Presentation is loading. Please wait.

Presentation is loading. Please wait.

Electronic Commerce School of Library and Information Science Cryptography: Using PGP I. Generating and managing keys Signing keys Extracting and sending.

Published byBartholomew Parrish Modified over 9 years ago

Similar presentations

Presentation on theme: "Electronic Commerce School of Library and Information Science Cryptography: Using PGP I. Generating and managing keys Signing keys Extracting and sending."— Presentation transcript:

1 Electronic Commerce School of Library and Information Science Cryptography: Using PGP I. Generating and managing keys Signing keys Extracting and sending keys Adding and removing keys Listing and viewing keys Managing the web of trust II. Encrypting files Encrypting with signature III. Decrypting files IV. PGP options

2 Electronic Commerce School of Library and Information Science Cryptography: Using PGP I. Generating and managing keys Note: To use PGP on the Shakespeare systems, remember that you begin at the menu and then type: ! This will put you at in the UNIX shell

3 Electronic Commerce School of Library and Information Science Generating a Key 1. To create your PGP directory, at the UNIX prompt type: mkdir.pgp 2. To start up the PGP software, at the UNIX prompt, type: pgp -kg [Key generation] 3. Choose a key size. For faster operation, choose “ 1 ” (512 bits) For more secure operation, choose “ 3 ” (1024 bits)

4 Electronic Commerce School of Library and Information Science 4. Enter a user ID for your key: Firstname Lastname (You should use your name and username) 5. Your private key is encrypted so one else can use it Type in a passphrase that will be used to decrypt your password The passphrase can be as long as you want, and can include punctuation 6. The computer will generate some random number to use to create the keys Wait until the system responds that the keys have been generated

5 Electronic Commerce School of Library and Information Science You see: lear% mkdir pgp Type 'exit' to return to Pine. lear% pgp -kg Pretty Good Privacy(tm) 2.6.2 - Public-key encryption for the masses (c) 1990- 1994 Philip Zimmermann, Phil's Pretty Good Software. 11 Oct 94 Uses the RSAREF(tm) Toolkit, which is copyright RSA Data Security, Inc Distributed by the Massachusetts Institute of Technology. Export of this software may be restricted by the U.S. government. Current time: 2003/04/10 21:59 GMT I won ’ t repeat this again

6 Electronic Commerce School of Library and Information Science And: Pick your RSA key size: 1) 512 bits- Low commercial grade, fast but less secure 2) 768 bits- High commercial grade, medium speed, good security 3) 1024 bits- "Military" grade, slow, highest security Choose 1, 2, or 3, or enter desired number of bits: 1

7 Electronic Commerce School of Library and Information Science You see: Choose 1, 2, or 3, or enter desired number of bits: 1 Generating an RSA key with a 512-bit modulus. You need a user ID for your public key. The desired form for this user ID is your name, followed by your E-mail address enclosed in, if you have an E-mail address. For example: John Q. Smith Enter a user ID for your public key: Howard Rosenbaum

8 Electronic Commerce School of Library and Information Science You see: You need a pass phrase to protect your RSA secret key. Your pass phrase can be any sentence or phrase and may have many words, spaces, punctuation, or any other printable characters. Enter pass phrase: XXXXXXXXXXXX Enter same pass phrase again: XXXXXXXXXXXX Note that key generation is a lengthy process.

9 Electronic Commerce School of Library and Information Science Then you see: We need to generate 240 random bits. This is done by measuring the time intervals between your keystrokes. Please enter some random text on your keyboard until you hear the beep: 0 * -Enough, thank you.....****........**** Key generation completed.

10 Electronic Commerce School of Library and Information Science Key signing and the web of trust Levels of trust 1 = I don ’ t know: This means that you will be prompted to certify each new public key added which has this person ’ s signature 2 = No: PGP will ignore certification by this person on new public keys you add 3 = Usually: A key with signatures from two “ 3 ” people is accepted 4 = Always: the key is accepted without question

11 Electronic Commerce School of Library and Information Science To sign a key, you type pgp -ks userID [Key sign] Experts recommend that you sign your own public key because anyone can create keys with your userID, but only you can sign yours To do this, type: pgp -ks your_userID -u your_userID A self-signed key means that others know it belongs to you

12 Electronic Commerce School of Library and Information Science When you add a public key, you certify its validity by signing or “ certifying ” it This links the userID to the public key When you extract it and send it along, your signature goes with it People receiving the key look at your signature and use it to trust that the key belongs to who it is supposed to You can also manually sign keys

13 Electronic Commerce School of Library and Information Science You see: lear% pgp -ks Howard -u Howard Pretty Good Privacy(tm) 2.6.2...the U.S. government. Current time: 2003/04/10 14:29 GMT Looking for key for user 'Howard': Key for user ID: Howard Rosenbaum 512-bit key, Key ID 897B0849, created 1998/02/08 Key fingerprint = DD DB 14 3D 5E 95 FD A0 7B E3 9A AA 91 F0 05 F4

14 Electronic Commerce School of Library and Information Science Then: READ CAREFULLY: Based on your own direct first-hand knowledge, are you absolutely certain that you are prepared to solemnly certify that the above public key actually belongs to the user specified bythe above user ID (y/N)? y You need a pass phrase to unlock your RSA secret key. Key for user ID "Howard Rosenbaum " Enter pass phrase: Pass phrase is good. Just a moment.... Key signature certificate added.

15 Electronic Commerce School of Library and Information Science Extracting a key from your keyring Take a key from your keyring and put it in a file, then send it to someone via e-mail 1. To extract a key from your keyring, type: pgp -kxa email@address -or- userID filename [Key extract armored] where email@address or userID is the e-mail address or userID of the key that you want to extract from your keyring (usually your own!) 2. The computer will prompt you for a filename you use to save your public key (use the.asc extension)

16 Electronic Commerce School of Library and Information Science You ’ ll see: lear% pgp -kxa Howard howard Pretty Good Privacy(tm) 2.6.2... the U.S. government. Current time: 2003/04/09 18:42 GMT Extracting from key ring: '/home/u3/hrosenba/.pgp/pubring.pgp', userid "Howard". Key for user ID: Howard Rosenbaum 512-bit key, Key ID 897B0849, created 1998/02/08 Transport armor file: howard.asc Key extracted to file 'howard.asc'.

17 Electronic Commerce School of Library and Information Science You ’ ll see: -----BEGIN PGP PUBLIC KEY BLOCK----- Version: 2.6.2 mQBNAzTeFVMAAAECAOd0Go+wiJTLZPvfMIgm/dT7KJVzA+o4Neph7Sce58KRS8SD Y3+MJ9BXs65NgFo2+gpvd4ruQd72bmkyp4l7CEkABRG0J0hvd2FyZCBSb3NlbmJh dW0gPGhyb3NlbmJhQGluZGlhbmEuZWR1PokAVQMFEDTgZLZuaTKniXsISQEBnUQ C ANF+5c6iRahTuoa5sh8UGKG+RDethVz9C1+2nfsUMvFPLNcq7pZmH43dsSJXWtaW ws9yRzi7G94pdp7MlIwEKDi0Bmhvd2FyZA== =bHK8 -----END PGP PUBLIC KEY BLOCK-----

18 Electronic Commerce School of Library and Information Science Using PINE, you can now send the key (in the form of the file to someone else You format a message and use the ^j> to attach the file ~or~ You can open the.asc file with pico and then copy and paste the public key into an email message as text

19 Electronic Commerce School of Library and Information Science You can use the -f (filter) option to send your public key directly to another person The filter option allows PGP to print the public key directly into the mail program (in our case, ) To use it, type: pgp -kxaf your_userID | mail -s “ descriptive text ” recipient@email.address Your public key is printed into an email message and sent to the specified address without you having to exit the UNIX shell

20 Electronic Commerce School of Library and Information Science You ’ ll see (-kxaf): lear% pgp -kxaf Howard | mail "public key" bozo@clownie.com Pretty Good Privacy(tm) 2.6.2 -...the U.S. government. Current time: 2003/04/10 17:20 GMT Extracting from key ring: '/home/u3/hrosenba/.pgp/pubring.pgp', userid "Howard". Key for user ID: Howard Rosenbaum 512-bit key, Key ID 897B0849, created 1998/02/08 Key extracted to file 'pgptemp.$00'.

21 Electronic Commerce School of Library and Information Science Here ’ s what they get: Date: Wed, 10 April 2003 12:19:53 -0500 (EST) From: hrosenba To: bozo@clownie.com -----BEGIN PGP PUBLIC KEY BLOCK----- Version: 2.6.2 mQBNAzTeFVMAAAECAOd0Go+wiJTLZPvfMIgm/dT7KJVzA+o4Neph7Sce58KRS8SD Y3+MJ9BXs65NgFo2+gpvd4ruQd72bmkyp4l7CEkABRG0J0hvd2FyZCBSb3NlbmJh dW0gPGhyb3NlbmJhQGluZGlhbmEuZWR1PokAVQMFEDTgZLZuaTKniXsISQEBnUQ C ANF+5c6iRahTuoa5sh8UGKG+RDethVz9C1+2nfsUMvFPLNcq7pZmH43dsSJXWtaW ws9yRzi7G94pdp7MlIwEKDi0Bmhvd2FyZA== =bHK8 -----END PGP PUBLIC KEY BLOCK-----.

22 Electronic Commerce School of Library and Information Science Adding a key to your keyring For you to be able to encrypt a document to someone else (or verify a digital signature) you must add their public key to your keyring For you to do this, they must first extract their public key, and send it to you You then save it into a file and follow the instructions to add it to your keyring

23 Electronic Commerce School of Library and Information Science 1. Type: pgp -ka filename [Key add] where filename is the file that contains the public key that you want to add to your keyring 2. If the key is not certified, you have to decide if you want to want to certify (e.g. trust) it You need your private key passphrase to do this 3. The selection you make from the menu determines how much trust you have in the person This is important because it maintains and extends the “ web of trust ” that makes PGP work You have just added the key in to your keyring!

24 Electronic Commerce School of Library and Information Science You see: lear% pgp -ka siwkshop.asc Pretty Good Privacy(tm) 2.6.2...the U.S. government. Current time: 2003/04/09 18:39 GMT Looking for new keys... pub 512/7E3E525D 1998/02/09 bozo Checking signatures... Keyfile contains: 1 new key(s)

25 Electronic Commerce School of Library and Information Science Then: One or more of the new keys are not fully certified. Do you want to certify any of these keys yourself ((y/N)? y Keyfile contains: 1 new key(s) One or more of the new keys are not fully certified. Do you want to certify any of these keys yourself (y/N)? y Key for user ID: bozo 512-bit key, Key ID 7E3E525D, created 2003/04/09

26 Electronic Commerce School of Library and Information Science And then: Key fingerprint = 9B 6D AB 6A D5 92 AE 04 03 28 60 7C 8D 65 F6 4F This key/userID association is not certified. Do you want to certify this key yourself (y/N)? y Looking for key for user “ bozo ': Key for user ID: bozo 512-bit key, Key ID 7E3E525D, created 1998/02/09 Key fingerprint = 9B 6D AB 6A D5 92 AE 04 03 28 60 7C 8D 65 F6 4F

27 Electronic Commerce School of Library and Information Science Then: READ CAREFULLY: Based on your own direct first-hand knowledge, are you absolutely certain that you are prepared to solemnly certify that the above public key actually belongs to the user specified by the above user ID (y/N)? You need a pass phrase to unlock your RSA secret key. Key for user ID "Howard Rosenbaum " Enter pass phrase: Pass phrase is good. Just a moment.... Key signature certificate added.

28 Electronic Commerce School of Library and Information Science And then: Make a determination in your own mind whether this key actually belongs to the person whom you think it belongs to, based on available evidence. If you think it does, then based on your estimate of that person's integrity and competence in key management, answer the following question: Would you trust ” bozo ” to act as an introducer and certify other people's public keys to you? (1=I don't know. 2=No. 3=Usually. 4=Yes, always.) ? 4

29 Electronic Commerce School of Library and Information Science Listing the keys in your keyring To list the keys in your (public) keyring, type: pgp -kv [Key view] To list the keys in your public keyring with just signatures, type: pgp -kvv [Key view verbose] To list the keys in your public keyring with signatures and levels of trust displayed, type: pgp -kc [Key check]

30 Electronic Commerce School of Library and Information Science You see (-kv) lear% pgp -kv Pretty Good Privacy(tm) 2.6.2 -...the U.S. government. Current time: 2003/04/10 18:55 GMT Key ring: '/home/u3/hrosenba/.pgp/pubring.pgp' Type bits/keyID Date User ID pub 512/7E3E525D 2003/04/10 bozo pub 512/897B0849 1998/02/08 Howard Rosenbaum 2 matching keys found.

31 Electronic Commerce School of Library and Information Science You see (-kvv): lear% pgp -kvv Pretty Good Privacy(tm) 2.6.2...U.S. government. Current time: 2003/04/10 14:14 GMT Key ring: '/home/u3/hrosenba/.pgp/pubring.pgp' Type bits/keyID Date User ID pub 512/7E3E525D 1998/02/09 bozo sig 897B0849 Howard Rosenbaum pub 512/897B0849 1998/02/08 Howard Rosenbaum This key is signed by me

32 Electronic Commerce School of Library and Information Science You see (-kc) lear% pgp -kc Pretty Good Privacy(tm) 2.6.2...the U.S. government. Current time: 2003/04/10 14:48 GMT Key ring: '/home/u3/hrosenba/.pgp/pubring.pgp' Type bits/keyID Date User ID pub 512/7E3E525D 1998/02/09 bozo sig! 897B0849 1998/02/09 Howard Rosenbaum pub 512/897B0849 1998/02/08 Howard Rosenbaum

33 Electronic Commerce School of Library and Information Science Then: sig! 897B0849 2003/04/10 Howard Rosenbaum KeyID Trust Validity User ID 7E3E525D complete complete bozo c ultimate Howard Rosenbaum 897B0849 ultimate complete Howard Rosenbaum c ultimate Howard Rosenbaum

34 Electronic Commerce School of Library and Information Science Removing (deleting) a key from your keyring At the UNIX prompt, you type: pgp -kr userID [Key remove] where the userID is the name attached to the key Then, when prompted, type to remove the key If you don ’ t recall the names of the keys in your keyring, you can see them if you type: pgp -kv [Key view]

35 Electronic Commerce School of Library and Information Science You ’ ll see: lear% pgp -kr bozo Pretty Good Privacy(tm)... by the U.S. government. Current time: 2003/04/09 18:31 GMT Removing from key ring: '/home/u3/hrosenba/.pgp/pubring.pgp', userid ” bozo". Key for user ID: bozo 512-bit key, Key ID 933DFD7D, created 2003/04/09 Are you sure you want this key removed (y/N)? y Key removed from key ring.

36 Electronic Commerce School of Library and Information Science Managing the web of trust It is possible to change the level of trust assigned to a public key To do this, type: pgp -ke userID [Key edit] You reduce trust if you find out that someone signs and distributes keys without really checking You might raise levels of trust if you find out that a person really understands how the web of trust works and is careful about certifying keys

37 Electronic Commerce School of Library and Information Science You see (-ke): lear% pgp -ke bozo Pretty Good Privacy(tm) 2.6.2...the U.S. government. Current time: 2003/04/10 15:12 GMT Editing userid ” bozo" in key ring: '/home/u3/hrosenba/.pgp/ pubring.pgp'. Key for user ID: bozo 512-bit key, Key ID 7E3E525D, created 1998/02/09 No secret key available. Editing public key trust parameter. Key for user ID: bozo 512-bit key, Key ID 7E3E525D, created 1998/02/09 This user is completely trusted to certify other keys. This key/userID association is fully certified. Axiomatically trusted certification from: Howard Rosenbaum Current trust for this key's owner is: complete

38 Electronic Commerce School of Library and Information Science And then: Make a determination in your own mind whether this key actually belongs to the person whom you think it belongs to, based on available evidence. If you think it does, then based on your estimate of that person's integrity and competence in key management, answer the following question: Would you trust ” bozo " to act as an introducer and certify other people's public keys to you? (1=I don't know. 2=No. 3=Usually. 4=Yes, always.) ? 3 Public key ring updated.

39 Electronic Commerce School of Library and Information Science Another component of the web of trust is the “ fingerprint ” of a key When a key is generated, it receives a unique identifier composed of 16 “ hexadecimal ” numbers People will often provide the “ fingerprint ” for their public keys in their signature files so that others can make note of it This fingerprint allows you to verify that the key belongs to the person who claims to have created it

40 Electronic Commerce School of Library and Information Science This is an example of a public key fingerprint (it ’ s mine): Key fingerprint = DD DB 14 3D 5E 95 FD A0 7B E3 9A AA 91 F0 05 F4 To see the fingerprint of the keys in your public keyring, type: pgp -kvc [Key view check] The “ fingerprint ” will be listed after each key in your public keyring

41 Electronic Commerce School of Library and Information Science You see (-kvc): lear% pgp -kvc Pretty Good Privacy(tm) 2.6.2... the U.S. government. Current time: 2003/04/10 15:31 GMT Key ring: '/home/u3/hrosenba/.pgp/pubring.pgp' Type bits/keyID Date User ID pub 512/897B0849 1998/02/08 Howard Rosenbaum Key fingerprint = DD DB 14 3D 5E 95 FD A0 7B E3 9A AA 91 F0 05 F4

42 Electronic Commerce School of Library and Information Science Cryptography: Using PGP I. Generating and managing keys Signing keys Extracting and sending keys Adding and removing keys Listing and viewing keys Managing the web of trust II. Encrypting files Encrypting with signature III. Decrypting files IV. PGP options

43 Electronic Commerce School of Library and Information Science Encrypting a file to someone else To encrypt and sign a file named to someone whose email address is, you type: pgp -eas filename theirID@their_address -u yourID The extension “ e ” encrypts with a specified public key The extension “ a ” applies ASCII armor to the file (making a binary file readable as text) The extension “ s ” uses a secret key to sign the file The extension “ u ” tells PGP which secret key to use This file appears in encrypted form

44 Electronic Commerce School of Library and Information Science You enter your passphrase in order to digitally sign (e.g. encrypt with your private key) the file The encrypted file is saved as filename.asc (where filename is the name of the original file) To view this file, you can type: pico filename.asc ~or~ more filename.asc (this command will not allow you to make changes to the file) You can now use to mail this document to the intended recipient as an attachment

45 Electronic Commerce School of Library and Information Science Using -eas, you see: lear%pgp -eas test hrosenba@indiana.edu -u bozo A secret key is required to make a signature. You need a pass phrase to unlock your RSA secret key. Key for user ID "bozo " Enter pass phrase: Pass phrase is good. Key for user ID: bozo 512-bit key, Key ID FB940819, created 2003/04/08 Recipients' public key(s) will be used to encrypt. Key for user ID: H Rosenbaum 512-bit key, Key ID 897B0849, created 1998/02/08 Transport armor file: test.asc This is the file we want

46 Electronic Commerce School of Library and Information Science Then: Enter pass phrase: Pass phrase is good. Key for user ID: bozo 512-bit key, Key ID FB940819, created 1999/02/10 Just a moment.... Recipients' public key(s) will be used to encrypt. Key for user ID: Howard Rosenbaum 512-bit key, Key ID 897B0849, created 1998/02/08 Also known as: howard. Transport armor file: test2.asc This is the file we want

47 Electronic Commerce School of Library and Information Science And, using pico, we see: -----BEGIN PGP MESSAGE----- Version: 2.6.2 hEwDbmkyp4l7CEkBAf4izmZs4LTfWgiyr3t4//efsP8kCrQ7Tx7Cc/djoK4ZytF/ nEIT5CUCx3AQCKUZA+gKcUR5Fp4f8zJfz1aHnyM6pgAAASwp/X0fbk4upFpr5r30 ps+BAgwgCffkuApcoKHnt+R+lFyDYlarQpkXpS/Tw8Zc5rZBA/deuGnekdlIS4o4 huw2BigCWCmiQOZeLLZmmcJIjaNkEV+dEWAJufysZOZXMVq2I4Fd4QvThQFObc3i PC7KzMbkAEsj7WXb+t8/o3ltQBVSEgDBP+m/GbQe8+s2CJutC3w+EQ5GBNCCcgBU Z7X/eEdqtN50U+KD/uZNNXSEOQ1BpmzPihV7O9qMTZGCfDt3lh9jMEctfZd5IzpN Os/Y6y+m357olx1yx7lfq+77rNK3qtBonTBjNCeFk1xhRA09KVwHp0V+gGGpsyPA tpNu1qUeQ247x0W7Z/FQn3Nwb2LJVmQb7sNsBI2izCRi+LAtfbCc2c4aPr/tzjU= =VIXw -----END PGP MESSAGE-----

48 Electronic Commerce School of Library and Information Science Other ways to use PGP in the UNIX shell: To send mail directly from the UNIX shell, use: lear% mail their_email@address < file.asc To encrypt and send a message from the UNIX shell, use: lear% pgp -eatf their_userID |mail their_email@address

49 Electronic Commerce School of Library and Information Science Using [pgp -eatf their_userID < file | mail their_email@ address], you see: lear% pgp -eatf bozo < test | mail bozo@clownie.com Pretty Good Privacy(tm) 2.6.2...the U.S. government. Current time: 2003/04/10 17:46 GMT Key for user ID: bozo 512-bit key, Key ID 7E3E525D, created 1998/02/09. They receive the encrypted message with the encrypted text in the body of the message

50 Electronic Commerce School of Library and Information Science 6. To compose, encrypt, and send the message from the UNIX shell, use: lear% pgp -eatf their_userID | mail their_email@address Note: you must have the public key belonging to the person at in order to encrypt a document to that person You ’ ll see a blank line - that ’ s where you begin typing When you ’ re done, press: ^D

51 Electronic Commerce School of Library and Information Science Using [ lear% pgp -eatf their_userID | mail their_email @address], you see: lear% pgp -eatf bozo | mail bozo@clownie.com Pretty Good Privacy(tm) 2.6.2 -...the U.S. government. Current time: 2003/04/10 17:50 GMT Here's another way to send encrypted messages directly from the UNIX shell. The use of the option combined with the pipe option makes this possible. ^D Key for user ID: bozo 512-bit key, Key ID 7E3E525D, created 2003/04/09 Text that I typed How to stop

52 Electronic Commerce School of Library and Information Science To sign a plaintext file with your secret key, type: pgp -sta filename -u your_userID The extension “ s ” is the command to sign with a secret key The extension “ t ” saves the file in a text format The extension “ a ” applies ASCII armor to the file (making a binary file readable as text) The extension “ u ” tells PGP which secret key to use Although the text can be read, the digital signature is encrypted PGP must be used to verify the signature

53 Electronic Commerce School of Library and Information Science You see: lear% pgp -sta test hrosenba@indiana.edu -u bozo A secret key is required to make a signature. You need a pass phrase to unlock your RSA secret key. Key for user ID ” bozo " Enter pass phrase: Pass phrase is good. Key for user ID: bozo 512-bit key, Key ID FB940819, created 1999/02/10 Just a moment.... Clear signature file: test.asc This is the file we want

54 Electronic Commerce School of Library and Information Science And, with pico, you see: -----BEGIN PGP SIGNED MESSAGE----- This is a test message. It will be encrypted with your public key and you will need your private key to decrypt and read it. This is a demonstration of the way in which PGP protects the integrity and authenticity of your files. -----BEGIN PGP SIGNATURE----- Version: 2.6.2 iQBVAwUBNsHjoqiNX5P7lAgZAQGG3QIAh8ZlL4aK/VsdqENFHzTbnYWCWE6bC4E 4 u+SwL99Q3AT8wlTlteabXkpNTz4sgIiwpu5XlxW+gj4eJEDaYZ7oDA== =vYVw -----END PGP SIGNATURE-----

55 Electronic Commerce School of Library and Information Science Cryptography: Using PGP I. Generating and managing keys Signing keys Extracting and sending keys Adding and removing keys Listing and viewing keys Managing the web of trust II. Encrypting files Encrypting with signature III. Decrypting files IV. PGP options

56 Electronic Commerce School of Library and Information Science Decrypting a file When you receive the file, you save it to the UNIX shell, where you will then decode it 1.To decrypt an encrypted file called “ filename ” (e.g. encrypted with your public key), you type: pgp filename.asc Or whatever the file extension is 2. You will have to type in the password to your secret key 3. If you are able to decrypt the file properly, PGP will tell you the filename of the decrypted file 4. You can then view this file with the UNIX command or edit it with the word processor

57 Electronic Commerce School of Library and Information Science You see: Date: Thursday, 10 April 2003 15:41:35 -0500 (EST) From: bozo To: hrosenba@indiana.edu Parts/attachments: 1 Shown 0 lines Text 2 OK ~489 bytes Text, "decrypt this!" ---------------------------------------- [Part 2, "decrypt this!" Text/PLAIN 10 lines] [Not Shown. Use the "V" command to view or save this part] [ALL of message]

58 Electronic Commerce School of Library and Information Science You type “ v ” to move to the viewer and you see: 1 0 lines Text/PLAIN 2 ~489 bytes Text/PLAIN, "decrypt this!" Then you type “ s ” to save the message to a file in your directory 1 0 lines Text/PLAIN 2 ~489 bytes Text/PLAIN, "decrypt this!" Copy attachment to file in home directory: test.asc

59 Electronic Commerce School of Library and Information Science Then, to decrypt and read the message, you go back to the main menu and UNIX shell typing “ ! ” from the main Pine menu You see: Type 'exit' to return to Pine. lear% ls Mail somefile.txttest.asc Text another.txtprop.txt Type 'exit' to return to Pine. lear% The one we want!

60 Electronic Commerce School of Library and Information Science Then you see: lear% pgp test.asc Pretty Good Privacy(tm) 2.6.2 -... U.S. government. Current time: 2003/04/10 15:51 GMT File is encrypted. Secret key is required to read it. Key for user ID: Howard Rosenbaum 512-bit key, Key ID 897B0849, created 1998/02/08 You need a pass phrase to unlock your RSA secret key. Enter pass phrase: Enter pass phrase: Pass phrase is good. Just a moment......

61 Electronic Commerce School of Library and Information Science And then: File has signature. Public key is required to check signature. Good signature from user "bozo ". Signature made 2003/04/09 20:40 GMT Plaintext filename: test Type 'exit' to return to Pine. lear% more test Here is a text of pgp as a means of encrypting a message. I'll send this one to myself. message: END Decrypted message

62 Electronic Commerce School of Library and Information Science Decrypting and checking signatures After saving the message to your directory, type: pgp filename.asc -o filename [Output] The second is optional and will name the file after it is decrypted Note that the verification of the signature is done automatically during encryption, and depends on you having the senders public key in your pubring.pgp keyring

63 Electronic Commerce School of Library and Information Science You ’ ll see (the file is called “ test.asc ” ): lear% pgp test.asc -o test Pretty Good Privacy(tm) 2.6.2... the U.S. government. Current time: 2003/04/10 21:14 GMT File is encrypted. Secret key is required to read it. Key for user ID: bozo 512-bit key, Key ID 7E3E525D, created 2003/04/09 You need a pass phrase to unlock your RSA secret key.

64 Electronic Commerce School of Library and Information Science And then: Enter pass phrase: Pass phrase is good. Just a moment...... File has signature. Public key is required to check signature. Good signature from user "Howard Rosenbaum ". Signature made 1998/02/09 20:28 GMT Plaintext filename: test lear% more test This is a sample message that I'd like to sign with my secret key digital signature. Here ’ s the message Here ’ s the verification

65 Electronic Commerce School of Library and Information Science Decrypting a message and leaving the signature in it You type: pgp -d filename [Decrypt with signature] You are left with a plaintext message that has the encrypted signature at the bottom This can be useful if you want to send the message to a third party and allow them to also verify the signature

66 Electronic Commerce School of Library and Information Science You see: lear% pgp -d test.asc Pretty Good Privacy(tm) 2.6.2... the U.S. government. Current time: 2003/04/09 21:34 GMT File is encrypted. Secret key is required to read it. Key for user ID: bozo 512-bit key, Key ID 7E3E525D, created 2003/04/09 You need a pass phrase to unlock your RSA secret key.

67 Electronic Commerce School of Library and Information Science And then: Enter pass phrase: Pass phrase is good. Just a moment...... This file has a signature, which will be left in place. Plaintext filename: test Output file 'test' may contain more ciphertext or signature. Should 'test.' be renamed to 'test.pgp' [Y/n]? y

68 Electronic Commerce School of Library and Information Science Cryptography: Using PGP I. Generating and managing keys Signing keys Extracting and sending keys Adding and removing keys Listing and viewing keys Managing the web of trust II. Encrypting files Encrypting with signature III. Decrypting files IV. PGP options

69 Electronic Commerce School of Library and Information Science IV. PGP options -e = Encrypt with a public key -a = ASCII armor -s = Sign with your secret key -t = Converts PGP files into text files -f = Filter will write the file to standard file output -o = Output will specify the name for a decrypted file -w = Wipes or erases the original plaintext file

70 Electronic Commerce School of Library and Information Science Here ’ s a quick summary of PGP v2.6 commands. To encrypt a plaintext file with the recipient's public key: pgp -e textfile her_userid To sign a plaintext file with your secret key and encrypt it in ACSCII form with her public key: pgp -eas textfile her_userid [-u your_ userid] To sign a plaintext file with your secret key and have the output readable to people without running PGP first: pgp -sta textfile [-u your_userid]

71 Electronic Commerce School of Library and Information Science To sign a plaintext file with your secret key, and then encrypt it with the recipient's public key: pgp -es textfile her_userid [-u your_userid] To decrypt an encrypted file, or to check the signature integrity of a signed file: pgp ciphertextfile [-o plaintextfile] To decrypt a message leaving the signature intact: pgp -d ciphertextfile To create a signature certificate that is detached from the document: pgp -sb textfile [-u your_userid]

72 Electronic Commerce School of Library and Information Science To detach a signature certificate from a signed message: pgp -b ciphertextfile To view the decrypted plaintext output on your screen (like the Unix-style "more" command), without writing it to a file, use the -m (more) option while decrypting: pgp -m ciphertextfile To specify that the recipient's decrypted plaintext will be shown ONLY on her screen and cannot be saved to disk, add the -m option: pgp -steam message.txt her_userid To recover an original plaintext filename while decrypting, add the -p option: pgp -p ciphertextfile

73 Electronic Commerce School of Library and Information Science Key management: To generate your own unique public/secret key pair: pgp -kg To add a public or secret key file's contents to your public or secret key ring: pgp -ka keyfile [keyring] To extract (copy) a key from your public or secret key ring: pgp -kx userid keyfile [keyring] ~or~ pgp -kxa userid keyfile [keyring]

74 Electronic Commerce School of Library and Information Science To view the contents of your public key ring: pgp -kv[v] [userid] [keyring] To view the "fingerprint" of a public key, to help verify it over the telephone with its owner: pgp -kvc [userid] [keyring] To view the contents and check the certifying signatures of your public key ring: pgp -kc [userid] [keyring] To edit the userid or pass phrase for your secret key: pgp -ke userid [keyring]

75 Electronic Commerce School of Library and Information Science To edit the trust parameters for a public key: pgp -ke userid [keyring] To remove a key or just a userid from your public key ring: pgp -kr userid [keyring] To sign and certify someone else's public key on your public key ring: pgp -ks her_userid [-u your_userid][keyring]

Download ppt "Electronic Commerce School of Library and Information Science Cryptography: Using PGP I. Generating and managing keys Signing keys Extracting and sending."

Similar presentations

11/2/2013 2:02:38 AM 5864_ER_FED 1 Importing Certificates into Lotus Notes R6.

11/2/2013 2:02:38 AM 5864_ER_FED 1 Importing Certificates into Lotus Notes R6.
Public Key Infrastructure A Quick Look Inside PKI Technology Investigation Center 3/27/2002.

Public Key Infrastructure A Quick Look Inside PKI Technology Investigation Center 3/27/2002.
Email Security 1. email is one of the most widely used and regarded network services currently message contents are not secure may be inspected either.

Security 1. is one of the most widely used and regarded network services currently message contents are not secure may be inspected either.
CIS 193A – Lesson6 CRYPTOGRAPHY RAPELCGRQ. CIS 193A – Lesson6 Focus Question Which cryptographic methods help computer users maintain confidentiality,

CIS 193A – Lesson6 CRYPTOGRAPHY RAPELCGRQ. CIS 193A – Lesson6 Focus Question Which cryptographic methods help computer users maintain confidentiality,
Jump to first page Unix Commands Monica Stoica Jump to first page Introduction to Unix n Unix was born in 1969 at Bell Laboratories, a research subdivision.

Jump to first page Unix Commands Monica Stoica Jump to first page Introduction to Unix n Unix was born in 1969 at Bell Laboratories, a research subdivision.
Public Key Cryptography and GnuPG CPT 555 Network Security.

Public Key Cryptography and GnuPG CPT 555 Network Security.
Electronic Commerce : Using PGP Electronic Commerce Prof. Sheizaf Rafaeli Cryptography: Using PGP I. Generating and managing keys Listing, extracting and.

Electronic Commerce : Using PGP Electronic Commerce Prof. Sheizaf Rafaeli Cryptography: Using PGP I. Generating and managing keys Listing, extracting and.
Authentication Cristian Solano. Cryptography is the science of using mathematics to encrypt and decrypt data. Public Key Cryptography –Problems with key.

Authentication Cristian Solano. Cryptography is the science of using mathematics to encrypt and decrypt data. Public Key Cryptography –Problems with key.
Lecture 5: Email security: PGP Anish Arora CSE 5473 Introduction to Network Security.

Lecture 5: security: PGP Anish Arora CSE 5473 Introduction to Network Security.
Lecture 5: Email security: PGP Anish Arora CIS694K Introduction to Network Security.

Lecture 5: security: PGP Anish Arora CIS694K Introduction to Network Security.
20-751 ECOMMERCE TECHNOLOGY SUMMER 2002 COPYRIGHT © 2002 MICHAEL I. SHAMOS Cryptographic Security.

ECOMMERCE TECHNOLOGY SUMMER 2002 COPYRIGHT © 2002 MICHAEL I. SHAMOS Cryptographic Security.
Cryptographic Technologies

Cryptographic Technologies
Presented by Xiaoping Yu Cryptography and PKI Cosc 513 Operating System Presentation Presented to Dr. Mort Anvari.

Presented by Xiaoping Yu Cryptography and PKI Cosc 513 Operating System Presentation Presented to Dr. Mort Anvari.
1 CA201 Word Application Collaborating with Others Week # 8 By Tariq Ibn Aziz Dammam Community college.

1 CA201 Word Application Collaborating with Others Week # 8 By Tariq Ibn Aziz Dammam Community college.
Introduction to Public Key Infrastructure (PKI) Office of Information Security The University of Texas at Brownsville & Texas Southmost College.

Introduction to Public Key Infrastructure (PKI) Office of Information Security The University of Texas at Brownsville & Texas Southmost College.
Cryptography and Network Security Chapter 15 Fourth Edition by William Stallings Lecture slides by Lawrie Brown.

Cryptography and Network Security Chapter 15 Fourth Edition by William Stallings Lecture slides by Lawrie Brown.
Public Key Cryptography & PGP Jay D. Dyson, Computer Systems Specialist If you think cryptography can solve your problem, then you don't understand your.

Public Key Cryptography & PGP Jay D. Dyson, Computer Systems Specialist "If you think cryptography can solve your problem, then you don't understand your.
Foundations of Network and Computer Security J J ohn Black Lecture #15 Oct 19 th 2004 CSCI 6268/TLEN 5831, Fall 2004.

Foundations of Network and Computer Security J J ohn Black Lecture #15 Oct 19 th 2004 CSCI 6268/TLEN 5831, Fall 2004.
Pretty Good Privacy (PGP)

Pretty Good Privacy (PGP)
Computer Science Public Key Management Lecture 5.

Computer Science Public Key Management Lecture 5.

Similar presentations

Ads by Google