Documente Academic
Documente Profesional
Documente Cultură
David Morgan
Confidentiality
ensuring illegibility to outsiders
Authentication
ensuring ostensible and actual sender are one
and the same
Data integrity
ensuring non-alteration in transit
An implementation of OpenPGP
Cryptographic processing
Encryption
Decryption
(data sender)
(data receiver)
plaintext
cryptogram
cipher
reverse cipher
cryptogram
plaintext
Cryptographic strength
Good: protect it
DONT
2 broad categories
Secret-key cryptography
versus
Public-key cryptography w!
e )
n ( 1970
One technology
single-key
private-key
symmetric
secret-key
shared-key
conventional
Secret-key
distribute but protect
low risk
goo
Public-key
none, you dont need to distribute it
no risk
er!
t
t
be
Decryption
(data sender)
(data receiver)
plaintext
cryptogram
cipher
reverse cipher
cryptogram
plaintext
(same key)
Decryption
plaintext
cryptogram
cipher
reverse cipher
cryptogram
plaintext
(different
key)
Wait a minute
Decryption
(data sender)
(data receiver)
plaintext
cryptogram
cipher
reverse cipher
cryptogram
plaintext
(same key)
Key sent
David Morgan 2006-2013
Well
confidentiality, or
authentication
David Morgan 2006-2013
Decryption
(data sender)
(data receiver)
plaintext
cryptogram
cipher
inverse cipher
cryptogram
plaintext
Key sender
(data receivers
private key)
Key sent
(data receivers public key)
Confidentiality
Authentication
Data integrity
(data
senders
private key)
Encryption
Decryption
(data sender)
(data receiver)
plaintext
cryptogram
cipher
inverse cipher
cryptogram
plaintext
Key sent
(data senders public key)
Confidentiality
Authentication
Data integrity
10
Confidentiality
Authentication
Data integrity
1also
2also
11
Decryption
(data sender)
(data receiver)
*gpg
H
senders private
cryptogram
plaintext
reverse cipher
receivers public
receivers private
cipher
plaintext
S
senders public
cryptogram
H
H - hash
S - signature
OK if same
David Morgan 2006-2013
Decryption
(data sender)
(data receiver)
plaintext
*gpg
senders private
plaintext
sign only,
also useful
senders public
OK if same
H - hash
S - signature
12
home
tom
harry
dick
.gnupg
gpg.conf
.gnupg
secring
pubring
gpg.conf
.gnupg
pubring
gpg.conf
pubring
secring
secring
David Morgan 2006-2013
--gen-key
create keypair and store on disk
--export
take public key from disk and output to file
--import
take public key from file and output to disk
13
--decrypt <file>
decrypt file using private key from disk that
matches public key with which file was
encrypted
--sign <file>
create digest of file, encrypt it with private key
--verify
decrypt senders digest, generate your own,
check theyre the same
14
15
16
ostensible
OK, except
actual
17
Others: http://www.gnupg.org/related_software/frontends.html
Info
official page
http://www.gnupg.org
18