NetPGP BSD-licensed Privacy. Alistair Crooks c

Similar documents
Netpgp - BSD-licensed Privacy Software

Ralph Durkee Independent Consultant Security Consulting, Security Training, Systems Administration, and Software Development

Using Cryptography CMSC 414. October 16, 2017

Security+ Guide to Network Security Fundamentals, Third Edition. Chapter 11 Basic Cryptography

ECE646 Fall Lab 1: Pretty Good Privacy. Instruction

Digital Signatures. Luke Anderson. 7 th April University Of Sydney.

An Advanced Introduction to GnuPG

ECE646 Fall Lab 1: Pretty Good Privacy. Instruction

Encryption. INST 346, Section 0201 April 3, 2018

CSE 127: Computer Security Cryptography. Kirill Levchenko

Due: October 8, 2013: 7.30 PM

Ref:

Digital Certificates Demystified

Princess Nora Bint Abdulrahman University College of computer and information sciences Networks department Networks Security (NET 536)

Kurose & Ross, Chapters (5 th ed.)

Public Key Cryptography, OpenPGP, and Enigmail. 31/5/ Geek Girls Carrffots GVA

Security PGP / Pretty Good Privacy. SANOGXXX July, 2017 Gurgaon, Haryana, India

Lecture 30. Cryptography. Symmetric Key Cryptography. Key Exchange. Advanced Encryption Standard (AES) DES. Security April 11, 2005

Lab: Securing with PGP

Pretty Good Privacy (PGP

ח'/סיון/תשע "א. RSA: getting ready. Public Key Cryptography. Public key cryptography. Public key encryption algorithms

Practical Byzantine Fault Tolerance. Miguel Castro and Barbara Liskov

IBM Systems and Technology Group

LAB :: PGP (Pretty Good Privacy)

CSC 474/574 Information Systems Security

CT30A8800 Secured communications

Encryption Algorithms Authentication Protocols Message Integrity Protocols Key Distribution Firewalls

Implementing Cryptography: Good Theory vs. Bad Practice

PGP Key Verification. Version 1.1, 08/26/2002. Stephen Gill Published: 08/26/2002

CS 425 / ECE 428 Distributed Systems Fall 2017

CYBER SECURITY MADE SIMPLE

CS5412: CONSENSUS AND THE FLP IMPOSSIBILITY RESULT

Public Key Infrastructures

BYZANTINE CONSENSUS THROUGH BITCOIN S PROOF- OF-WORK

Practical Data Protection in 2011

DNSSEC Trust tree: (A) ---dnslab.org. (DS keytag: 9247 dig (DNSKEY keytag. ---org. (DS keytag: d

Oracle Communications Network Charging and Control. Voucher Print Shop Operations Guide Release 6.0.1

Nigori: Storing Secrets in the Cloud. Ben Laurie

PKI Knowledge Dissemination Program. PKI Standards. Dr. Balaji Rajendran Centre for Development of Advanced Computing (C-DAC) Bangalore

Public Key Algorithms

Key Exchange. References: Applied Cryptography, Bruce Schneier Cryptography and Network Securiy, Willian Stallings

Protecting Information Assets - Week 11 - Cryptography, Public Key Encryption and Digital Signatures. MIS 5206 Protecting Information Assets

Web Services Security. Dr. Ingo Melzer, Prof. Mario Jeckle

WPA-GPG: Wireless authentication using GPG Key

Computer Networks 1 (Mạng Máy Tính 1) Lectured by: Dr. Phạm Trần Vũ

DigSig novelties. Libre Software Meeting 2005 Security Topic July 2005

Encryption I. An Introduction

Cryptography MIS

Information Security. message M. fingerprint f = H(M) one-way hash. 4/19/2006 Information Security 1

Cryptography. Basic Concept and Applications. Chung-Yi Chi Jun. 26, 2010

Cryptography III. Public-Key Cryptography Digital Signatures. 2/1/18 Cryptography III

CSE 565 Computer Security Fall 2018

Introduction to Network Security Missouri S&T University CPE 5420 Data Integrity Algorithms

CSCI 454/554 Computer and Network Security. Topic 5.2 Public Key Cryptography

Digital it Signatures. Message Authentication Codes. Message Hash. Security. COMP755 Advanced OS 1

CS Computer Networks 1: Authentication

Key Management and Distribution

Byzantine Fault Tolerance

CS 161 Computer Security

14. Internet Security (J. Kurose)

Making Use of the Subliminal Channel in DSA

Outline. CSCI 454/554 Computer and Network Security. Introduction. Topic 5.2 Public Key Cryptography. 1. Introduction 2. RSA

Blind Signatures and Their Applications

Sharing Secrets using Encryption Facility - Handson

Security. Communication security. System Security

APNIC elearning: Cryptography Basics

Outline. Public Key Cryptography. Applications of Public Key Crypto. Applications (Cont d)

Digital signatures: How it s done in PDF

PKI Services. Text PKI Definition. PKI Definition #1. Public Key Infrastructure. What Does A PKI Do? Public Key Infrastructures

UNIT - IV Cryptographic Hash Function 31.1

Securely backing up GPG private keys... to the cloud. Joey Hess LibrePlanet 2017

Public-key Cryptography: Theory and Practice

The evolving storage encryption market

Computer Networking. What is network security? Chapter 7: Network security. Symmetric key cryptography. The language of cryptography

Network Encryption Methods

Cryptography: Practice JMU Cyber Defense Boot Camp

MyPGP Graphical User Interface for PGP

CS530 Authentication

Cryptographic Mechanisms: Recommendations and Key Lengths

6.857 L17. Secure Processors. Srini Devadas

Learn PGP. SIPB Cluedump, 19 October Anish Athalye (aathalye), Merry Mou (mmou), Adam Suhl (asuhl) 1 / 22

UELMA Exploring Authentication Options Nov 4, 2011

Implementing Secure Socket Layer

Other Uses of Cryptography. Cryptography Goals. Basic Problem and Terminology. Other Uses of Cryptography. What Can Go Wrong? Why Do We Need a Key?

CPSC 467: Cryptography and Computer Security

SEEM4540 Open Systems for E-Commerce Lecture 03 Internet Security

URL Signing and Validation

Digital Certificate Operation in a Complex Environment PKI ARCHITECTURE QUESTIONNAIRE

Public Key Algorithms

Agreement in Distributed Systems CS 188 Distributed Systems February 19, 2015

Distributed Systems. Fault Tolerance. Paul Krzyzanowski

Today: Fault Tolerance. Failure Masking by Redundancy

Designing Network Encryption for the Future Emily McAdams Security Engagement Manager, Security & Trust Organization BRKSEC-2015

BCA III Network security and Cryptography Examination-2016 Model Paper 1

Distributed Authenticated Mappings DINRG IETF-101

E. Rescorla. <draft-ietf-smime-x txt> October 1998 (Expires April 1999) Diffie-Hellman Key Agreement Method. Status of this Memo

CPSC 467b: Cryptography and Computer Security

pretty Easy privacy NULLcon 2017, Goa Privacy by Default.

SECURITY IN NETWORKS 1

DKIM Base Issue Review IETF 66 Montréal. Eric Allman

Transcription:

NetPGP BSD-licensed Privacy Alistair Crooks agc@netbsd.org c059 6823

Privacy? Encryption and decryption Signing and verification Web of trust PKI Certifying Authority

Today? pgp gnupg gpgme proprietary privacy software

Requirements BSD-licensed Embeddable Performant Command line invocation without Ph.D.

Base openpgpsdk library - Ben Laurie & Rachel Wilmer decrypts files <= 8192 bytes verifies files <= 8192 bytes no detached signing or verification

OpenPGPSDK Structure 12 header files Masses of structs, functions, definitions No namespace limits or cues Large identifier names

NetPGP Layer above OpenPGPSDK Hides openpgpsdk implementation One header file One structure used for state Configuration values by (key, value) strings

Goals BSD-licensed embeddable library GPG compatibility

What is PGP? Based around IETF RFC 4880 describes PGP message format obsoletes RFC 1991, 2440

How does it work? Two parts to key public private

PGP Signing and Verification File is signed with secret key of signer Can be verified with the public key of signer Proves provenance of file or stops file contents being disclosed

Problems? Challenges? I can t use gpg I have problems too It says more about gpg than me, though Mail is OK, but everything else is hard Yes

PGP Encryption & Decryption File is encrypted with the public key Can only be decrypted with the secret key Corollary/complement of signing

Differentiators Why would I use netpgp over gpg?

Licensing BSD licensing Library can be used in places other libraries can t reach Practical, usable signing and verification Encryption and decryption

GPG compatible Use existing ~/.gnupg directory Use existing keys and configuration Use existing infrastructure for public keys Use files signed/encrypted by gpg

Library gpgme has problems embeddable anywhere could be added to existing programs

Language bindings Python Perl Lua C/C++

Split by functionality One binary for signing, verification, encryption and decryption One for key management Standalone binary for signature verification

Nantucket

Netpgp in Action Taken from portable regression test suite GNU auto tools tests not shown here

Sign 748579 byte file % /usr/bin/netpgp --sign a netpgp: default key set to "C0596823" pub 2048/RSA (Encrypt or Sign) 1b68dcfcc0596823 2004-01-12 Key fingerprint: d415 9deb 336d e4cc cdfa 00cd 1b68 dcfc c059 6823 uid Alistair Crooks <agc@netbsd.org> uid Alistair Crooks <agc@pkgsrc.org> uid Alistair Crooks <agc@alistaircrooks.com> uid Alistair Crooks <alistair@hockley-crooks.com> netpgp passphrase: %

Verify that Signature % /usr/bin/netpgp --verify a.gpg netpgp: default key set to "C0596823" Good signature for a.gpg made Sat Sep 19 06:52:46 2009 using RSA (Encrypt or Sign) key 1b68dcfcc0596823 pub 2048/RSA (Encrypt or Sign) 1b68dcfcc0596823 2004-01-12 Key fingerprint: d415 9deb 336d e4cc cdfa 00cd 1b68 dcfc c059 6823 uid Alistair Crooks <alistair@hockley-crooks.com> uid Alistair Crooks <agc@pkgsrc.org> uid Alistair Crooks <agc@netbsd.org> uid Alistair Crooks <agc@alistaircrooks.com> %

Encrypt 13501 byte file % /usr/bin/netpgp --encrypt b netpgp: default key set to "C0596823" %

Decrypt that file % /usr/bin/netpgp --decrypt b.gpg netpgp: default key set to "C0596823" pub 2048/RSA (Encrypt or Sign) 1b68dcfcc0596823 2004-01-12 Key fingerprint: d415 9deb 336d e4cc cdfa 00cd 1b68 dcfc c059 6823 uid Alistair Crooks <agc@netbsd.org> uid Alistair Crooks <agc@pkgsrc.org> uid Alistair Crooks <agc@alistaircrooks.com> uid Alistair Crooks <alistair@hockley-crooks.com> netpgp passphrase: %

% /usr/bin/netpgp --sign --detached f netpgp: default key set to "C0596823" pub 2048/RSA (Encrypt or Sign) 1b68dcfcc0596823 2004-01-12 Key fingerprint: d415 9deb 336d e4cc cdfa 00cd 1b68 dcfc c059 6823 uid Alistair Crooks <agc@netbsd.org> uid Alistair Crooks <agc@pkgsrc.org> uid Alistair Crooks <agc@alistaircrooks.com> uid Alistair Crooks <alistair@hockley-crooks.com> netpgp passphrase: % ls -l f f.sig -rw-r--r-- 1 agc agc 4491474 Sep 19 06:53 f -rw-r--r-- 1 agc agc 287 Sep 19 06:53 f.sig %

% /usr/bin/netpgp --verify f.sig netpgp: default key set to "C0596823" netpgp: assuming signed data in "f" Good signature for f.sig made Sat Sep 19 06:53:06 2009 using RSA (Encrypt or Sign) key 1b68dcfcc0596823 pub 2048/RSA (Encrypt or Sign) 1b68dcfcc0596823 2004-01-12 Key fingerprint: d415 9deb 336d e4cc cdfa 00cd 1b68 dcfc c059 6823 uid Alistair Crooks <alistair@hockley-crooks.com> uid Alistair Crooks <agc@pkgsrc.org> uid Alistair Crooks <agc@netbsd.org> uid Alistair Crooks <agc@alistaircrooks.com> %

% '/usr/bin/netpgp' '--cat' 'a.gpg' netpgp: default key set to "C0596823" Good signature for a.gpg made Sat Sep 19 06:52:46 2009 using RSA (Encrypt or Sign) key 1b68dcfcc0596823 pub 2048/RSA (Encrypt or Sign) 1b68dcfcc0596823 2004-01-12 Key fingerprint: d415 9deb 336d e4cc cdfa 00cd 1b68 dcfc c059 6823 uid Alistair Crooks <alistair@hockley-crooks.com> uid Alistair Crooks <agc@pkgsrc.org> uid Alistair Crooks <agc@netbsd.org> uid Alistair Crooks <agc@alistaircrooks.com> %

Message digests Digital signatures are simply manipulation of a digest of a file using the secret key Problem with digest collisions Use of SHA2 instead of SHA1 for digests

Use Cases

Signed email Sign email with a digest - everyone can verify sender by using sender s public key PGP public keys available on key servers Compatible with gpg except for the user interface

Signed software releases Projects usually sign the major releases People can verify that they have an official version

Signed Binaries Some embedded manufacturers use signed binaries to show provenance of binary Kernel will only execute a binary if it is known to come from reliable source

Signed backups To make sure that backups are good, they can be signed If anything changes, can be flagged Proves that backup was valid at one point in time

Well... Does a single signature prove the backup is good?

Multiple signatures Nested, or Detached signatures

Detached signatures Allow a file to remain unchanged Signature is in a separate file Any number of detached signatures can be made

Embedded signatures Lack of symmetry Get contents of signed file After verification

Standalone Verification Separate program which verifies signature

Key Management Separate program which manages keys Not a priority Will list keys More development needed

Multiple encryption How do we do this for multiple people to decrypt? Backup tapes, for example

Indirection By using a key to encrypt the backup tape And then giving that key to multiple parties, encrypted with their own key

Byzantine Generals Byzantine refers to the Byzantine Generals' Problem, an agreement problem in which generals of the Byzantine Empire's army must decide unanimously whether to attack some enemy army. The problem is complicated by the geographic separation of the generals, who must communicate by sending messengers to each other, and by the presence of traitors amongst the generals. These traitors can act arbitrarily in order to achieve the following aims: trick some generals into attacking; force a decision that is not consistent with the generals' desires, e.g. forcing an attack when no general wished to attack; or confusing some generals to the point that they are unable to make up their minds. If the traitors succeed in any of these goals, any resulting attack is doomed, as only a concerted effort can result in victory. Byzantine fault tolerance can be achieved if the loyal (non-faulty) generals have a unanimous agreement on their strategy. Note that if the source general is correct, all loyal generals must agree upon that value. Otherwise, the choice of strategy agreed upon is irrelevant.

A different way... Shamir s secret sharing scheme

Secret Sharing Shamir s Secret Sharing Scheme Multi-dimensional space Threshold schemes Byzantine fault tolerance

gnupg Noteworthy changes in version 1.4.10 (2009-09-02) 2048 bit RSA keys are now generated by default. The default hash algorithm preferences has changed to prefer SHA-256 over SHA-1. 2048 bit DSA keys are now generated to use a 256 bit hash algorithm

Benefits Don t modify exec format Don t modify binary Hang onto NetBSD s veriexec insfrastructure

NetBSD & signed binaries Want to load signatures from userland Verify in kernel (only public key needed) Modify veriexec fromework to check verification of signature via pubkey

Thank you Alistair Crooks agc@netbsd.org c059 6823

Questions? Alistair Crooks agc@netbsd.org c059 6823

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback