Outline Introduction PGP Operation PGP Key Management

Pretty Good Privacy

Mahalingam Ramkumar Mississippi State University, MS

November 15, 2004

Ramkumar

PGP

Outline Introduction PGP Operation PGP Key Management

Introduction PGP Services PGP Operation PGP Components PGP Message Generation and Reception PGP Key Management Structure of Key Rings

Ramkumar

PGP

Outline Introduction PGP Operation PGP Key Management

Services

Services Provided by PGP

1 2

Digital Signature (DSS/SHA or RSA/SHA) Message Encryption (CAST-128, IDEA, 3-DES in conjunction with RSA) Compression (Lempel-Ziv) E-mail compatibility (Radix-64 conversion) Segmentation (to overcome maximum message length of 50,000 bytes for SMTP)

3 4 5

Ramkumar

PGP

Outline Introduction PGP Operation PGP Key Management

Services

PGP Modes of Operation

1 2

Authentication (DSS/SHA or RSA/SHA) Condentiality (CAST-128, IDEA, 3-DES in conjunction with RSA) Authentication and Condentiality

Ramkumar

PGP

Outline Introduction PGP Operation PGP Key Management

Services

PGP Modes
Source A
KRa M H EP || Z Z-1 M EKRa[H(M)]

Destination B
KUa DP Compare H KRb DP DC Z-1 M

(a) Authentication only KUb Ks M Z EC EP ||

EKUb[Ks]

(b) Confidentiality only KUb KRa M H EP || Z EC || Ks EP

EKUb[Ks] KRb DP

EKRa[H(M)]

KUa DP

DC

Z-1

Compare H

(c) Confidentiality and authentication

Figure 15.1 PGP Cryptographic Functions Ramkumar PGP

Outline Introduction PGP Operation PGP Key Management

Services

Transmission and Reception of PGP Messages

X file

convert from radix 64 X R641[X]

Signature required? No

Yes

generate signature X signature || X

Confidentiality required? No

Yes

decrypt key, X

K DKRb[EKUb[Ks]] X DK[X]

Compress X Z(X)

Decompress X Z1(X)

Confidentiality required? No

Yes

encrypt key, X X EKUb[Ks] || EKs[X]

Signature required? No

Yes

strip signature from X verify signature

convert to radix 64 X R64[X]

(a) Generic Transmission Diagram (from A)

(b) Generic Reception Diagram (to B)

Ramkumar

PGP

Outline Introduction PGP Operation PGP Key Management

PGP Components PGP - Sending and Receiving Messages

Keys

Four types of keys - passphrase, one-time session keys, public keys, private keys Two key rings - private and public Private key ring is encrypted with passphrase Every user has a public-private key pair Can have multiple pairs.

2 3 4 5

Ramkumar

PGP

Outline Introduction PGP Operation PGP Key Management

PGP Components PGP - Sending and Receiving Messages

PGP Message Components

1 2 3

Session key component Signature Message

Ramkumar

PGP

Outline Introduction PGP Operation PGP Key Management

PGP Components PGP - Sending and Receiving Messages

Format of PGP Message

Content
Key ID of recipient's public key (KUb) Session key (Ks) Timestamp Signature Key ID of sender's public key (KUa) Leading two octets of message digest Message Digest Filename Timestamp Message Data ZIP EKs EKRa R64 EKUb

Operation

Session key component

Ramkumar

PGP

Outline Introduction PGP Operation PGP Key Management

PGP Components PGP - Sending and Receiving Messages

PGP Message Generation

Public key ring passphrase Private key ring IDA select encrypted private key Key ID private key KRa message digest RNG public key KUb

IDB

select Key ID

DC

H Message M

EP

||

session key Ks signature + message

message

EP
encrypted signature + message

||

Output

EC
Ramkumar PGP

Outline Introduction PGP Operation PGP Key Management

PGP Components PGP - Sending and Receiving Messages

PGP Message Reception

H
Public key ring select

passphrase Private key ring select encrypted private key

DC
private key KRb public key KUa
sender's Key ID Encrypted digest

receiver's Key ID Encrypted session key

DP
session key Ks

encrypted message + signature

DP
Compare

DC
message

H
Ramkumar PGP

Outline Introduction PGP Operation PGP Key Management

Structure of Key Rings

Private Key Ring

1 2 3 4 5

Timestamp Key ID Public key Encrypted Private key (encrypted with passphrase) User ID

Ramkumar

PGP

Outline Introduction PGP Operation PGP Key Management

Structure of Key Rings

Public Key Ring

1 2 3 4 5

Timestamp, Key ID, Public key, User ID, Owner Trust (OT) Key legitamacy (KL) Signature(s) Signature Trust(s) (ST)

Ramkumar

PGP

Outline Introduction PGP Operation PGP Key Management

Structure of Key Rings

Numerical Trust Assignment - for OT and ST

1 2 3 4 5 6

Undened Unknown Usually not trusted Usually trusted Always trusted Ultimate trust

Ramkumar

PGP

Outline Introduction PGP Operation PGP Key Management

Structure of Key Rings

Numerical Trust Assignment - KL

1 2 3 4

Undened or Unknown Not trusted Marginally trusted Complete trust

Ramkumar

PGP

Outline Introduction PGP Operation PGP Key Management

Structure of Key Rings

Relationship between KL, ST and OT

1 2

4 5 6 7 8 9

Consider public key of A signed by B and C rA , rB and rC - rows in the public key ring corresponding to A, B and C . Legitamacy entry for A depends on the signature trusts of B and C in row rA . ST of B in rA - copy of the OT in row rB ST of C in rA - copy of the OT in row rC Owner Trust manually assigned by the PGP user. KL is a function of weighted STs If any ST is ultimate - KL is assigned complete trust X usually trusted signatures or Y for always trusted signatures for A (or any combination) would result in complete trust of As public key
Ramkumar PGP

Outline Introduction PGP Operation PGP Key Management

Structure of Key Rings

Trust Propagation
You

?
G H

?
X Y

P
= unknown signatory = X is signed by Y = key's owner is trusted by you to sign keys = key's owner is partly trusted by you to sign keys = key is deemed legitimate by you

Figure 15.7 Ramkumar PGP Trust Model Example PGP