Pretty Good Privacy Privacy Enhancing Technologies Leonardo A. - - PowerPoint PPT Presentation

pretty good privacy
SMART_READER_LITE
LIVE PREVIEW

Pretty Good Privacy Privacy Enhancing Technologies Leonardo A. - - PowerPoint PPT Presentation

Mar 07, 2023 240 likes •468 views

Pretty Good Privacy Privacy Enhancing Technologies Leonardo A. Martucci CC-BY-4.0 Part 2: Secure Communications Why do we need secure communications? PGP We are here! TLS and Let's Encrypt Secure messaging Pretty Good Privacy

slide-1
SLIDE 1

CC-BY-4.0

Pretty Good Privacy

Privacy Enhancing Technologies Leonardo A. Martucci

slide-2
SLIDE 2

Part 2: Secure Communications

  • Why do we need secure communications?
  • PGP
  • TLS and Let's Encrypt
  • Secure messaging

We are here!

slide-3
SLIDE 3

Pretty Good Privacy (PGP)

  • Security tool for

confidentiality integrity authentication

slide-4
SLIDE 4

How does PGP work?

  • with public key and symmetric key

encryption + hashing

private key private key public key public key

slide-5
SLIDE 5

How does PGP work?

  • with public key and symmetric key

encryption + hashing

generate random (symmetric) key private key private key public key public key

slide-6
SLIDE 6

How does PGP work?

  • with public key and symmetric key

encryption + hashing

generate random (symmetric) key hash( ) private key private key public key public key

slide-7
SLIDE 7

How does PGP work?

  • with public key and symmetric key

encryption + hashing

generate random (symmetric) key hash( ) private key private key public key public key Enc( ) using = Sign( ) using =

slide-8
SLIDE 8

How does PGP work?

  • with public key and symmetric key

encryption + hashing

private key private key public key public key

slide-9
SLIDE 9

How does PGP work?

  • with public key and symmetric key

encryption + hashing

Dec( ) using = Dec( ) using = private key private key public key public key

slide-10
SLIDE 10

How does PGP work?

  • with public key and symmetric key

encryption + hashing

Dec( ) using = Dec( ) using = private key private key public key public key hash( ) equal?( ) Ver( ) using =

slide-11
SLIDE 11

How does PGP work?

  • with public key and symmetric key

encryption + hashing

private key private key public key public key

???

slide-12
SLIDE 12

Public Key Distribution: Web of Trust

Sign( ) Sign( ) is trusted by is trusted by

trust

slide-13
SLIDE 13

Public Key Distribution: Web of Trust

Sign( ) Sign( ) is trusted by is trusted by

trust

slide-14
SLIDE 14

Public Key Distribution: Web of Trust

Web of Trust

trust trust

slide-15
SLIDE 15

PGP in the Real World

  • Exchanging encrypted email
  • 1st: generate a key pair
  • 2nd: upload to a public repository

with OpenPGP (RFC 4880) with ssh-keygen e.g. ssh-keygen -t rsa -b 4096 e.g. the MIT PGP Public Key Server

slide-16
SLIDE 16

PGP in the Real World

  • Exchanging encrypted email
  • 3rd: Build your web of trust
  • r look into the repository for keys

with OpenPGP (RFC 4880)

slide-17
SLIDE 17

PGP in the Real World

  • Exchanging encrypted email
  • 4th: start encrypting and signing

your emails! with OpenPGP (RFC 4880) suggestion: with the support of an email client extension e.g. Enigmail enigmail toolbar

slide-18
SLIDE 18

PGP in the Real World

  • Exchanging encrypted email
  • 5th: receiving emails

with OpenPGP (RFC 4880) suggestion: with the support of an email client extension e.g. Enigmail

slide-19
SLIDE 19

https://www.xkcd.com/1181/

slide-20
SLIDE 20

The Caveats

  • ld (from the 90’s)

not really usable

  • PGP is

keys are really long no key management no forward secrecy

* https://blog.cryptographyengineering.com/2014/08/13/whats-matter-with-pgp/

slide-21
SLIDE 21

Part 2: Secure Communications

  • Why do we need secure communications?
  • PGP
  • TLS and Let's Encrypt
  • Secure messaging

next session