introduction to pgp - university of...
TRANSCRIPT
![Page 1: Introduction to PGP - University of Oxfordold.ictf.ox.ac.uk/conference/2016/A4-Introduction-to-PGP.pdf · 1996 - Case against Phil Zimmerman dropped 1997 - GnuPG first released](https://reader031.vdocuments.site/reader031/viewer/2022022018/5b9168a609d3f2c05d8b7352/html5/thumbnails/1.jpg)
Introduction to PGP
Michael [email protected]
Infrastructure and Hosting TeamIT Services, Universisty of Oxford
June 24th, 2016
![Page 2: Introduction to PGP - University of Oxfordold.ictf.ox.ac.uk/conference/2016/A4-Introduction-to-PGP.pdf · 1996 - Case against Phil Zimmerman dropped 1997 - GnuPG first released](https://reader031.vdocuments.site/reader031/viewer/2022022018/5b9168a609d3f2c05d8b7352/html5/thumbnails/2.jpg)
Introduction to PGP
Michael [email protected]
Infrastructure and Hosting TeamIT Services, Universisty of Oxford
June 24th, 2016
![Page 3: Introduction to PGP - University of Oxfordold.ictf.ox.ac.uk/conference/2016/A4-Introduction-to-PGP.pdf · 1996 - Case against Phil Zimmerman dropped 1997 - GnuPG first released](https://reader031.vdocuments.site/reader031/viewer/2022022018/5b9168a609d3f2c05d8b7352/html5/thumbnails/3.jpg)
What this talk will cover
What is PGP?Why might you use it?How does it work?How might you use it?No keysigning in this talk
![Page 4: Introduction to PGP - University of Oxfordold.ictf.ox.ac.uk/conference/2016/A4-Introduction-to-PGP.pdf · 1996 - Case against Phil Zimmerman dropped 1997 - GnuPG first released](https://reader031.vdocuments.site/reader031/viewer/2022022018/5b9168a609d3f2c05d8b7352/html5/thumbnails/4.jpg)
So what is PGP?
Pretty Good Privacy (PGP) is a data encryption anddecryption computer program that provides cryptographicprivacy and authentication for data communication.
https://en.wikipedia.org/wiki/Pretty_Good_Privacy
![Page 5: Introduction to PGP - University of Oxfordold.ictf.ox.ac.uk/conference/2016/A4-Introduction-to-PGP.pdf · 1996 - Case against Phil Zimmerman dropped 1997 - GnuPG first released](https://reader031.vdocuments.site/reader031/viewer/2022022018/5b9168a609d3f2c05d8b7352/html5/thumbnails/5.jpg)
What do we mean by PGP?
PGPGPG (or GnuPG, or GNU Privacy Guard)OpenPGP (RFC 4880, RFC 2440)
![Page 6: Introduction to PGP - University of Oxfordold.ictf.ox.ac.uk/conference/2016/A4-Introduction-to-PGP.pdf · 1996 - Case against Phil Zimmerman dropped 1997 - GnuPG first released](https://reader031.vdocuments.site/reader031/viewer/2022022018/5b9168a609d3f2c05d8b7352/html5/thumbnails/6.jpg)
A brief history of PGP
1977 - Whitfield Diffie, Martin Hellman and Ralph Merkledevelop and patent public key cryptography
1991 - US Senate Bill 2661991 - Phil Zimmerman develops PGP1993 - US Government starts a criminal investigation1995 - PGP: Source Code and Internals1996 - Case against Phil Zimmerman dropped1997 - GnuPG first released1999 - Why Johnny can’t encrypt: a usability evaluation ofPGP 5.02013 - Edward Snowden2015 - Why Johnny Still, Still Can’t Encrypt: Evaluating theUsability of a Modern PGP Client
![Page 7: Introduction to PGP - University of Oxfordold.ictf.ox.ac.uk/conference/2016/A4-Introduction-to-PGP.pdf · 1996 - Case against Phil Zimmerman dropped 1997 - GnuPG first released](https://reader031.vdocuments.site/reader031/viewer/2022022018/5b9168a609d3f2c05d8b7352/html5/thumbnails/7.jpg)
A brief history of PGP
1977 - Whitfield Diffie, Martin Hellman and Ralph Merkledevelop and patent public key cryptography1991 - US Senate Bill 266
”It is the sense of Congress that providers ofelectronic communications services andmanufacturers of electronic communications serviceequipment shall insure that communications systemspermit the Government to obtain the plain textcontents of voice, data, and other communicationswhen appropriately authorized by law.”
1991 - Phil Zimmerman develops PGP1993 - US Government starts a criminal investigation1995 - PGP: Source Code and Internals1996 - Case against Phil Zimmerman dropped1997 - GnuPG first released1999 - Why Johnny can’t encrypt: a usability evaluation ofPGP 5.02013 - Edward Snowden2015 - Why Johnny Still, Still Can’t Encrypt: Evaluating theUsability of a Modern PGP Client
![Page 8: Introduction to PGP - University of Oxfordold.ictf.ox.ac.uk/conference/2016/A4-Introduction-to-PGP.pdf · 1996 - Case against Phil Zimmerman dropped 1997 - GnuPG first released](https://reader031.vdocuments.site/reader031/viewer/2022022018/5b9168a609d3f2c05d8b7352/html5/thumbnails/8.jpg)
A brief history of PGP
1977 - Whitfield Diffie, Martin Hellman and Ralph Merkledevelop and patent public key cryptography1991 - US Senate Bill 2661991 - Phil Zimmerman develops PGP
1993 - US Government starts a criminal investigation1995 - PGP: Source Code and Internals1996 - Case against Phil Zimmerman dropped1997 - GnuPG first released1999 - Why Johnny can’t encrypt: a usability evaluation ofPGP 5.02013 - Edward Snowden2015 - Why Johnny Still, Still Can’t Encrypt: Evaluating theUsability of a Modern PGP Client
![Page 9: Introduction to PGP - University of Oxfordold.ictf.ox.ac.uk/conference/2016/A4-Introduction-to-PGP.pdf · 1996 - Case against Phil Zimmerman dropped 1997 - GnuPG first released](https://reader031.vdocuments.site/reader031/viewer/2022022018/5b9168a609d3f2c05d8b7352/html5/thumbnails/9.jpg)
A brief history of PGP
1977 - Whitfield Diffie, Martin Hellman and Ralph Merkledevelop and patent public key cryptography1991 - US Senate Bill 2661991 - Phil Zimmerman develops PGP1993 - US Government starts a criminal investigation
1995 - PGP: Source Code and Internals1996 - Case against Phil Zimmerman dropped1997 - GnuPG first released1999 - Why Johnny can’t encrypt: a usability evaluation ofPGP 5.02013 - Edward Snowden2015 - Why Johnny Still, Still Can’t Encrypt: Evaluating theUsability of a Modern PGP Client
![Page 10: Introduction to PGP - University of Oxfordold.ictf.ox.ac.uk/conference/2016/A4-Introduction-to-PGP.pdf · 1996 - Case against Phil Zimmerman dropped 1997 - GnuPG first released](https://reader031.vdocuments.site/reader031/viewer/2022022018/5b9168a609d3f2c05d8b7352/html5/thumbnails/10.jpg)
A brief history of PGP
1977 - Whitfield Diffie, Martin Hellman and Ralph Merkledevelop and patent public key cryptography1991 - US Senate Bill 2661991 - Phil Zimmerman develops PGP1993 - US Government starts a criminal investigation1995 - PGP: Source Code and Internals
1996 - Case against Phil Zimmerman dropped1997 - GnuPG first released1999 - Why Johnny can’t encrypt: a usability evaluation ofPGP 5.02013 - Edward Snowden2015 - Why Johnny Still, Still Can’t Encrypt: Evaluating theUsability of a Modern PGP Client
![Page 11: Introduction to PGP - University of Oxfordold.ictf.ox.ac.uk/conference/2016/A4-Introduction-to-PGP.pdf · 1996 - Case against Phil Zimmerman dropped 1997 - GnuPG first released](https://reader031.vdocuments.site/reader031/viewer/2022022018/5b9168a609d3f2c05d8b7352/html5/thumbnails/11.jpg)
A brief history of PGP
1977 - Whitfield Diffie, Martin Hellman and Ralph Merkledevelop and patent public key cryptography1991 - US Senate Bill 2661991 - Phil Zimmerman develops PGP1993 - US Government starts a criminal investigation1995 - PGP: Source Code and Internals1996 - Case against Phil Zimmerman dropped
1997 - GnuPG first released1999 - Why Johnny can’t encrypt: a usability evaluation ofPGP 5.02013 - Edward Snowden2015 - Why Johnny Still, Still Can’t Encrypt: Evaluating theUsability of a Modern PGP Client
![Page 12: Introduction to PGP - University of Oxfordold.ictf.ox.ac.uk/conference/2016/A4-Introduction-to-PGP.pdf · 1996 - Case against Phil Zimmerman dropped 1997 - GnuPG first released](https://reader031.vdocuments.site/reader031/viewer/2022022018/5b9168a609d3f2c05d8b7352/html5/thumbnails/12.jpg)
A brief history of PGP
1977 - Whitfield Diffie, Martin Hellman and Ralph Merkledevelop and patent public key cryptography1991 - US Senate Bill 2661991 - Phil Zimmerman develops PGP1993 - US Government starts a criminal investigation1995 - PGP: Source Code and Internals1996 - Case against Phil Zimmerman dropped1997 - GnuPG first released
1999 - Why Johnny can’t encrypt: a usability evaluation ofPGP 5.02013 - Edward Snowden2015 - Why Johnny Still, Still Can’t Encrypt: Evaluating theUsability of a Modern PGP Client
![Page 13: Introduction to PGP - University of Oxfordold.ictf.ox.ac.uk/conference/2016/A4-Introduction-to-PGP.pdf · 1996 - Case against Phil Zimmerman dropped 1997 - GnuPG first released](https://reader031.vdocuments.site/reader031/viewer/2022022018/5b9168a609d3f2c05d8b7352/html5/thumbnails/13.jpg)
A brief history of PGP
1977 - Whitfield Diffie, Martin Hellman and Ralph Merkledevelop and patent public key cryptography1991 - US Senate Bill 2661991 - Phil Zimmerman develops PGP1993 - US Government starts a criminal investigation1995 - PGP: Source Code and Internals1996 - Case against Phil Zimmerman dropped1997 - GnuPG first released1999 - Why Johnny can’t encrypt: a usability evaluation ofPGP 5.0
2013 - Edward Snowden2015 - Why Johnny Still, Still Can’t Encrypt: Evaluating theUsability of a Modern PGP Client
![Page 14: Introduction to PGP - University of Oxfordold.ictf.ox.ac.uk/conference/2016/A4-Introduction-to-PGP.pdf · 1996 - Case against Phil Zimmerman dropped 1997 - GnuPG first released](https://reader031.vdocuments.site/reader031/viewer/2022022018/5b9168a609d3f2c05d8b7352/html5/thumbnails/14.jpg)
A brief history of PGP
1977 - Whitfield Diffie, Martin Hellman and Ralph Merkledevelop and patent public key cryptography1991 - US Senate Bill 2661991 - Phil Zimmerman develops PGP1993 - US Government starts a criminal investigation1995 - PGP: Source Code and Internals1996 - Case against Phil Zimmerman dropped1997 - GnuPG first released1999 - Why Johnny can’t encrypt: a usability evaluation ofPGP 5.02013 - Edward Snowden
2015 - Why Johnny Still, Still Can’t Encrypt: Evaluating theUsability of a Modern PGP Client
![Page 15: Introduction to PGP - University of Oxfordold.ictf.ox.ac.uk/conference/2016/A4-Introduction-to-PGP.pdf · 1996 - Case against Phil Zimmerman dropped 1997 - GnuPG first released](https://reader031.vdocuments.site/reader031/viewer/2022022018/5b9168a609d3f2c05d8b7352/html5/thumbnails/15.jpg)
A brief history of PGP
1977 - Whitfield Diffie, Martin Hellman and Ralph Merkledevelop and patent public key cryptography1991 - US Senate Bill 2661991 - Phil Zimmerman develops PGP1993 - US Government starts a criminal investigation1995 - PGP: Source Code and Internals1996 - Case against Phil Zimmerman dropped1997 - GnuPG first released1999 - Why Johnny can’t encrypt: a usability evaluation ofPGP 5.02013 - Edward Snowden2015 - Why Johnny Still, Still Can’t Encrypt: Evaluating theUsability of a Modern PGP Client
![Page 16: Introduction to PGP - University of Oxfordold.ictf.ox.ac.uk/conference/2016/A4-Introduction-to-PGP.pdf · 1996 - Case against Phil Zimmerman dropped 1997 - GnuPG first released](https://reader031.vdocuments.site/reader031/viewer/2022022018/5b9168a609d3f2c05d8b7352/html5/thumbnails/16.jpg)
How it works: the building blocks
The building blocksSymmetric cryptographyAsymmetric (public key) cryptographyHashing
![Page 17: Introduction to PGP - University of Oxfordold.ictf.ox.ac.uk/conference/2016/A4-Introduction-to-PGP.pdf · 1996 - Case against Phil Zimmerman dropped 1997 - GnuPG first released](https://reader031.vdocuments.site/reader031/viewer/2022022018/5b9168a609d3f2c05d8b7352/html5/thumbnails/17.jpg)
Symmetric cryptography
The same key is used for encryption and decryption
This has been with us for centuries...
Plain: ABCDEFGHIJKLMNOPQRSTUVWXYZCipher: XYZABCDEFGHIJKLMNOPQRSTUVW
Using to encrypt:Plaintext WELCOME TO THE ICTF CONFERENCE
Ciphertext TBIZLJB QL QEB FZQC ZLKCBOBKZB
![Page 18: Introduction to PGP - University of Oxfordold.ictf.ox.ac.uk/conference/2016/A4-Introduction-to-PGP.pdf · 1996 - Case against Phil Zimmerman dropped 1997 - GnuPG first released](https://reader031.vdocuments.site/reader031/viewer/2022022018/5b9168a609d3f2c05d8b7352/html5/thumbnails/18.jpg)
Symmetric cryptography
The same key is used for encryption and decryption
This has been with us for centuries...Plain: ABCDEFGHIJKLMNOPQRSTUVWXYZ
Cipher: XYZABCDEFGHIJKLMNOPQRSTUVW
Using to encrypt:Plaintext WELCOME TO THE ICTF CONFERENCE
Ciphertext TBIZLJB QL QEB FZQC ZLKCBOBKZB
![Page 19: Introduction to PGP - University of Oxfordold.ictf.ox.ac.uk/conference/2016/A4-Introduction-to-PGP.pdf · 1996 - Case against Phil Zimmerman dropped 1997 - GnuPG first released](https://reader031.vdocuments.site/reader031/viewer/2022022018/5b9168a609d3f2c05d8b7352/html5/thumbnails/19.jpg)
Symmetric encryption
Examples: AES, CAST5, Blowfish, Camellia, IDEA
Problem: key distribution
![Page 20: Introduction to PGP - University of Oxfordold.ictf.ox.ac.uk/conference/2016/A4-Introduction-to-PGP.pdf · 1996 - Case against Phil Zimmerman dropped 1997 - GnuPG first released](https://reader031.vdocuments.site/reader031/viewer/2022022018/5b9168a609d3f2c05d8b7352/html5/thumbnails/20.jpg)
Symmetric encryption
Examples: AES, CAST5, Blowfish, Camellia, IDEAProblem: key distribution
![Page 21: Introduction to PGP - University of Oxfordold.ictf.ox.ac.uk/conference/2016/A4-Introduction-to-PGP.pdf · 1996 - Case against Phil Zimmerman dropped 1997 - GnuPG first released](https://reader031.vdocuments.site/reader031/viewer/2022022018/5b9168a609d3f2c05d8b7352/html5/thumbnails/21.jpg)
Asymmetric cryptography
Different (but linked) keys used for encryption and decryption:a private and a public key
Only been around ≈ 50 yearsUses mathematical properties to ensure security (eg primenumber factorisation, discrete logarithm computation)
Solves the key-sharing problem!But slower than symmetric encryption (larger keys)Examples: RSA, DSA, ElGamal, ECDSA
![Page 22: Introduction to PGP - University of Oxfordold.ictf.ox.ac.uk/conference/2016/A4-Introduction-to-PGP.pdf · 1996 - Case against Phil Zimmerman dropped 1997 - GnuPG first released](https://reader031.vdocuments.site/reader031/viewer/2022022018/5b9168a609d3f2c05d8b7352/html5/thumbnails/22.jpg)
Asymmetric cryptography
Different (but linked) keys used for encryption and decryption:a private and a public key
Only been around ≈ 50 yearsUses mathematical properties to ensure security (eg primenumber factorisation, discrete logarithm computation)Solves the key-sharing problem!But slower than symmetric encryption (larger keys)
Examples: RSA, DSA, ElGamal, ECDSA
![Page 23: Introduction to PGP - University of Oxfordold.ictf.ox.ac.uk/conference/2016/A4-Introduction-to-PGP.pdf · 1996 - Case against Phil Zimmerman dropped 1997 - GnuPG first released](https://reader031.vdocuments.site/reader031/viewer/2022022018/5b9168a609d3f2c05d8b7352/html5/thumbnails/23.jpg)
Asymmetric cryptography
Different (but linked) keys used for encryption and decryption:a private and a public key
Only been around ≈ 50 yearsUses mathematical properties to ensure security (eg primenumber factorisation, discrete logarithm computation)Solves the key-sharing problem!But slower than symmetric encryption (larger keys)Examples: RSA, DSA, ElGamal, ECDSA
![Page 24: Introduction to PGP - University of Oxfordold.ictf.ox.ac.uk/conference/2016/A4-Introduction-to-PGP.pdf · 1996 - Case against Phil Zimmerman dropped 1997 - GnuPG first released](https://reader031.vdocuments.site/reader031/viewer/2022022018/5b9168a609d3f2c05d8b7352/html5/thumbnails/24.jpg)
Asymmetric cryptography
Not quite as simple - but can be implemented in 3 lines of perl...
#!/bin/perl -sp0777i<X+d*lMLaˆ*lN%0]dsXx++lMlN/dsM0<j]dsj$/=unpack(’H*’,$_);$_=‘echo 16dio\U$k"SK$/SM$n\EsN0p[lN*1lK[d2%Sa2/d0$ˆIxp"|dc‘;s/\W//g;$_=pack(’H*’,/((..)*)$/)
Usage:rsa -k=public-key -n=rsa-modulus < msg > msg.rsarsa -k=private-key -n=rsa-modulus < msg.rsa > msg.out
![Page 25: Introduction to PGP - University of Oxfordold.ictf.ox.ac.uk/conference/2016/A4-Introduction-to-PGP.pdf · 1996 - Case against Phil Zimmerman dropped 1997 - GnuPG first released](https://reader031.vdocuments.site/reader031/viewer/2022022018/5b9168a609d3f2c05d8b7352/html5/thumbnails/25.jpg)
Hashing
Takes data of an arbitrary size (message) and maps it to afixed size (digest)One-way
Useful to check that a message hasn’t been modified
HELLO WORLD 361fadf1c712e812d198c4cab5712a79HALLO WORLD fbb80bf0d72fb5ebf03c776db4e80fe8
Examples: MD5, SHA-1, SHA-512
![Page 26: Introduction to PGP - University of Oxfordold.ictf.ox.ac.uk/conference/2016/A4-Introduction-to-PGP.pdf · 1996 - Case against Phil Zimmerman dropped 1997 - GnuPG first released](https://reader031.vdocuments.site/reader031/viewer/2022022018/5b9168a609d3f2c05d8b7352/html5/thumbnails/26.jpg)
Hashing
Takes data of an arbitrary size (message) and maps it to afixed size (digest)One-wayUseful to check that a message hasn’t been modified
HELLO WORLD 361fadf1c712e812d198c4cab5712a79HALLO WORLD fbb80bf0d72fb5ebf03c776db4e80fe8
Examples: MD5, SHA-1, SHA-512
![Page 27: Introduction to PGP - University of Oxfordold.ictf.ox.ac.uk/conference/2016/A4-Introduction-to-PGP.pdf · 1996 - Case against Phil Zimmerman dropped 1997 - GnuPG first released](https://reader031.vdocuments.site/reader031/viewer/2022022018/5b9168a609d3f2c05d8b7352/html5/thumbnails/27.jpg)
Hashing
Takes data of an arbitrary size (message) and maps it to afixed size (digest)One-wayUseful to check that a message hasn’t been modified
HELLO WORLD 361fadf1c712e812d198c4cab5712a79HALLO WORLD fbb80bf0d72fb5ebf03c776db4e80fe8
Examples: MD5, SHA-1, SHA-512
![Page 28: Introduction to PGP - University of Oxfordold.ictf.ox.ac.uk/conference/2016/A4-Introduction-to-PGP.pdf · 1996 - Case against Phil Zimmerman dropped 1997 - GnuPG first released](https://reader031.vdocuments.site/reader031/viewer/2022022018/5b9168a609d3f2c05d8b7352/html5/thumbnails/28.jpg)
Hashing
Takes data of an arbitrary size (message) and maps it to afixed size (digest)One-wayUseful to check that a message hasn’t been modified
HELLO WORLD 361fadf1c712e812d198c4cab5712a79HALLO WORLD fbb80bf0d72fb5ebf03c776db4e80fe8
Examples: MD5, SHA-1, SHA-512
![Page 29: Introduction to PGP - University of Oxfordold.ictf.ox.ac.uk/conference/2016/A4-Introduction-to-PGP.pdf · 1996 - Case against Phil Zimmerman dropped 1997 - GnuPG first released](https://reader031.vdocuments.site/reader031/viewer/2022022018/5b9168a609d3f2c05d8b7352/html5/thumbnails/29.jpg)
Putting it all together
PGP uses all of thase building blocks - symmetric and asymmetricencryption, and hashing (plus compression).
![Page 30: Introduction to PGP - University of Oxfordold.ictf.ox.ac.uk/conference/2016/A4-Introduction-to-PGP.pdf · 1996 - Case against Phil Zimmerman dropped 1997 - GnuPG first released](https://reader031.vdocuments.site/reader031/viewer/2022022018/5b9168a609d3f2c05d8b7352/html5/thumbnails/30.jpg)
Putting it all together
PGP uses all of thase building blocks - symmetric and asymmetricencryption, and hashing (plus compression).
![Page 31: Introduction to PGP - University of Oxfordold.ictf.ox.ac.uk/conference/2016/A4-Introduction-to-PGP.pdf · 1996 - Case against Phil Zimmerman dropped 1997 - GnuPG first released](https://reader031.vdocuments.site/reader031/viewer/2022022018/5b9168a609d3f2c05d8b7352/html5/thumbnails/31.jpg)
Putting it all together
PGP uses all of thase building blocks - symmetric and asymmetricencryption, and hashing (plus compression).
![Page 32: Introduction to PGP - University of Oxfordold.ictf.ox.ac.uk/conference/2016/A4-Introduction-to-PGP.pdf · 1996 - Case against Phil Zimmerman dropped 1997 - GnuPG first released](https://reader031.vdocuments.site/reader031/viewer/2022022018/5b9168a609d3f2c05d8b7352/html5/thumbnails/32.jpg)
Putting it all together
PGP uses all of thase building blocks - symmetric and asymmetricencryption, and hashing (plus compression).
![Page 33: Introduction to PGP - University of Oxfordold.ictf.ox.ac.uk/conference/2016/A4-Introduction-to-PGP.pdf · 1996 - Case against Phil Zimmerman dropped 1997 - GnuPG first released](https://reader031.vdocuments.site/reader031/viewer/2022022018/5b9168a609d3f2c05d8b7352/html5/thumbnails/33.jpg)
Putting it all together
Decryption is the same, just in reverse
![Page 34: Introduction to PGP - University of Oxfordold.ictf.ox.ac.uk/conference/2016/A4-Introduction-to-PGP.pdf · 1996 - Case against Phil Zimmerman dropped 1997 - GnuPG first released](https://reader031.vdocuments.site/reader031/viewer/2022022018/5b9168a609d3f2c05d8b7352/html5/thumbnails/34.jpg)
Putting it all together
Decryption is the same, just in reverse
![Page 35: Introduction to PGP - University of Oxfordold.ictf.ox.ac.uk/conference/2016/A4-Introduction-to-PGP.pdf · 1996 - Case against Phil Zimmerman dropped 1997 - GnuPG first released](https://reader031.vdocuments.site/reader031/viewer/2022022018/5b9168a609d3f2c05d8b7352/html5/thumbnails/35.jpg)
Putting it all together
Decryption is the same, just in reverse
![Page 36: Introduction to PGP - University of Oxfordold.ictf.ox.ac.uk/conference/2016/A4-Introduction-to-PGP.pdf · 1996 - Case against Phil Zimmerman dropped 1997 - GnuPG first released](https://reader031.vdocuments.site/reader031/viewer/2022022018/5b9168a609d3f2c05d8b7352/html5/thumbnails/36.jpg)
Putting it all together
Decryption is the same, just in reverse
![Page 37: Introduction to PGP - University of Oxfordold.ictf.ox.ac.uk/conference/2016/A4-Introduction-to-PGP.pdf · 1996 - Case against Phil Zimmerman dropped 1997 - GnuPG first released](https://reader031.vdocuments.site/reader031/viewer/2022022018/5b9168a609d3f2c05d8b7352/html5/thumbnails/37.jpg)
Wait, what about the hashing?
Hashing is used to sign messages.
These signed messages can then be used as inputs to theencryption process
![Page 38: Introduction to PGP - University of Oxfordold.ictf.ox.ac.uk/conference/2016/A4-Introduction-to-PGP.pdf · 1996 - Case against Phil Zimmerman dropped 1997 - GnuPG first released](https://reader031.vdocuments.site/reader031/viewer/2022022018/5b9168a609d3f2c05d8b7352/html5/thumbnails/38.jpg)
Hang on, how about the keys?
PGP needs a public and private (secret) keypair
The private key is a secretThe private key should be kept secret. Only the public key shouldbe shared!
When encrypting to someone, you need their public keyGPG uses a ’web of trust’ - you need to sign a key yourself (ortrust someone else who has signed the key)This is what keysigning involves
![Page 39: Introduction to PGP - University of Oxfordold.ictf.ox.ac.uk/conference/2016/A4-Introduction-to-PGP.pdf · 1996 - Case against Phil Zimmerman dropped 1997 - GnuPG first released](https://reader031.vdocuments.site/reader031/viewer/2022022018/5b9168a609d3f2c05d8b7352/html5/thumbnails/39.jpg)
Hang on, how about the keys?
PGP needs a public and private (secret) keypair
The private key is a secretThe private key should be kept secret. Only the public key shouldbe shared!
When encrypting to someone, you need their public key
GPG uses a ’web of trust’ - you need to sign a key yourself (ortrust someone else who has signed the key)This is what keysigning involves
![Page 40: Introduction to PGP - University of Oxfordold.ictf.ox.ac.uk/conference/2016/A4-Introduction-to-PGP.pdf · 1996 - Case against Phil Zimmerman dropped 1997 - GnuPG first released](https://reader031.vdocuments.site/reader031/viewer/2022022018/5b9168a609d3f2c05d8b7352/html5/thumbnails/40.jpg)
Hang on, how about the keys?
PGP needs a public and private (secret) keypair
The private key is a secretThe private key should be kept secret. Only the public key shouldbe shared!
When encrypting to someone, you need their public keyGPG uses a ’web of trust’ - you need to sign a key yourself (ortrust someone else who has signed the key)
This is what keysigning involves
![Page 41: Introduction to PGP - University of Oxfordold.ictf.ox.ac.uk/conference/2016/A4-Introduction-to-PGP.pdf · 1996 - Case against Phil Zimmerman dropped 1997 - GnuPG first released](https://reader031.vdocuments.site/reader031/viewer/2022022018/5b9168a609d3f2c05d8b7352/html5/thumbnails/41.jpg)
Hang on, how about the keys?
PGP needs a public and private (secret) keypair
The private key is a secretThe private key should be kept secret. Only the public key shouldbe shared!
When encrypting to someone, you need their public keyGPG uses a ’web of trust’ - you need to sign a key yourself (ortrust someone else who has signed the key)This is what keysigning involves
![Page 42: Introduction to PGP - University of Oxfordold.ictf.ox.ac.uk/conference/2016/A4-Introduction-to-PGP.pdf · 1996 - Case against Phil Zimmerman dropped 1997 - GnuPG first released](https://reader031.vdocuments.site/reader031/viewer/2022022018/5b9168a609d3f2c05d8b7352/html5/thumbnails/42.jpg)
Identifying and signing keys
Michael Howe (Sysdev) <[email protected]>
Short ID: 0x6853C4FA
Long ID: 0x3B8BC9316853C4FA
Fingerprint: 810A 24B4 83E8 B097 E7B0 4EA1 3B8B C9316853 C4FA
![Page 43: Introduction to PGP - University of Oxfordold.ictf.ox.ac.uk/conference/2016/A4-Introduction-to-PGP.pdf · 1996 - Case against Phil Zimmerman dropped 1997 - GnuPG first released](https://reader031.vdocuments.site/reader031/viewer/2022022018/5b9168a609d3f2c05d8b7352/html5/thumbnails/43.jpg)
Sharing keys
![Page 44: Introduction to PGP - University of Oxfordold.ictf.ox.ac.uk/conference/2016/A4-Introduction-to-PGP.pdf · 1996 - Case against Phil Zimmerman dropped 1997 - GnuPG first released](https://reader031.vdocuments.site/reader031/viewer/2022022018/5b9168a609d3f2c05d8b7352/html5/thumbnails/44.jpg)
Sharing keys
![Page 45: Introduction to PGP - University of Oxfordold.ictf.ox.ac.uk/conference/2016/A4-Introduction-to-PGP.pdf · 1996 - Case against Phil Zimmerman dropped 1997 - GnuPG first released](https://reader031.vdocuments.site/reader031/viewer/2022022018/5b9168a609d3f2c05d8b7352/html5/thumbnails/45.jpg)
Sharing keys
![Page 46: Introduction to PGP - University of Oxfordold.ictf.ox.ac.uk/conference/2016/A4-Introduction-to-PGP.pdf · 1996 - Case against Phil Zimmerman dropped 1997 - GnuPG first released](https://reader031.vdocuments.site/reader031/viewer/2022022018/5b9168a609d3f2c05d8b7352/html5/thumbnails/46.jpg)
Why might you use it?
EncryptionSigning
...
![Page 47: Introduction to PGP - University of Oxfordold.ictf.ox.ac.uk/conference/2016/A4-Introduction-to-PGP.pdf · 1996 - Case against Phil Zimmerman dropped 1997 - GnuPG first released](https://reader031.vdocuments.site/reader031/viewer/2022022018/5b9168a609d3f2c05d8b7352/html5/thumbnails/47.jpg)
Why might you use it?
EncryptionSigning
...
![Page 48: Introduction to PGP - University of Oxfordold.ictf.ox.ac.uk/conference/2016/A4-Introduction-to-PGP.pdf · 1996 - Case against Phil Zimmerman dropped 1997 - GnuPG first released](https://reader031.vdocuments.site/reader031/viewer/2022022018/5b9168a609d3f2c05d8b7352/html5/thumbnails/48.jpg)
Why might you use it?
EncryptionSigning
...
![Page 49: Introduction to PGP - University of Oxfordold.ictf.ox.ac.uk/conference/2016/A4-Introduction-to-PGP.pdf · 1996 - Case against Phil Zimmerman dropped 1997 - GnuPG first released](https://reader031.vdocuments.site/reader031/viewer/2022022018/5b9168a609d3f2c05d8b7352/html5/thumbnails/49.jpg)
Why might you use it?
EncryptionSigning
...
![Page 50: Introduction to PGP - University of Oxfordold.ictf.ox.ac.uk/conference/2016/A4-Introduction-to-PGP.pdf · 1996 - Case against Phil Zimmerman dropped 1997 - GnuPG first released](https://reader031.vdocuments.site/reader031/viewer/2022022018/5b9168a609d3f2c05d8b7352/html5/thumbnails/50.jpg)
Why might you use it?
EncryptionSigning
...
![Page 51: Introduction to PGP - University of Oxfordold.ictf.ox.ac.uk/conference/2016/A4-Introduction-to-PGP.pdf · 1996 - Case against Phil Zimmerman dropped 1997 - GnuPG first released](https://reader031.vdocuments.site/reader031/viewer/2022022018/5b9168a609d3f2c05d8b7352/html5/thumbnails/51.jpg)
Things I use it for
A non-exhaustive list:Signing mailsSigning SSL certificate signing requestsSigning team-internal Debian packagesStoring passwords with pass(https://www.passwordstore.org)Sharing passwords with members of my teamValidating CSRs and Shibboleth metadata requests
![Page 52: Introduction to PGP - University of Oxfordold.ictf.ox.ac.uk/conference/2016/A4-Introduction-to-PGP.pdf · 1996 - Case against Phil Zimmerman dropped 1997 - GnuPG first released](https://reader031.vdocuments.site/reader031/viewer/2022022018/5b9168a609d3f2c05d8b7352/html5/thumbnails/52.jpg)
How might you use it?
If you want to be extra safe, check that there’s a bigblock of jumbled characters at the bottom.
http://xkcd.com/1181/
![Page 53: Introduction to PGP - University of Oxfordold.ictf.ox.ac.uk/conference/2016/A4-Introduction-to-PGP.pdf · 1996 - Case against Phil Zimmerman dropped 1997 - GnuPG first released](https://reader031.vdocuments.site/reader031/viewer/2022022018/5b9168a609d3f2c05d8b7352/html5/thumbnails/53.jpg)
Don’t panic!
Despite all that, don’t give up yet!
![Page 54: Introduction to PGP - University of Oxfordold.ictf.ox.ac.uk/conference/2016/A4-Introduction-to-PGP.pdf · 1996 - Case against Phil Zimmerman dropped 1997 - GnuPG first released](https://reader031.vdocuments.site/reader031/viewer/2022022018/5b9168a609d3f2c05d8b7352/html5/thumbnails/54.jpg)
How might you use it?
Work out what you want to doEncrypt files in transit (eg Oxfile)Assert your identity when communicating with, eg, IT Services
Start smallFind a friendKnow what you’re doing before involving non-technical people
![Page 55: Introduction to PGP - University of Oxfordold.ictf.ox.ac.uk/conference/2016/A4-Introduction-to-PGP.pdf · 1996 - Case against Phil Zimmerman dropped 1997 - GnuPG first released](https://reader031.vdocuments.site/reader031/viewer/2022022018/5b9168a609d3f2c05d8b7352/html5/thumbnails/55.jpg)
How might you use it?
Work out what you want to doEncrypt files in transit (eg Oxfile)Assert your identity when communicating with, eg, IT Services
Start small
Find a friendKnow what you’re doing before involving non-technical people
![Page 56: Introduction to PGP - University of Oxfordold.ictf.ox.ac.uk/conference/2016/A4-Introduction-to-PGP.pdf · 1996 - Case against Phil Zimmerman dropped 1997 - GnuPG first released](https://reader031.vdocuments.site/reader031/viewer/2022022018/5b9168a609d3f2c05d8b7352/html5/thumbnails/56.jpg)
How might you use it?
Work out what you want to doEncrypt files in transit (eg Oxfile)Assert your identity when communicating with, eg, IT Services
Start smallFind a friend
Know what you’re doing before involving non-technical people
![Page 57: Introduction to PGP - University of Oxfordold.ictf.ox.ac.uk/conference/2016/A4-Introduction-to-PGP.pdf · 1996 - Case against Phil Zimmerman dropped 1997 - GnuPG first released](https://reader031.vdocuments.site/reader031/viewer/2022022018/5b9168a609d3f2c05d8b7352/html5/thumbnails/57.jpg)
How might you use it?
Work out what you want to doEncrypt files in transit (eg Oxfile)Assert your identity when communicating with, eg, IT Services
Start smallFind a friendKnow what you’re doing before involving non-technical people
![Page 58: Introduction to PGP - University of Oxfordold.ictf.ox.ac.uk/conference/2016/A4-Introduction-to-PGP.pdf · 1996 - Case against Phil Zimmerman dropped 1997 - GnuPG first released](https://reader031.vdocuments.site/reader031/viewer/2022022018/5b9168a609d3f2c05d8b7352/html5/thumbnails/58.jpg)
Some demonstrations
Here’s one I partially prepared earlier...
![Page 59: Introduction to PGP - University of Oxfordold.ictf.ox.ac.uk/conference/2016/A4-Introduction-to-PGP.pdf · 1996 - Case against Phil Zimmerman dropped 1997 - GnuPG first released](https://reader031.vdocuments.site/reader031/viewer/2022022018/5b9168a609d3f2c05d8b7352/html5/thumbnails/59.jpg)
Using Thunderbird and Enigmail
![Page 60: Introduction to PGP - University of Oxfordold.ictf.ox.ac.uk/conference/2016/A4-Introduction-to-PGP.pdf · 1996 - Case against Phil Zimmerman dropped 1997 - GnuPG first released](https://reader031.vdocuments.site/reader031/viewer/2022022018/5b9168a609d3f2c05d8b7352/html5/thumbnails/60.jpg)
Using Thunderbird and Enigmail
![Page 61: Introduction to PGP - University of Oxfordold.ictf.ox.ac.uk/conference/2016/A4-Introduction-to-PGP.pdf · 1996 - Case against Phil Zimmerman dropped 1997 - GnuPG first released](https://reader031.vdocuments.site/reader031/viewer/2022022018/5b9168a609d3f2c05d8b7352/html5/thumbnails/61.jpg)
Phew!
A whistlestop tour:How PGP came to beHow it worksHow and why it’s used, and you might consider using it
Anyone interested in keysigning?
![Page 62: Introduction to PGP - University of Oxfordold.ictf.ox.ac.uk/conference/2016/A4-Introduction-to-PGP.pdf · 1996 - Case against Phil Zimmerman dropped 1997 - GnuPG first released](https://reader031.vdocuments.site/reader031/viewer/2022022018/5b9168a609d3f2c05d8b7352/html5/thumbnails/62.jpg)
Phew!
A whistlestop tour:How PGP came to beHow it worksHow and why it’s used, and you might consider using itAnyone interested in keysigning?
![Page 63: Introduction to PGP - University of Oxfordold.ictf.ox.ac.uk/conference/2016/A4-Introduction-to-PGP.pdf · 1996 - Case against Phil Zimmerman dropped 1997 - GnuPG first released](https://reader031.vdocuments.site/reader031/viewer/2022022018/5b9168a609d3f2c05d8b7352/html5/thumbnails/63.jpg)
Useful resources
ApplicationsGnuPG: https://www.gnupg.org/GPG4Win: https://www.gpg4win.org/Enigmail: https://www.enigmail.net/
TutorialsGPG on Windows:https://ssd.eff.org/en/module/how-use-pgp-windowsGPG on Linux: https://help.ubuntu.com/community/GnuPrivacyGuardHowto
PapersWhy Johnny Can’t Encrypt:http://dl.acm.org/citation.cfm?id=1251435Why Johnny Still, Still Can’t Encrypt:https://arxiv.org/abs/1510.08555
![Page 64: Introduction to PGP - University of Oxfordold.ictf.ox.ac.uk/conference/2016/A4-Introduction-to-PGP.pdf · 1996 - Case against Phil Zimmerman dropped 1997 - GnuPG first released](https://reader031.vdocuments.site/reader031/viewer/2022022018/5b9168a609d3f2c05d8b7352/html5/thumbnails/64.jpg)
Questions?
Any questions?
![Page 65: Introduction to PGP - University of Oxfordold.ictf.ox.ac.uk/conference/2016/A4-Introduction-to-PGP.pdf · 1996 - Case against Phil Zimmerman dropped 1997 - GnuPG first released](https://reader031.vdocuments.site/reader031/viewer/2022022018/5b9168a609d3f2c05d8b7352/html5/thumbnails/65.jpg)
Useful resources
ApplicationsGnuPG: https://www.gnupg.org/GPG4Win: https://www.gpg4win.org/Enigmail: https://www.enigmail.net/
TutorialsGPG on Windows:https://ssd.eff.org/en/module/how-use-pgp-windowsGPG on Linux: https://help.ubuntu.com/community/GnuPrivacyGuardHowto
PapersWhy Johnny Can’t Encrypt:http://dl.acm.org/citation.cfm?id=1251435Why Johnny Still, Still Can’t Encrypt:https://arxiv.org/abs/1510.08555