Putting it all together
PGP
CS349 Cryptography
Department of Computer Science
Wellesley College
Pretty Good Privacy*
o
Selected best available
cryptographic algorithms.
o
Integrated algorithms
into a general-purpose
application that is
independent of operating
system and processor.
o
Make package and its
documentation, including
source code, freely
available.
*Phil Zimmerman
PGP
20-2
1
PGP services
PGP
20-3
PGP
20-4
Conventional cryptography
*Efficient implementations, but suffers from key distribution problem.
2
Public key cryptography
*Helps solve key distribution, but slow in practice.
PGP
20-5
PGP
20-6
Best of both worlds
3
Unpacking the message
PGP
20-7
PGP
20-8
PGP confidentiality
4
Digital signatures
PGP
20-9
PGP authentication
PGP 20-10
5
Data compression
o
PGP uses a freeware
compression package
called ZIP.
o
ZIP uses a technique
based on a sliding window
buffer that holds most
recently processed text
known as LZ77.
PGP 20-11
A simple example*
*Original message was 53 octets = 424 bits long. The compressed message
consists of 35 9-bit characters and two codes for a total of 343 bits.
PGP 20-12
6
LZ77 compression
PGP 20-13
E-mail compatibility
o
Part to all of a message
sent by PGP consists of a
stream of arbitrary 8-bit
octets.
o
However, many E-mail
systems permit the use of
blocks consisting of
ASCII text only.
o
PGP can convert a raw 8bit binary streams into a
stream of printable
ASCII characters
PGP 20-14
7
Radix-64 encoding
PGP 20-15
Printable encoding of binary data
o
For example, consider the 24-bit raw text sequence
00100011 01011100.
001000
01001001
110101
00110001
110010
01111001
010001
01010010
PGP 20-16
8
PGP transmission and reception
PGP 20-17
General
format of
a PGP
message
PGP 20-18
9
Private-key ring
*Private keys are encrypted using CAST-128 (or IDEA or triple-DES).
The key is a SHA-1 hashed passphrase.
PGP 20-19
Public-key management
This whole business of protecting public keys from
tampering is the single most difficult problem in practical
public key application. It is the Achilles heel of public key
cryptography, and a lot of software complexity is tied up
in solving this one problem.
PGP documentation
PGP 20-20
10
Public-key ring
*Key legitimacy is the extent to which PGP trusts that this is valid key;
owner trust is the degree to which this public key is trusted to sign
other public key certificates; signature trust is trust in signature on same line.
PGP 20-21
PGP message generation
PGP 20-22
11
PGP message reception
PGP 20-23
Digital certificates
PGP 20-24
12
PGP certificate format
PGP 20-25
Direct trust
o
A user trusts that a key is
valid because he or she
knows where it came from.
o
For example, in web
browsers, the root
Certificate Authority keys
are directly trusted
because they were
shipped by the
manufacturer.
PGP 20-26
13
Hierarchical trust
PGP 20-27
Contents of trust flag byte
PGP 20-28
14
Assigning owner trust
o
If the new public key is
owned by the user,
ultimate trust is assigned.
o
Otherwise, PGP asks the
user for her assessment
of trust (unknown,
untrusted, marginally
trusted, completely
trusted.).
PGP 20-29
Assigning signature trust
If new public key has signature(s) attached, and each time a
signature is added, PGP searches public-key ring for signature
authors. If found, OWNERTRUST of author is assigned to
SIGTRUST field of signature. Else, unknown user.
PGP 20-30
15
Assigning key legitimacy
o
If at least one signature
has trust value ultimate,
then key legitimacy is set
to complete.
o
Otherwise, PGP computes
a weighted sum of trust
values: 1/X is given to
signatures that are always
trusted & 1/Y to
signatures that are usually
trusted.
*X and Y are user-configurable parameters.
PGP 20-31
PGP trust model
PGP 20-32
16
Revoking a public key
o
Owner issues a key
revocation certificate,
signed by the owner.
o
Owner then disseminates
this certificate as widely
and quickly as possible to
enable all potential
correspondents to update
their public key rings.
*Note that an opponent who has compromised the private key can do likewise.
Is this a problem?
PGP 20-33
17