The openpgp standard
Download
1 / 43

The OpenPGP Standard - PowerPoint PPT Presentation


  • 137 Views
  • Uploaded on

The OpenPGP Standard. Jonathan Callas Senior Security Consultant Kroll-O’Gara ISG. Outline. PGP History The OpenPGP Standard OpenPGP’s relationship to other Relevant Standards The Future Note: “PGP” and “Pretty Good Privacy” are trademarks of Network Associates, Inc. PGP History.

loader
I am the owner, or an agent authorized to act on behalf of the owner, of the copyrighted work described.
capcha
Download Presentation

PowerPoint Slideshow about ' The OpenPGP Standard' - ziven


An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.


- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript
The openpgp standard

The OpenPGP Standard

Jonathan Callas

Senior Security Consultant

Kroll-O’Gara ISG


Outline
Outline

PGP History

The OpenPGP Standard

OpenPGP’s relationship to other Relevant Standards

The Future

Note: “PGP” and “Pretty Good Privacy” are trademarks of Network Associates, Inc.


Pgp history
PGP History

Early History

PGP 1.0 created in 1991

PGP 2.0 introduced original cipher suite (RSA, IDEA, MD5)

PGP 2.6 created in 1994


Pgp history1
PGP History

Later History

PGP 3 started in 1994-5

PGP Inc. Formed by PRZ after customs investigation dropped, 1996

PGP 3 released as PGP 5.0 in May 1997


Pgp history2
PGP History

PGP 5.0

New Algorithms

DSS signatures

Elgamal public-key encryption

SHA-1 hashes

CAST5 (CAST-128), TripleDES symmetric encryption


Pgp history3
PGP History

PGP 5.0

New signature formats

New certificate structure

Dual-key structure

Architecture for N-key structure


Pgp history4
PGP History

OpenPGP

Started in the IETF in September 1997

Starts with PGP 5 as a base

Encourages but does not require compatibility with PGP 2.6

Unencumbered architecture


Pgp history5
PGP History

OpenPGP

Promoted to Proposed Standard in October 1998

RFC 2440

Implementations include

Network Associates PGP

Tom Zerucha reference implementation

GNU Privacy Guard


Openpgp message format
OpenPGP Message Format

Encrypted Session

Key (one per

“recipient”)

Compressed

Data

Literal

Data

Encrypted Data

Signature

(Optional)


Openpgp message format 2
OpenPGP Message Format (2)

Encrypted Session

Key (one per

“recipient”)

Compressed

Data

Literal

Data

Encrypted Data

Signature

(Optional)


Openpgp message format 3
OpenPGP Message Format (3)

Encrypted Session

Key (one per

“recipient”)

Compressed

Data

Literal

Data

Encrypted Data

Signature

(Optional)


Openpgp certificates
OpenPGP Certificates

key

Certification

User ID

User ID

Signature

Signature

Signature

Certificate


Openpgp dual key cert
OpenPGP Dual Key Cert

Signing Key

(Typically DSS)

Encryption Key

(Typically

Elgamal)

Binding signature


Openpgp dual key cert 2
OpenPGP Dual Key Cert (2)

Signing Key

(Typically DSS)

Encryption Key

(Typically

Elgamal)

Binding signature


Openpgp dual key cert 3
OpenPGP Dual Key Cert (3)

Signing Key

(Typically DSS)

Encryption Key

(Typically

Elgamal)

Encryption Key

(Typically

Elgamal)

Binding signature

Binding signature


Openpgp dual key cert 4
OpenPGP Dual Key Cert (4)

Signing Key

(Typically DSS)

Encryption Key

(EC, lives on

Smart card)

Encryption Key

(Elgamal)

Signing Key

(RSA)

Binding signature

Binding signature

Binding signature


Openpgp trust model
OpenPGP Trust Model

OpenPGP doesn’t have a trust model

OpenPGP can use any trust model

OpenPGP can support

Direct Trust

Hierarchical Trust

Cumulative Trust


Trust models
Trust Models

Direct Trust

I trust your cert because you gave it to me

Very secure trust model (do you trust yourself)

Scales least well

Used in OpenPGP, S/MIME, IPsec, TLS/SSL, etc.


Trust models1
Trust Models

Hierarchical Trust

I trust your cert because its issuer has a cert issued by someone … whom I trust

Least secure trust model

Damage spreads through tree

Recovery is difficult


Trust models2

Hierarchical Trust (continued)

Best scaling, mimics organizations

Used in OpenPGP, S/MIME, IPsec, TLS/SSL, etc.

Trust Models


Trust models3
Trust Models

Cumulative Trust (a.k.a. Web of Trust)

I trust your cert because some collection of people whom I trust issued certifications

Potentially more secure than direct trust

Scales almost as well as HT for intra-organization


Trust models4
Trust Models

Cumulative Trust

Handles inter-organization problems

Company A issues only to full-time employees

Company B issues to contractors and temps

A and B’s management issue edict for cross certification

Addresses “two id” problem

How do you know John Smith(1) is John Smith(2)?


Other relevant standards
Other Relevant Standards

So What?

Why Bother?

Myths about OpenPGP


So what
So What?

X.509 is everywhere

OpenPGP is small (code and data)

Zerucha imp. is 5000 lines of C (sans crypto)

Suitable for embedded & end-user applications

Used by banks, etc. transparently

It’s Flexible and Small!

It actually works


Why bother
Why Bother?

S/MIME will take over

PGP has years of deployment

90%? Traffic is some PGP.

PGP is only strong crypto

S/MIME 3 is much better

Outside the US, there is distrust

Can you see the source?

Cisco: Secure email is PGP’s to lose


Myths
Myths

It’s email only

It’s for any “object”

It requires the web of trust

Can use any trust model

Businesses use PGP with hierarchies today

It’s proprietary

IETF Standard


Present into the future
Present Into The Future

Ultimately, data formats are less important than you’d think

On desktops, size matters less

But small systems will be with us always

Description of the OpenPGP philosophy

PGP implemented in X.509

Certification Process


Openpgp philosophy
OpenPGP Philosophy

Everyone is potentially a CA

This is going to happen whether you like or not.

Everyone has different policies

Wait until you do inter-business PKI

One size will not fit all

Validity is in the eye of the beholder

Trust comes from below


Potential pgp x 509 merger
Potential PGP/X.509 merger

Ideas of PGP

Syntax of X.509

Disclaimer

This doesn’t exist

It’s all still experimental


X 509 certificate
X.509 Certificate

User Information

(DN & Stuff)

Public Key

Signature binds

Key and Information


Pgp in x 509 drag
PGP in X.509 Drag

Key 1

User 1

Signature 1

Key 1

User 1

Signature 2

Key 1

User 2

Signature 3


Pgp certification process
PGP Certification Process

User

PGP CA

PGP Certificate

Server

Pending

Area

PGP

Cert


Pgp certification process1
PGP Certification Process

User

PGP CA

PGP Certificate

Server

Pending

Area

PGP

Cert


Pgp certification process2
PGP Certification Process

User

PGP CA

PGP Certificate

Server

Pending

Area

PGP

Cert


Pgp certification process3
PGP Certification Process

User

PGP CA

PGP Certificate

Server

Pending

Area

PGP

Cert


Pgp certification process4
PGP Certification Process

User

PGP CA

PGP Certificate

Server

Pending

Area

PGP

Cert


X 509 certification process
X.509 Certification Process

User

CA

CA

Server

PKCS10

Cert Request


X 509 certification process1
X.509 Certification Process

User

CA

CA

Server

PKCS10

Cert Request


X 509 certification process2
X.509 Certification Process

User

CA

CA

Server

PKCS10

Cert Request

X.509

Certificate


X 509 certification process3
X.509 Certification Process

User

CA

CA

Server

X.509

Certificate


Certifying pgp with x 509 ca
Certifying PGP with X.509 CA

User

CA

CA

Server

PGP

Cert

PKCS10

Cert Request

Key

X.509

Certificate


Starting a pgp cert from x 509
Starting a PGP cert from X.509

Key

User

X.509

Certificate

PGP

Cert


Summary
Summary

OpenPGP is an IETF standard

Certificates

“Objects”

It’s lightweight and flexible

Interesting work is being done for the future


ad