Presentation is loading. Please wait.

Presentation is loading. Please wait.

The OpenPGP Standard Jonathan Callas Senior Security Consultant Kroll-O’Gara ISG.

Published byVirgil Gaines Modified over 9 years ago

Similar presentations

Presentation on theme: "The OpenPGP Standard Jonathan Callas Senior Security Consultant Kroll-O’Gara ISG."— Presentation transcript:

1 The OpenPGP Standard Jonathan Callas Senior Security Consultant Kroll-O’Gara ISG

2 Outline PGP History The OpenPGP Standard OpenPGP’s relationship to other Relevant Standards The Future Note: “PGP” and “Pretty Good Privacy” are trademarks of Network Associates, Inc.

3 PGP History Early History –PGP 1.0 created in 1991 –PGP 2.0 introduced original cipher suite (RSA, IDEA, MD5) –PGP 2.6 created in 1994

4 PGP History Later History –PGP 3 started in 1994-5 –PGP Inc. Formed by PRZ after customs investigation dropped, 1996 –PGP 3 released as PGP 5.0 in May 1997

5 PGP History PGP 5.0 –New Algorithms DSS signatures Elgamal public-key encryption SHA-1 hashes CAST5 (CAST-128), TripleDES symmetric encryption

6 PGP History PGP 5.0 –New signature formats –New certificate structure Dual-key structure Architecture for N-key structure

7 PGP History OpenPGP –Started in the IETF in September 1997 –Starts with PGP 5 as a base –Encourages but does not require compatibility with PGP 2.6 –Unencumbered architecture

8 PGP History OpenPGP –Promoted to Proposed Standard in October 1998 –RFC 2440 –Implementations include Network Associates PGP Tom Zerucha reference implementation GNU Privacy Guard

9 OpenPGP Message Format Encrypted Session Key (one per “recipient”) Encrypted Data Signature (Optional) Compressed Data Literal Data

10 OpenPGP Message Format (2) Encrypted Session Key (one per “recipient”) Encrypted Data Signature (Optional) Compressed Data Literal Data

11 OpenPGP Message Format (3) Encrypted Session Key (one per “recipient”) Encrypted Data Signature (Optional) Compressed Data Literal Data

12 OpenPGP Certificates key User ID Signature Certification Signature Certificate

13 OpenPGP Dual Key Cert Signing Key (Typically DSS) Encryption Key (Typically Elgamal) Binding signature

14 OpenPGP Dual Key Cert (2) Signing Key (Typically DSS) Encryption Key (Typically Elgamal) Binding signature

15 OpenPGP Dual Key Cert (3) Signing Key (Typically DSS) Encryption Key (Typically Elgamal) Binding signature Encryption Key (Typically Elgamal) Binding signature

16 OpenPGP Dual Key Cert (4) Signing Key (Typically DSS) Encryption Key (Elgamal) Binding signature Signing Key (RSA) Binding signature Encryption Key (EC, lives on Smart card) Binding signature

17 OpenPGP Trust Model OpenPGP doesn’t have a trust model OpenPGP can use any trust model OpenPGP can support –Direct Trust –Hierarchical Trust –Cumulative Trust

18 Trust Models Direct Trust –I trust your cert because you gave it to me –Very secure trust model (do you trust yourself) –Scales least well –Used in OpenPGP, S/MIME, IPsec, TLS/SSL, etc.

19 Trust Models Hierarchical Trust –I trust your cert because its issuer has a cert issued by someone … whom I trust –Least secure trust model Damage spreads through tree Recovery is difficult

20 Hierarchical Trust (continued) –Best scaling, mimics organizations –Used in OpenPGP, S/MIME, IPsec, TLS/SSL, etc. Trust Models

21 Cumulative Trust (a.k.a. Web of Trust) –I trust your cert because some collection of people whom I trust issued certifications –Potentially more secure than direct trust –Scales almost as well as HT for intra- organization

22 Trust Models Cumulative Trust –Handles inter-organization problems Company A issues only to full-time employees Company B issues to contractors and temps A and B’s management issue edict for cross certification –Addresses “two id” problem How do you know John Smith(1) is John Smith(2)?

23 Other Relevant Standards So What? Why Bother? Myths about OpenPGP

24 So What? X.509 is everywhere –OpenPGP is small (code and data) Zerucha imp. is 5000 lines of C (sans crypto) –Suitable for embedded & end-user applications Used by banks, etc. transparently –It’s Flexible and Small! –It actually works

25 Why Bother? S/MIME will take over –PGP has years of deployment 90%? Traffic is some PGP. –PGP is only strong crypto S/MIME 3 is much better Outside the US, there is distrust Can you see the source? –Cisco: Secure email is PGP’s to lose

26 Myths It’s email only –It’s for any “object” It requires the web of trust –Can use any trust model –Businesses use PGP with hierarchies today It’s proprietary –IETF Standard

27 Present Into The Future Ultimately, data formats are less important than you’d think On desktops, size matters less –But small systems will be with us always Description of the OpenPGP philosophy –PGP implemented in X.509 –Certification Process

28 OpenPGP Philosophy Everyone is potentially a CA –This is going to happen whether you like or not. Everyone has different policies –Wait until you do inter-business PKI One size will not fit all –Validity is in the eye of the beholder –Trust comes from below

29 Potential PGP/X.509 merger Ideas of PGP Syntax of X.509 Disclaimer –This doesn’t exist –It’s all still experimental

30 X.509 Certificate User Information (DN & Stuff) Public Key Signature binds Key and Information

31 PGP in X.509 Drag Key 1 User 1 Signature 1 Key 1 User 1 Signature 2 Key 1 User 2 Signature 3

32 PGP Certification Process User PGP Certificate Server Pending Area PGP CA PGP Cert

33 PGP Certification Process User PGP Certificate Server Pending Area PGP CA PGP Cert

34 PGP Certification Process User PGP Certificate Server Pending Area PGP CA PGP Cert

35 PGP Certification Process User PGP Certificate Server Pending Area PGP CA PGP Cert

36 PGP Certification Process User PGP Certificate Server Pending Area PGP CA PGP Cert

37 X.509 Certification Process User CA Server CA PKCS10 Cert Request

38 X.509 Certification Process User CA Server CA PKCS10 Cert Request

39 X.509 Certification Process User CA Server CA PKCS10 Cert Request X.509 Certificate

40 X.509 Certification Process User CA Server CA X.509 Certificate

41 Certifying PGP with X.509 CA User CA Server CA PKCS10 Cert Request PGP Cert X.509 Certificate Key

42 Starting a PGP cert from X.509 User PGP Cert X.509 Certificate Key

43 Summary OpenPGP is an IETF standard –Certificates –“Objects” It’s lightweight and flexible Interesting work is being done for the future

Download ppt "The OpenPGP Standard Jonathan Callas Senior Security Consultant Kroll-O’Gara ISG."

Similar presentations

Spring 2012: CS419 Computer Security Vinod Ganapathy SSL, etc.

Spring 2012: CS419 Computer Security Vinod Ganapathy SSL, etc.
Email Security 1. email is one of the most widely used and regarded network services currently message contents are not secure may be inspected either.

Security 1. is one of the most widely used and regarded network services currently message contents are not secure may be inspected either.
1 Pertemuan 12 Authentication, Encryption, Digital Payments, and Digital Money Matakuliah: M0284/Teknologi & Infrastruktur E-Business Tahun: 2005 Versi:

1 Pertemuan 12 Authentication, Encryption, Digital Payments, and Digital Money Matakuliah: M0284/Teknologi & Infrastruktur E-Business Tahun: 2005 Versi:
Authentication Cristian Solano. Cryptography is the science of using mathematics to encrypt and decrypt data. Public Key Cryptography –Problems with key.

Authentication Cristian Solano. Cryptography is the science of using mathematics to encrypt and decrypt data. Public Key Cryptography –Problems with key.
Pretty Good Privacy (PGP). How PGP works PGP uses both public-key cryptography and symmetric key cryptography, and includes a system which binds the public.

Pretty Good Privacy (PGP). How PGP works PGP uses both public-key cryptography and symmetric key cryptography, and includes a system which binds the public.
Lecture 5: Email security: PGP Anish Arora CSE 5473 Introduction to Network Security.

Lecture 5: security: PGP Anish Arora CSE 5473 Introduction to Network Security.
Lecture 5: Email security: PGP Anish Arora CIS694K Introduction to Network Security.

Lecture 5: security: PGP Anish Arora CIS694K Introduction to Network Security.
Cryptography and Network Security Third Edition by William Stallings Lecture slides by Lawrie Brown.

Cryptography and Network Security Third Edition by William Stallings Lecture slides by Lawrie Brown.
CS470, A.SelcukE-mail Security1 CS 470 Introduction to Applied Cryptography Instructor: Ali Aydin Selcuk.

CS470, A.Selcuk Security1 CS 470 Introduction to Applied Cryptography Instructor: Ali Aydin Selcuk.
16.1 © 2004 Pearson Education, Inc. Exam 70-294 Planning, Implementing, and Maintaining a Microsoft® Windows® Server 2003 Active Directory Infrastructure.

16.1 © 2004 Pearson Education, Inc. Exam Planning, Implementing, and Maintaining a Microsoft® Windows® Server 2003 Active Directory Infrastructure.
Chapter 9: Using and Managing Keys Security+ Guide to Network Security Fundamentals Second Edition.

Chapter 9: Using and Managing Keys Security+ Guide to Network Security Fundamentals Second Edition.
1 Pertemuan 12 E-mail Security Matakuliah: H0242 / Keamanan Jaringan Tahun: 2006 Versi: 1.

1 Pertemuan 12 Security Matakuliah: H0242 / Keamanan Jaringan Tahun: 2006 Versi: 1.
NS-H0503-02/11041 E-mail Security. NS-H0503-02/11042 Email Security email is one of the most widely used and regarded network services currently message.

NS-H / Security. NS-H / Security is one of the most widely used and regarded network services currently message.
Electronic mail security -- Pretty Good Privacy.

Electronic mail security -- Pretty Good Privacy.
Lecture 12 e-mail Security. Summary  PEM  secure email  PGP  S/MIME.

Lecture 12 Security. Summary  PEM  secure  PGP  S/MIME.
Cryptography and Network Security Chapter 15 Fourth Edition by William Stallings Lecture slides by Lawrie Brown.

Cryptography and Network Security Chapter 15 Fourth Edition by William Stallings Lecture slides by Lawrie Brown.
Chapter 8 Web Security.

Chapter 8 Web Security.
Electronic Mail Security. Authentication and confidentiality problems Two systems: - PGP (Pretty Good Privacy) - S/MIME (Science Multipurpose Internet.

Electronic Mail Security. Authentication and confidentiality problems Two systems: - PGP (Pretty Good Privacy) - S/MIME (Science Multipurpose Internet.
Lecture 9: Email Security via PGP CS 436/636/736 Spring 2012 Nitesh Saxena.

Lecture 9: Security via PGP CS 436/636/736 Spring 2012 Nitesh Saxena.
SMUCSE 5349/49 Email Security. SMUCSE 5349/7349 Threats Threats to the security of e-mail itself –Loss of confidentiality E-mails are sent in clear over.

SMUCSE 5349/49 Security. SMUCSE 5349/7349 Threats Threats to the security of itself –Loss of confidentiality s are sent in clear over.

Similar presentations

Ads by Google