1. MWF after class; email or call for office visit
ECE-6612
Prof. John A. Copeland
fax
Office: Klaus 3362
MWF after class; or call for office visit
Chapter 5a - Pretty Good Privacy (PGP)
(aka GPG or GnuPG - Gnu Privacy Guard)

2. Electronic Mail In 1982, ARPANET email proposals were published as RFC
821 ( and RFC 822 •
services since are based on these RFC's (+ many later) •
CCITT X.400 & ISO MOTIS grew and waned as competitors •
"User Agents" UA, and "Message Transfer Agents" MTA
Three parts to an message: •
Envelope - information used to forward the contents •
Header - standard strings, some added in route.
>
To: Cc: Bcc: From: Sender:
>
Received: (added in route), Return-Path: (by final MTA)
>
MIME headers added by RFC 1341 and 1521
>
A. S. Tanenbaum, "Computer Networks," (3rd ed.) p.651 2

3. MIME Headers Multipurpose Internet Mail Extensions (MIME)
RFC 1341 and RFC 1521 •
MIME -Version:
version number •
Content-Description:
human-readable string •
Content-ID:
unique identifier •
Content-Transfer-Encoding:
body encoding
>
ASCII (Plain, quoted-printable, or Richtext)
>
Binary (base64) •
Content-Type:
nature of the message
>
Image (gif, jpeg), Video (mpeg),
>
Application (Postscript, octet-stream)
>
A.S.Tanenbaum, "Computer Networks," (3rd ed.) p.653 3

4. The last “Received:” line identifies the sender’s IP*
Received: from didier.ee.gatech.edu (didier.ee.gatech.edu
[ ]) by eagle.gcatt.gatech.edu (8.8.8+Sun/8.7.1) with
ESMTP id UAA00818 for Fri, 30 Jul
:00: (EDT)
Received: from bwnewsletter.com (gw2.mcgraw-hill.com [ ])
by didier.ee.gatech.edu (8.9.0/8.9.0) with ESMTP id UAA16500
for
ece.gatech.edu
>; Fri, 30 Jul :00: (EDT)
The last “Received:” line identifies the sender’s IP*
Received: from NOP ( ) by bwnewsletter.com with SMTP
(Eudora Internet Mail Server 2.1); Fri, 30 Jul :24:
Message-Id:
X-Sender: (Unverified)
X-Mailer: Windows Eudora Light Version (32)
*Gmail and Yahoo now hide this information on from a customer
Mime-Version: 1.0
Date: Fri, 30 Jul :21:
To: (note: I was on a Bcc: list)
From: BW Online
Subject: BUSINESS WEEK ONLINE INSIDER -- July 30
Content-Type: text/plain; charset="us-ascii"
Content-Length: 7694 4

5. $ nslookup -q=MX ee.gatech.edu (nslookup -> host)
ee.gatech.edu preference = 10,
mail exchanger = mail.ee.gatech.edu
ee.gatech.edu nameserver = eeserv.ee.gatech.edu
ee.gatech.edu nameserver = duchess.ee.gatech.edu
ee.gatech.edu nameserver = didier.ee.gatech.edu
mail.ee.gatech.edu internet address =
eeserv.ee.gatech.edu internet address =
duchess.ee.gatech.edu internet address =
didier.ee.gatech.edu internet address = 5

6. $ nslookup -q=mx mcgraw-hill.com
Non-authoritative answer:
mcgraw-hill.com preference = 20, mail exchanger =
interlock.mgh.com
Authoritative answers can be found from:
mcgraw-hill.com nameserver = NS-01A.ANS.NET
mcgraw-hill.com nameserver = NS-01B.ANS.NET
mcgraw-hill.com nameserver = NS-02A.ANS.NET
mcgraw-hill.com nameserver = NS-02B.ANS.NET
NS-01A.ANS.NET internet address =
NS-01B.ANS.NET internet address =
NS-02A.ANS.NET internet address =
NS-02B.ANS.NET internet address = 6

7. $ nslookup 198.45.19.20 [can also use “host” or “dig”]
Name: gw2.mcgraw-hill.com
Address:
$ nslookup
*** can't find : Non-existent host/domain
$ traceroute [on MS Windows, open DOS, type “tracert”]
( ): 17ms
2 stn-mtn-rtrb.atl.mediaone.net. ( ): 18ms
( ): 20ms
( ): 17ms
( ): 25ms
6 sgarden-sa-gsr.carolina.rr.com. ( ): 26ms
7 roc-gsr-greensboro-gsr.carolina. ( ): 29ms
( ): 38ms
9 sjbrt01-vnbrt01.rr.com ( ): 41ms
10 pnbrt01-vnbrt01.rr.com ( ): 42ms
11 p217.t3.ans.net ( ): 51ms
12 h13-1.t32-0.new-york.t3.ans.net. ( ): 49ms
13 f0-0.cnss33.new-york.t3.ans.net. ( ): 53ms
14 s0.enss3339.t3.ans.net ( ): 61ms
* * *
* * * 7

8. OrgName: McGraw Hill, Inc OrgID: MCGRAW
$ whois
OrgName: McGraw Hill, Inc
OrgID: MCGRAW
Address: Princeton Htstown Rd
City: Hightstown
StateProv: NJ
PostalCode: 08520
Country: US
NetRange:
CIDR: /16
NetName: MHP-NET
NameServer: AUTH111.NS.UU.NET
NameServer: AUTH120.NS.UU.NET
Comment:
RegDate:
Updated:
RTechHandle: MW1053-ARIN
RTechName: Weyman, Mike
RTechPhone:
RTech
RTechHandle: JGE8-ARIN
RTechName: Gervasio, John
RTechPhone:
RTech
OrgTechHandle: HOSTM339-ARIN
OrgTechName: hostmaster
OrgTechPhone:
OrgTech
# ARIN WHOIS database, last updated :10
# Enter ? for additional hints on searching ARIN's WHOIS database. 8

9. Proof of delivery - was received (and read) by addressee (Web Bug)
Security Services for
Privacy - only read by intended recipient
(confidentiality, access, authorization)
Authentication - confidence in ID of sender
Non-repudiation - proof that sender sent it (attribution)
Integrity - assurance of no data alteration
Less Common:
Proof of submission - was sent to server
Proof of delivery - was received (and read) by addressee (Web Bug) 9

10. Investigating Email You Receive
Look at “Raw” or “Source” Message to see:
Headers
HTML Links
Investigate
Source (who sent it) -
“Lowest Received:” header
Active Links in
<a href= “ or URL}”>, {text} </a>
Image Links in
<img src=“{URL or filename}” </img>
Programs to Use
nslookup - IP from URL, or URL from IP
whois - Register of domain (not URL)
traceroute - path of packets through routers 10

11. Privacy Establishing Keys Multiple Recipients Authentication of Source•
Public Key Certification •
Exchange Public Keys
Multiple Recipients •
Encrypt message m with session key, S •
Encrypt S with each recipient's key •
Send: {S; Kbob}, {S; Kann}, ... , {m; S}
Authentication of Source •
Hash (MD4, MD5, SHA1) of message, encrypt with
private key (provides ciphertext/plaintext pair) •
Secret Key K: MIC is hash of K+m, or CBC residue
with K (assuming message not encrypted with K). 11

12. Message Integrity Non-repudiation Proof of Delivery
The source authentication methods that
include a hash of the message provide MIC
Non-repudiation
Private-key signing provides non-repudiation.
Secret-key method requires a "Notary" to
"Sign" a time-stamp + hash of the message
Proof of Delivery
Acknowledge before reading - can't prove m was read.
Acknowledge after - may have read without signing. 12

13. Names and Addresses X.500 Name (ISO standard) Internet Name•
?/C=US/O=CIA/OU=drugs/PN='Manny Norriega'
Internet Name • or •
<user account <DNS host name or alias> •
using the alias "mail" lets mail server program be
moved from one host to another •
in gatech.edu domain, "mail" is an alias for
"vip1.ecc".
Old message - later Non-reputiation •
Need Notary to sign hash of message, Certificate
used to authenticate Public Key, and current CRL 13

14. Sign (optional) PGP Email: before Encryption (also optional) 14
From "PGP Freeware for MacOS, User's Guide" Version 6.5, Network Associates, Inc., 14

15. How PGP Encryption Works
with signature
attached if
there is one
How PGP Encryption Works
R64 Encoding
From "PGP Freeware for MacOS, User's Guide" Version 6.5, Network Associates, Inc., 15

16. 2. Encrypt with Session Key 3. Encode to text with R64
PGP Format
Sender
Public key
Private key
1. ZIP Compress
2. Encrypt with Session Key
3. Encode to text with R64 16

17. Typed Passphrase PGP Email Receiver
Private Key Ring
Public Key Ring
H - Hash
DC - Symmetric
Decryption
DP - Pub./Priv.
Receiver’s
Private Key
Sender’s
Public Key
Session Key
Check Signature
Message
ZIP Decompress
R64 Decode to binary
p ed.3 17

18. R64 Encode: Every 3 bytes split into 4 6-bit numbers
n = 0 to 63 *
printable characters a-z A-Z /
in a received message, “=“, “>”, CR, LF, ... are ignored
* for most 6-bit inputs, R64(n) just adds 64 (puts an “01” in front) 18

19. ASCII Characters used for R64 Encoding
= used to pad 19

20. To: ”Jim Jones" <jim_jones@hotmail.com>
From: John Copeland
Subject: ECE8813 : PGP Endeavor...
Cc:
Bcc:
X-Attachments:
-----BEGIN PGP MESSAGE (both 5 –’s required)
Version: PGPfreeware for non-commercial <
(blank line required)
qANQR1DBwU4D6cjDU+QAxCwQB/9IZFOIuDSIIQbwa28SQ63DDioFb4bH4bmKfopX
cvdDVQ1X53fSJzyLt12RslfQToje8YxRNidYMNg1zDTT7CR9q7LRFoAwBFVtQhWJ
jFNXn1+aE8oePReMi6vS0DXSSDfgDuUb1R+c8htHoeik6Oebe9R90J3d51yyCojV
AHT01kWlpvJIZGKyT3PdCh9wlr1hQsUGto10t32fBGsJCXew/EClb554AnyYSzP8
KAjuw1NdKOBlze0DCiO6Z5z+DAxAwlqTxcm42tthF5zFbTk4UKV6ORzIuHmRO7xR
5Io5nlM7T11PDaWqsjLr2ttrSySzARt5fAJ9l1mOH+hSl1YebRjZPaxWw+bsYuqN
a0GYr2UdwgE1u5HQuhZ+bOIbSliShfKiNuDGHe6VJrchROHnC9Po2JWAOD7wMFq6
STZ/MPGzViaCUaaWPLSKleiURUh4Ly5/LaNYkaumO9vh+241FPqtZKqRVmHRg6dY
UdgoI3yfc3JrvepFQT1yeRjEVrLQiUtyhcwdVoLjofgerGAfe3YuDCxM6wLIuCf7
Ro9edu01qTiXJj25cXHxeNMdA1txLxR3ontbExow+ML5kxs=
=68Hd
-----END PGP MESSAGE (both 5 –’s required)
Radix-64 encoding of a binary (all 8-bit bytes) message 6-bits at a time into 64 printable ASCII characters (A-Z, a-z , 0-9, +, / bytes 65-90, , 48-57, 47, 43) pad with =. 20

21. 21

22. Public Key Information - PGP Commercial22

23. Privacy Enhanced Mail, another standard
PGP Certificates
Anyone can issue a Certificate to anyone, including themselves. Certificates can be revoked by the issuer, if a Certificate-Server is used that has a Revocation Database.
Privacy Enhanced Mail, another standard
Where PEM expands data into canonical form, •
(+33% for text, +78% after encryption & R64)
PGP compresses data using ZIP(-50%),
encrypts (optional), then converts to
R64 encoding (+33%) 23

24. Things of which to be aware
• Neither PEM nor PGP encodes mail headers
• Subject can give away useful info
•To and From give an intruder traffic analysis info
• PGP gives recipient the original file name and modification date.
• PEM may be used in a local system with unknown trustworthiness of certificates
• Certificates often verify that sender is "John Smith" but he may not be the "John Smith” you think. Anyone can copy pictures from the Web.
• Public PGP Key servers allow anyone to send you PGP encrypted mail, but their signature is easily forged. They can give your name & mail address to spammers. Avoid them. Get PGP keys directly from owners. 24

25. GPGTools Email Program http://www.gnupg.org/ https://www.gpgtools.org
Includes binaries for GnuPG.
GPGTools
Program
thunderbird/addon/enigmail/
(Extension for Thunderbird, NOT recommended) 25

26. -------------------------------------------------------------------
Using GnuPG (PGP)
2016: GnuPG has good GUI interfaces for Thunderbird, Apple "Mail", and probably MS Outlook.
Install GPGTools : now you have the command line programs available to generate keys, maintain key-chain files, convert text files (.asc) into encrypted and/or signed ciphertext files (.pgp). The .pgp files can be ed as attachments or, if the are “armored” (R64 encoded,) they can be pasted into the body of an message.
Install Thunderbird program. Under the “Tools” menu, select “Add-ons”. In the box at upper right that says “Search all add-ons”, type “Enigmail”. If found, install it; otherwise download the .xpi file from the link on previous slide, and then try again. Once installed you will see in the top Thunderbird menu “OpenPGP” next to “Tools” 26

27. Using Thunderbird with GnuPG
Read: (link) for critical stuff like this:
“You need (to send PGP mail):
> a secret key matching the mail address you want to write from (see Mail.app >Settings > Accounts)
> the public key of the recipient
> recipients and senders mail address have to perfectly match the mail addresses (as IDs) in the keys being used.
2016 ???: For the Encrypt button to become available, you need to enter the recipients mail address - only then will that button be enabled (and only if you have the matching Public Key).” 27

28. Configuring Thunderbird for GT Mail
Top Menu: File / New / Existing Mail Account ...
Type in your User Name and password. Thunderbird will try to set up the configuration automatically, and fail. Then you can input the following information:
User Name: (your GT id – primary mail name)
Receiving Mail
Server Protocol: imap (or pop – if you want to download mail)
Server Name: imap.mail.gatech.edu (or pop.mail.gatech.edu)
Server Port: 995
Security: SSL/TLS
Authentication: Normal Password
Sending Mail
Server Protocol: smtp
Server Name: smtp.mail.gatech.edu
Server Port: 465 28

29. A PGP Email or .asc File Looks Like This:
Syntax
Start
Comments “
1 Blank Line
R64 <=78 char. ‘
“ (pad =‘s)
= Checksum
Stop
-----BEGIN PGP MESSAGE-----
Version:
Comment: Do not worry about "UNTRUSTED Good Signature"
qANQR1DBwEwD7GfrZjlPkZ0BB/9YW6/cTpNVkwdyuTmlo/fcTB0lIjy6C4LnUtx2
10BwJCwdcFHcIkS9Iw0+/9wKNafArxciCwpSM2BBYePksl2JQUf7in8MILirKtd6
Foy9yEJmtD5JzaVDF1tYElT9ntzNk2jvcengkD/PhkmEaT+VIY1Cw5Bf5HP6OPOE
J4RqTRjaGjkGrmcP3zywjESzfk0iN2z2mtsDHufFqJ0hvQAusAZ2c5GjK9jUsvHy
8gzBW9aFlINHpWL90G3XGtaKfudM9QGTjXIs99Pfdj08jUd/xSn+FsDW6ulhlluW
pCwohtN06qN6VvI2vbC3eGV5RCd+5b6iR3O26hY/NOssjI5jwcBOA72/fxTdBTHg
EAP8DJVFBQzRjn2RBWr7Bo+zV3DlHXMr9kU02szQ+h4WNU7ffEakhlnwDoqnHvh3
QfH/8G7heOlGjM3hITZj8rw66OQ/s4o/8o7N1wERhJYc4/oWOmAopyy8jIliB9AK
n90fKWbfrTUrShF1qJdQuLMV0E30lHsKDKDyZ9vhklt2D20D/3Yl0zRlEk4w5x9c
i3mZC2XpKsgmttRABg65R1E4tQqPNiQTuL3YrpQfgLT9rMpW5UmyppSuZvD9CpsW
IG7I8MT33eY5Eh4twTdErvpXN+uUWDadiPb6J8ifpBfzhuzWhiom7KAI3+4y6OX5
sYyyZHtqxNxg6ziZ76B/H+/vaegD0sBrATEJtdnDAipPogZYAzwuQ8PCO985wHuu
2aFbPaVqLPMWwwFck3bvV46E49RWIPgkJmpMiimaG236HdQbF4nhZgUjfggGE3cm
qP9eChxuV8kyZLIgkh1CaKP/XQSZlpl2js+D0M1Mq6ef4BZ3BNW+TPLjYNGM1Yt/
+0NlLn+AxUvZmVNJvuxdeNKIn7jkpK5w466wRaiffujLzwJdzwISIofm7oEp88dP
A9udzotKGM+FOHi3tHwPiox+l/PdMv34AlMPY2c2qDEcwBSKAYR8ASBM/nulY6bK
wZwbYGlSdxT/FTDb9i32+WuUU7HeUPZvFizUIPwFzPeI8RlkaLdhsElmbPuGar5l
C7PMoOHuCnnSB4DdgUEqM5ScJRI6ToGDAjh3XZ9BRwfD0O8=
=auCB
-----END PGP MESSAGE-----
DO NOT LET YOUR PROGRAM REFORMAT THIS AS RTF OR HTML. 29