do Alice and Bob exchange a shared secret? Offline – Doesnt scale Using public key cryptography (possible)
Public Key Infrastructure A Quick Look Inside PKI Technology Investigation Center 3/27/2002.

Public Key Infrastructure A Quick Look Inside PKI Technology Investigation Center 3/27/2002.
Public Key Infrastructure Alex Bardas. What is Cryptography ? Cryptography is a mathematical method of protecting information –Cryptography is part of,

Public Key Infrastructure Alex Bardas. What is Cryptography ? Cryptography is a mathematical method of protecting information –Cryptography is part of,
Cryptography and Network Security Third Edition by William Stallings Lecture slides by Lawrie Brown.

Cryptography and Network Security Third Edition by William Stallings Lecture slides by Lawrie Brown.
Cryptography Chapter 7 Part 4 Pages 833 to 874. PKI Public Key Infrastructure Framework for Public Key Cryptography and for Secret key exchange.

Cryptography Chapter 7 Part 4 Pages 833 to 874. PKI Public Key Infrastructure Framework for Public Key Cryptography and for Secret key exchange.
Cryptography and Network Security Third Edition by William Stallings Lecture slides by Lawrie Brown.

Cryptography and Network Security Third Edition by William Stallings Lecture slides by Lawrie Brown.
Information Security & Cryptographic Principles. Infosec and Cryptography Subjects / Topics : 1. Introduction to computer cryptography 1. Introduction.

Information Security & Cryptographic Principles. Infosec and Cryptography Subjects / Topics : 1. Introduction to computer cryptography 1. Introduction.
Chapter 14 From Cryptography and Network Security Fourth Edition written by William Stallings, and Lecture slides by Lawrie Brown, the Australian Defence.

Chapter 14 From Cryptography and Network Security Fourth Edition written by William Stallings, and Lecture slides by Lawrie Brown, the Australian Defence.
PGP Overview 2004/11/30 Information-Center meeting peterkim.

PGP Overview 2004/11/30 Information-Center meeting peterkim.
Authentication Cristian Solano. Cryptography is the science of using mathematics to encrypt and decrypt data. Public Key Cryptography –Problems with key.

Authentication Cristian Solano. Cryptography is the science of using mathematics to encrypt and decrypt data. Public Key Cryptography –Problems with key.
Public Key Infrastructure (PKI) Providing secure communications and authentication over an open network.

Public Key Infrastructure (PKI) Providing secure communications and authentication over an open network.
CSCI283 Fall 2005 GWU All slides from Bishop’s slide set Public Key Infrastructure (PKI)

CSCI283 Fall 2005 GWU All slides from Bishop’s slide set Public Key Infrastructure (PKI)
Security Overview Hofstra University University College for Continuing Education - Advanced Java Programming Lecturer: Engin Yalt May 24, 2006.

Security Overview Hofstra University University College for Continuing Education - Advanced Java Programming Lecturer: Engin Yalt May 24, 2006.
November 1, 2006Sarah Wahl / Graduate Student UCCS1 Public Key Infrastructure By Sarah Wahl.

November 1, 2006Sarah Wahl / Graduate Student UCCS1 Public Key Infrastructure By Sarah Wahl.
CS470, A.SelcukPKI1 Public Key Infrastructures CS 470 Introduction to Applied Cryptography Instructor: Ali Aydin Selcuk.

CS470, A.SelcukPKI1 Public Key Infrastructures CS 470 Introduction to Applied Cryptography Instructor: Ali Aydin Selcuk.
Digital Certificates With Chuck Easttom. Digital Signatures  Digital Signature is usually the encryption of a message or message digest with the sender's.

Digital Certificates With Chuck Easttom. Digital Signatures  Digital Signature is usually the encryption of a message or message digest with the sender's.
Cryptology Digital Signatures and Digital Certificates Prof. David Singer Dept. of Mathematics Case Western Reserve University.

Cryptology Digital Signatures and Digital Certificates Prof. David Singer Dept. of Mathematics Case Western Reserve University.
Secure e-mail r How do you do it? m Need to worry about sniffing, modifying, end- user masquerading, replaying. m If sender and receiver have shared secret.

Secure r How do you do it? m Need to worry about sniffing, modifying, end- user masquerading, replaying. m If sender and receiver have shared secret.

Similar presentations

Ads by Google