If you want to improve the security of your email messages, PGP offers a relatively easy and cost-effective way to do this. PGP shares some features with other encryption systems you may have heard of, like Kerberos encryption which is used to authenticate network users and SSL encryption which is used to secure websites. At a basic level, PGP encryption uses a combination of two forms of encryption: symmetric key encryption, and public-key encryption. At the highest level, this is how PGP encryption works:.
Well, the answer is pretty simple. Public key cryptography is much, much slower than symmetric encryption where both the sender and recipient have the same key. Using symmetric encryption requires, though, that a sender share the encryption key with the recipient in plain text, and this would be insecure. So by encrypting the symmetric key using the asymmetric public-key system, PGP combines the efficiency of symmetric encryption with the security of public-key cryptography.
In practice, sending a message encrypted with PGP is simpler than the above explanation makes it sound. You will see a padlock icon on the subject line of their emails. The email will look like this the email addresses have been blurred for privacy reasons :. ProtonMail — like most email clients that offer PGP — hides all of the complexity of the encryption and decryption of the message. If you are communicating to users outside of ProtonMail, you need to send them your public key first.
And so, although the message was sent securely, the recipient does not have to worry about the complexities of how this was done. Of these three uses, the first — sending secure email — is by far the dominant application of PGP. As in the example above, most people use PGP to send encrypted emails. In the early years of PGP, it was mainly used by activists, journalists, and other people who deal with sensitive information. The PGP system was originally designed, in fact, by a peace and political activist named Paul Zimmerman, who recently joined Startpage, one of the most popular private search engines.
Today, the popularity of PGP has grown significantly. As more users have realized just how much information corporations and their governments are collecting on them, huge numbers of people now use the standard to keep their private information private. A related use of PGP is that it can be used for email verification.
If a journalist is unsure about the identity of a person sending them a message, for instance, they can use a Digital Signature alongside PGP to verify this. If even one character of the message has been changed in transit, the recipient will know. This can indicate either the sender is not who they say they are, that they have tried to fake a Digital Signature, or that the message has been tampered with. A third use of PGP is to encrypt files.
In fact, this algorithm is so secure that it has even been used in high-profile malware such as the CryptoLocker malware. This software offers PGP encryption for all your files, whilst also hiding the complexities of encryption and decryption processes. PGP encryption uses a mix of data compression, hashing, and public-key cryptography. It also uses symmetric and asymmetric keys to encrypt data that is transferred across networks.
It combines features of private and public key cryptography. Each step uses a different algorithm, and each public key is associated with a username and an email address. When plaintext is encrypted with PGP, it first compresses the plaintext. Data compression saves transmission time, disk space, and reinforces cryptographic security. Most cryptanalysis methods exploit patterns that are found in the plaintext.
However, the asymmetry of PGP encryption allows for authentication. After public keys have been traded among partners, the private keys are used to digitally sign the encrypted content.
This allows the decryptor to confirm the sender. One use of PGP encryption is to confidentially send messages. To do this, PGP combines private-key and public-key encryption. The sender encrypts the message using a public encryption algorithm provided by the receiver. The receiver provides their personal public-key to whomever they would like to receive messages from. This is done to protect the message during transmission. Once the recipient receives the message, they use their own private-key to decode the message, while keeping their personal private-key a secret from outsiders.
In practice, however, different companies have created their own extensions to X. Acertificate requires someone to validate that a public key and the name of the key's owner go together.
With PGP certificates, anyone can play the role of validator. With X. Bear in mind that PGP certificates also fully support a hierarchical structure using a CA to validate certificates. The X. You might think of an X. It has your name and some information about you on it, plus the signature of the person who issued it to you. Probably the most widely visible use of X. When you've assured yourself that a certificate belonging to someone else is valid, you can sign the copy on your keyring to attest to the fact that you've checked the certificate and that it's an authentic one.
If you want others to know that you gave the certificate your stamp of approval, you can export the signatureto a certificateserver so that others canseeit. As described in the section Public Key Infrastructures , some companies designate one or more Certification Authorities CAs to indicate certificate validity. In an organization using a PKI with X.
Basically, the main purpose of a CA is to bind a public key to the identification information contained in the certificate and thus assure third parties that some measure of care was taken to ensure that this binding of the identification information and key is valid. The CA is the Grand Pooh-bah of validation in an organization; someone whom everyone trusts, and in some organizations, like those using a PKI, no certificate is considered valid unless it has been signed by a trusted CA.
Another way is to manually check the certificate's fingerprint. Just as every human's fingerprints are unique, every PGP certificate's fingerprint is unique. The fingerprint is a hash of the user's certificate and appears as one of the certificate's properties.
In PGP, the fingerprint can appear as a hexadecimal number or a series of so-called biometric words, which are phonetically distinct and are used to make the fingerprint identification process a little easier.
You can check that a certificate is valid by calling the key's owner so that you originate the transaction and asking the owner to read his or her key's fingerprint to you and verifying that fingerprint against the one you believe to be the real one. This works if you know the owner's voice, but, how do you manually verify the identity of someone you don't know? Some people put the fingerprint of their key on their business cards for this very reason.
Another way to establish validity of someone's certificate is to trust that a third individual has gone through the process of validating it. A CA, for example, is responsible for ensuring that prior to issuing to a certificate, he or she carefully checks it to be sure the public key portion really belongs to the purported owner.
Anyone who trusts the CA will automatically consider any certificates signed by the CA to be valid. Another aspect of checking validity is to ensure that the certificate has not been revoked. For more information, see the section Certificate Revocation. Meta and trusted introducers In most situations, people completely trust the CA to establish certificates' validity. This means that everyone else relies upon the CA to go through the whole manual validation process for them. This is fine up to a certain number of users or number of work sites, and then it is not possible for the CA to maintain the same level of quality validation.
In that case, adding other validators to the system is necessary. A CA can also be a meta- introducer. A meta-introducer bestows not only validity on keys, but bestows the ability to trust keys upon others. Similar to the king who hands his seal to his trusted advisors so they can act on his authority, the meta-introducer enables others to act as trusted introducers. These trusted introducers can validate keys to the same effect as that of the meta-introducer.
They cannot, however, create new trusted introducers. Meta-introducer and trusted introducer are PGP terms.
In an X. The root CA uses the private key associated with a special certificate type called a root CA certificate to sign certificates. Any certificate signed by the root CA certificate is viewed as valid by any other certificate signed by the root.
This validation process works even for certificates signed by other CAs in the system — as long as the root CA certificate signed the subordinate CA's certificate, any certificate signed by the CAis considered valid to others within the hierarchy. This process of checking back up through the systemto see who signed whose certificate is called tracing a certification path or certification chain.
Companies followone or another trust model, which dictates how users will go about establishing certificate validity. There are three different models:. In PGP, a user who validates keys herself and never sets another certificate to be a trusted introducer is using direct trust. Direct trust. Hierarchical Trust In a hierarchical system, there are a number of "root" certificates from which trust extends.
These certificates may certify certificates themselves, or they may certify certificates that certify still other certificates down some chain. Consider it as a big trust "tree. Hierarchical trust. Web of Trust A web of trust encompasses both of the other models, but also adds the notion that trust is in the eye of the beholder which is the real-world view and the idea that more information is better.
It is thus a cumulative trust model. A certificate might be trusted directly, or trusted in some chain going back to a directly trusted root certificate the meta-introducer , or by some group of introducers. Perhaps you've heard of the term six degrees of separation, which suggests that any person in the world can determine some link to any other person in the world using six or fewer other people as intermediaries.
This is a web of introducers. It is also the PGP view of trust. PGP uses digital signatures as its form of introduction. When any user signs another's key, he or she becomes an introducer of that key. As this process goes on, it establishes a web of trust. In a PGP environment, any user can act as a certifying authority. However, such a certificate is only valid to another user if the relying party recognizes the validator as a trusted introducer.
That is, you trust my opinion that others' keys are valid only if you consider me to be a trusted introducer. Otherwise, my opinion on other keys' validity is moot. Stored on each user's public keyring are indicators of. Levels of trust in PGP The highest level of trust in a key, implicit trust, is trust in your own key pair. PGP assumes that if you own the private key, you must trust the actions of its related public key. Any keys signed by your implicitly trusted key are valid.
There are three levels of trust you can assign to someone else's public key:. For example, suppose your key ring contains Alice's key.
You have validated Alice's key and you indicate this by signing it. You know that Alice is a real stickler for validating others' keys. You therefore assign her key with Complete trust. This makes Alice a Certification Authority. If Alice signs another's key, it appears as Valid on your keyring. PGP requires one Completely trusted signature or two Marginally trusted signatures to establish a key as valid.
You might consider Alice fairly trustworthy and also consider Bob fairly trustworthy. Either one alone runs the risk of accidentally signing a counterfeit key, so you might not place complete trust in either one. However, the odds that both individuals signed the same phony key are probably small.
The certificate is expected to be usable for its entire validity period its lifetime. The certificate can still be safely used to reconfirm information that was encrypted or signed within the validity period — it should not be trusted for cryptographic tasks moving forward, however.
There are also situations where it is necessary to invalidate a certificate prior to its expiration date, such as when an the certificate holder terminates employment with the company or suspects that the certificate's corresponding private key has been compromised.
This is called revocation. Arevoked certificate is much more suspect than an expired certificate. Expired certificates are unusable, but do not carry the same threat of compromise as a revoked certificate. Anyone who has signed a certificate can revoke his or her signature on the certificate provided he or she uses the same private key that created the signature.
Arevoked signature indicates that the signer no longer believes the public key and identification information belong together, or that the certificate's public key or corresponding private key has been compromised. A revoked signature should carry nearly as much weight as a revoked certificate. PGP certificates provide the added feature that you can revoke your entire certificate not just the signatures on it if you yourself feel that the certificate has been compromised.
Only the certificate's owner the holder of its corresponding private key or someone whom the certificate's owner has designated as a revoker can revoke a PGP certificate. Designating a revoker is a useful practice, as it's often the loss of the passphrase for the certificate's corresponding private key that leads a PGP user to revoke his or her certificate — a task that is only possible if one has access to the private key.
Only the certificate's issuer can revoke an X. The CRL contains a time-stamped, validated list of all revoked, unexpired certificates in the system. Revoked certificates remain on the list only until they expire, then they are removed from the list — this keeps the list from getting too long.
The CA distributes the CRL to users at some regularly scheduled interval and potentially off-cycle, whenever a certificate is revoked.
Theoretically, this will prevent users from unwittingly using a compromised certificate. It is possible, though, that there may be a time period between CRLs in which a newly compromised certificate is used. A passphrase is a longer version of a password, and in theory, a more secure one. Typically composed of multiple words, a passphrase is more secure against standard dictionary attacks, wherein the attacker tries all the words in the dictionary in an attempt to determine your password.
The best passphrases are relatively long and complex and contain a combination of upper and lowercase letters, numeric and punctuation characters.
PGP uses a passphrase to encrypt your private key on your machine. Your private key is encrypted on your disk using a hash of your passphrase as the secret key. You use the passphrase to decrypt and use your private key. A passphrase should be hard for you to forget and difficult for others to guess.
It should be something already firmly embedded in your long-term memory, rather than something you make up from scratch. Because if you forget your passphrase, you are out of luck. Your private key is totally and absolutely useless without your passphrase and nothing can be done about it. Remember the quote earlier in this chapter? PGP is cryptography that will keep major governments out of your files.
It will certainly keep you out of your files, too. Keep that in mind when you decide to change your passphrase to the punchline of that joke you can never quite remember. Insucha caseit is wisetosplit the key among multiple people in such a way that more than one or two people must present a piece of the key in order to reconstitute it to a usable condition. If too few pieces of the key are available, then the key is unusable.
Some examples are to split a key into three pieces and require two of them to reconstitute the key, or split it into two pieces and require both pieces. If a secure network connection is used during the reconstitution process, the key's shareholders need not be physically present in order to rejoin the key.
The Basics of Cryptography Encryption and decryption What is cryptography? Strong cryptography How does cryptography work? Conventional cryptography Caesar's Cipher Key management and conventional encryption Public key cryptography How PGP works Keys Digital signatures Hash functions Digital certificates Certificate distribution Certificate formats Validity and trust Checking validity Establishing trust Trust models Certificate Revocation Communicating that a certificate has been revoked What is a passphrase?
Key splitting The Basics of Cryptography When Julius Caesar sent messages to his generals, he didn't trust his messengers. And so we begin. Encryption and decryption Data that can be read and understood without any special measures is called plaintext or cleartext. The method of disguising plaintext in such a way as to hide its substance is called encryption. Encrypting plaintext results in unreadable gibberish called ciphertext.
You use encryption to ensure that information is hidden from anyone for whom it is not intended, even those who can see the encrypted data.
0コメント