The Research on PGP Private Key Ring Cracking and Its Application

Transcription

1 The Research on PGP Private Key Ring Cracking and Its Application Xiaoyan Deng 1 *, Qingbing Ji 2, Lijun Zhang 3 1. College of Applied Mathematics,Chengdu University of Information Technology,Chengdu, China. 2. Science, Technology on Communication Security Laboratory,Chengdu, China Abstract: Some criminals take advantage of PGP encrypted technology to engage in illegal activities. This paper proposes an effective method to crack PGP private key ring and crack PGP encrypted message, which provides the feasibility for the judicial investigation, counter-terrorism and prevention of criminal activity. Keywords: PGP; private key ring; signature 1. Introduction Since the Internet TCP/IP protocol is insecure for file transfer, and other electronic business affairs, it is urgent to solve the problem of protecting private data from being stolen or tampered and ensuring the security of during transmission. The most common way is to adopt encryption technology and the popular encryption software is PGP (Pretty Good Privacy) [1, 2]. PGP is an encryption software series based on, SHA-1 and AES encryption algorithms. It is approved by American s standards and technology organization NIST (National Institute of Standards and Technology) as one of the two secure encryption systems, which acquires widespread attention and recognition from its users. Nowadays, PGP source code is free [3] and its personal edition is divided into free version and desktop version. Free version can be freely downloaded but only permitted to be used by home users, students and nonprofit organizations. Moreover, this version can merely encrypt and sign while the desktop version is more powerful and even can be applied to commercial purposes [4]. There are many version numbers of PGP currently and the final free available version is PGP [5]. Due to the effect of purchase by Symantec corporation [6], PGP is no longer released separately as a stand-alone installation package after version but exists in the form of integrated plug-ins contained in other commercial security products of Symantec Norton company. Hence, the majority of Internet users employ PGP Encryption protection is a double-edged sword. On the one hand, it conveniently prevents the private information to be leaked. However, the end to end encryption mode provides an opportunity for some criminals to engage in illegal activities through encrypted , which induces that it is more difficult to implement investigation and evidence collection for those criminal activities of property infringement, corrupt transaction and even worse cases of affecting market economic order, national security and social stability. So, the research on recovery of PGP encrypted message is greatly significant to prevent and investigate behaviors of leaking national secrets, terrorism and other criminal activities. In recent years, academic research on the security of PGP has never stopped[7-9]. 2 Material and Methods 2.1 Some Notations ks: session key; skrx: user X's private key; pkrx: User X's public key; EC: symmetric encryption, optional algorithms are AES (up to 256 bits), CAST, TripleDES, IDEA, Twofish, Blowfish and Arc4 (128 bits), etc; DC: symmetric decryption; H: a hash function, optional algorithms are SHA-1, SHA-256, SHA-384, SHA-512, MD5 and RIPEMD-160, etc; Z: data compression algorithm, optional algorithms are ZIP, ZLIP etc; Z -1 : the inverse operation of Z; : concatenation operation; R64: base 64 format of ASCII code; R64-1 : inverse operation of R The Principles of PGP Encryption Let A and B be the sender and receiver respectively. The sender A encrypts and signs an with the following process: (1) enters the password of the private key ring and gets his private key skra used for signature; (2) uses a hash algorithm H to obtain the message digest of plaintext (for example, H can be SHA-1 or RIPEMD-160); (3) uses the private key skra to sign the message digest and obtain the signed message digest; (4) merges the signed message digest and plaintext then compresses them with algorithm Z; (5) generates the session encryption key ks randomly; (6) use ks and symmetric encryption EC to encrypt the compressed message in last step and gets the corresponding ciphertext; (7) uses the public key pkrb to encrypt ks with algorithm; (8) merges the encrypted session key and the ciphertext, then sends this encrypted message to user B after Base64 format conversion. This PGP signature and encryption process is shown in Figure 1. When user B receives the , he will execute the decryption and verification process as follows: (1) implements R64-1 operation on the received ciphertext, which transforms message to a hexadecimal string format from the ASCII code format; (2) enter B s password to obtain the private key ring skrb for decrypting the session key; Journal of Residuals Science & Technology, Vol. 13, No. 7,

2 Passphrase of A Plaintext H Public Key pkrb of Private Key skra of signature The Signed Message Digest Message digest Encryption Generate ks Randomly The Signed Message Digest Plaintext Z The Compressed Message EC Encrypted Session Key Ciphertext R64 Ciphertext for Sending Figure 1 The signature and encryption process (3) decrypts the session key with skrb to get the plaintext of ks; (4) execute decryption algorithm DC with key ks to obtain compressed concatenation message signed message digest plaintext ; (5) decompresses with Z -1 algorithm to get the original message signed message digest plaintext ; (6) uses public key pkra to decrypt the signed message digest; (7) decryptes the plaintext and computes its message digest with H algorithm; (8) compares the two message digest in step (6) and step (7), if they match, then accepts this as user A s, else rejects this . This PGP decryption and verification is shown in Figure 2. Passphrase of B Ciphertext R64-1 Private Key skrb of Decryption Encrypted Session Key Ciphertext Session Key ks DC Compressed Signed message digest plaintext Z -1 signed message digest plaintext Public Key pkra of Encryption Message Digest signed message digest Match? Plaintext H Message digest Figure 2 The decryption and verification process 2.3 PGP Key Management Session Key Generation. PGP session key is a random number generated by the random number generator based ANSIX.917 algorithm. This random number generator obtains the random seed from the user's keyboarding intervals. For the random seed file randseed.bin on hard disk, it is also encrypted by the same strong cryptographic algorithm as that for encryption which prevents attackers to analyze the seed file to get information of session key. Journal of Residuals Science & Technology, Vol. 13, No. 7,

3 Key Identifier. PGP allows the user to have multiple public/private key pairs. These key paris change from time to time, and at the same time, many key pairs are used in different interactive communication group. There is no one-to-one relationship between the user and their key pair. So PGP specifies a key ID for every public key of every user, which almost is unique for the every user. Now, suppose A wants to communicate with B using one public key of B, B will know the corresponding private key in terms of key ID. In fact, a key ID consists of the lower 64 bit of a public key, this length is sufficient to guarantee the uniqueness of key ID for one user. Key Ring. Key needs to be organized and stored in a systematic way to make it effective and efficient use. PGP provides a pair of data structure at each node, one is to store the node s public/private key pair (named private key ring), the other is to store all the other user s public key (named public key ring) which this node knows. Every user correspondingly has both key rings, note that in the private key ring, the private key is encrypted to store. Key Management Features. Key is the most important component in an encryption system, so there is no doubt of the importance of the key management. In fact, this is often the most vulnerable part in the entire system which is easily to be attacked by cryptographist. Therefore, an excellent encryption software is always careful on key management and takes a number of additional measures to protect key. The core part of PGP key management is certificate and key distribution. For any public key to be used, it will be identified. Recognize the reliability of identification is essentially based on mutual trust relationship between people. PGP system is exactly identifying the authenticity of the public key by imitating the process of building mutual trust in the real society. PGP provides two descriptions for every public key in the public ring, which is authenticity and trust respectively. Authenticity shows the true extent of the public key and the PGP system will automatically calculate a value to measure it. Trust is the confidence degree of received key s owner. PGP always prompts the user to input a trust value for the key s owner, and according to a set of rules to calculate the appropriate authenticity parameters. PGP system uses five levels to measure the trust levels in the public key s owner, which also measure the credibility of their signatures. The Use of Password. In PGP system, many places need to use a password which is mainly to protect the private key. Because the private key is too long and complicated, it is difficult to remember. PGP encrypts the private key with a password and stores it in the key ring. Hence a user can use the private key indirectly by remembering easier password. Note that every PGP private key is encrypted by a corresponding password. 2.4 Private Key Ring Cracking By analyzing the encryption mechanism of PGP private key ring, we design an algorithm to crack it. The cracking process of PGP private key ring password is as follows: (1) according to the private key owner's ID, find the the starting position of skrb in the private key ring, then from this position we could obtain parameters PGPskr_n, PGPskr_e, PGPskrSALT, HashSaltlterID, PGPskr_IV and PGPskr_encrypted_key; (2) use SHA-1 algorithm to deal with PGPskrSALT and password strings PassPhrase with HashSaltlterID times iteration to generate 32- byte key; (3) use AES-256 algorithm with the key in step (2) as working key to decrypt string PGAskr_IV PGPskr_encrypted_key, which output the string plain; then exclusive or the PGAskr_encrypted_key with plain byte by byte to obtain the private key PGPskr_key; (4) now obtain the private key parameters in the following manner: PGPskr_d [0~255] = PGPskr_key [2~257]; PGPskr_p [0~127] = PGPskr_key [260~387]; PGPskr_q [0~127] = PGPskr_key [390~517]; PGPskr_u [0~127] = PGPskr_key [520~647]; (5) verify whether the following conditions hold with the parameters PGPskr_n and PGPskr_e: PGPskr_d <PGPskr_n, PGPskr_p 1, PGPskr_q 1, PGPskr_p * PGPskr_q = PGPskr_n, PGPskr_d * PGPskr_e mod (PGPskr_p-1) 1, PGPskr_d * PGPskr_e mod (PGPskr_q-1) 1, PGPskr_p-1 mod PGPskr_q = PGPskr_u, PGPskr_u <PGAskr_q; (6) if all the conditions are satisfied in step (5), then the password PassPhrase is correct, else go to the next step; (7) try another password PassPhrase, go to step (2). The PGP private key ring password cracking process is shown in figure 3. Journal of Residuals Science & Technology, Vol. 13, No. 7,

4 Private Key Ring of B; ID of Private Key Owner Password String PassPhrase Find the Position of skrb In Private Key Ring and Get Parameters PGPskr_n PGPskr_e PGPskrSALT HashSaltlterID PGPskr_IV and PGPskr_encrypted_key PGPskrSALT HashSaltlterID Use SHA-1 to Deal with PGPskrSALT and PassPhrase to Generate working key key PGPskr_encrypted_key PGAskr_IV Decryp PGAskr_IV PGPskr_encrypted_key to Obtain Plain by Using AES256; Exclusive-or PGAskr_encrypted_key with plainto Get PGPskr_key PGPskr_d[0~255]=PGPskr_key[2~257]; PGPskr_p[0~127]=PGPskr_key[260~387]; PGPskr_q[0~127]=PGPskr_key[390~517]; PGPskr_u[0~127]=PGPskr_key[520~647]; PGPskr_n PGPskr_e Whether the Following Conditions Hold: PGPskr_d < PGPskr_n; PGPskr_p 1; PGPskr_q 1; PGPskr_p*PGPskr_q = PGPskr_n; PGPskr_d*PGPskr_e mod(pgpskr_p-1) 1; PGPskr_d*PGPskr_e mod(pgpskr_q-1) 1; PGPskr_p-1 mod PGPskr_q = PGPskr_u; PGPskr_u < PGAskr_q Conditions Not Satisfied Output Password Figure 3 The process of PGP private key ring password cracking 3 Results Taking the private key ring of PGP as example, we use C language to implement the algorithm of figure 3. In the case of knowing the user ID, we cracked the corresponding private key. Experiments prove the correctness of our algorithm. 4 Discussion From Figure 2, we can see that it only needs to retrieve receiver's private key skrb for decrypting PGP encrypted . According to PGP key management, skrb is in the private key ring of B. In order to obtain skrb, we have to find the password. So for PGP recovery, it can be attributed to crack the receiver s password of encrypting private key ring. 5 Conclusion This paper presented a cracking method for PGP encrypted message. It will be more effective by combining dictionary-based social engineering techniques in the password choice phrase. This cracking method is of great significance for the prevention and investigation of leaking national secret, terrorism and other criminal activities. References [1] Longhua Zhang. Applied Research on PGP Encryption Algorithm [D]. Master Thesis, Liaoning Engineering Technology, [2] Huiping He, Yan Rong, Lan Zhang. Using PGP Software to Realize Safe Sending and Receiving [J]. Computer Security, 2011(01): [3] RFC4880. OpenPGP Message Format [Z]. [4] NAI. PGP Windows User's Guide [M]. Networks Associates Technology Inc, [5] PGP Corporation Home Page [Z].http: // [6] Symantec Corporation Home Page [Z.] theme.jsp? themeid=pgp. [7] Alessandro Barenghi etc.challenging the Trustworthiness of PGP: Is the Web-of-Trust Tear-Proof?Computer Security -- ESORICS 2015 pp [8] Duane Wilson ,Giuseppe Ateniese.From Pretty Good to Great: Enhancing PGP Using Bitcoin and the Blockchain. NSS 2015: Network and System Security pp Journal of Residuals Science & Technology, Vol. 13, No. 7,

5 [9] Czesław Kościelny, Mirosław Kurkowski, Marian Srebrny. PGP Systems and TrueCrypt. Modern Cryptography Primer 2015.pp Journal of Residuals Science & Technology, Vol. 13, No. 7,