1 / 43

The OpenPGP Standard

The OpenPGP Standard. Jonathan Callas Senior Security Consultant Kroll-O’Gara ISG. Outline. PGP History The OpenPGP Standard OpenPGP’s relationship to other Relevant Standards The Future Note: “PGP” and “Pretty Good Privacy” are trademarks of Network Associates, Inc. PGP History.

ziven
Download Presentation

The OpenPGP Standard

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript


  1. The OpenPGP Standard Jonathan Callas Senior Security Consultant Kroll-O’Gara ISG

  2. Outline PGP History The OpenPGP Standard OpenPGP’s relationship to other Relevant Standards The Future Note: “PGP” and “Pretty Good Privacy” are trademarks of Network Associates, Inc.

  3. PGP History Early History PGP 1.0 created in 1991 PGP 2.0 introduced original cipher suite (RSA, IDEA, MD5) PGP 2.6 created in 1994

  4. PGP History Later History PGP 3 started in 1994-5 PGP Inc. Formed by PRZ after customs investigation dropped, 1996 PGP 3 released as PGP 5.0 in May 1997

  5. PGP History PGP 5.0 New Algorithms DSS signatures Elgamal public-key encryption SHA-1 hashes CAST5 (CAST-128), TripleDES symmetric encryption

  6. PGP History PGP 5.0 New signature formats New certificate structure Dual-key structure Architecture for N-key structure

  7. PGP History OpenPGP Started in the IETF in September 1997 Starts with PGP 5 as a base Encourages but does not require compatibility with PGP 2.6 Unencumbered architecture

  8. PGP History OpenPGP Promoted to Proposed Standard in October 1998 RFC 2440 Implementations include Network Associates PGP Tom Zerucha reference implementation GNU Privacy Guard

  9. OpenPGP Message Format Encrypted Session Key (one per “recipient”) Compressed Data Literal Data Encrypted Data Signature (Optional)

  10. OpenPGP Message Format (2) Encrypted Session Key (one per “recipient”) Compressed Data Literal Data Encrypted Data Signature (Optional)

  11. OpenPGP Message Format (3) Encrypted Session Key (one per “recipient”) Compressed Data Literal Data Encrypted Data Signature (Optional)

  12. OpenPGP Certificates key Certification User ID User ID Signature Signature Signature Certificate

  13. OpenPGP Dual Key Cert Signing Key (Typically DSS) Encryption Key (Typically Elgamal) Binding signature

  14. OpenPGP Dual Key Cert (2) Signing Key (Typically DSS) Encryption Key (Typically Elgamal) Binding signature

  15. OpenPGP Dual Key Cert (3) Signing Key (Typically DSS) Encryption Key (Typically Elgamal) Encryption Key (Typically Elgamal) Binding signature Binding signature

  16. OpenPGP Dual Key Cert (4) Signing Key (Typically DSS) Encryption Key (EC, lives on Smart card) Encryption Key (Elgamal) Signing Key (RSA) Binding signature Binding signature Binding signature

  17. OpenPGP Trust Model OpenPGP doesn’t have a trust model OpenPGP can use any trust model OpenPGP can support Direct Trust Hierarchical Trust Cumulative Trust

  18. Trust Models Direct Trust I trust your cert because you gave it to me Very secure trust model (do you trust yourself) Scales least well Used in OpenPGP, S/MIME, IPsec, TLS/SSL, etc.

  19. Trust Models Hierarchical Trust I trust your cert because its issuer has a cert issued by someone … whom I trust Least secure trust model Damage spreads through tree Recovery is difficult

  20. Hierarchical Trust (continued) Best scaling, mimics organizations Used in OpenPGP, S/MIME, IPsec, TLS/SSL, etc. Trust Models

  21. Trust Models Cumulative Trust (a.k.a. Web of Trust) I trust your cert because some collection of people whom I trust issued certifications Potentially more secure than direct trust Scales almost as well as HT for intra-organization

  22. Trust Models Cumulative Trust Handles inter-organization problems Company A issues only to full-time employees Company B issues to contractors and temps A and B’s management issue edict for cross certification Addresses “two id” problem How do you know John Smith(1) is John Smith(2)?

  23. Other Relevant Standards So What? Why Bother? Myths about OpenPGP

  24. So What? X.509 is everywhere OpenPGP is small (code and data) Zerucha imp. is 5000 lines of C (sans crypto) Suitable for embedded & end-user applications Used by banks, etc. transparently It’s Flexible and Small! It actually works

  25. Why Bother? S/MIME will take over PGP has years of deployment 90%? Traffic is some PGP. PGP is only strong crypto S/MIME 3 is much better Outside the US, there is distrust Can you see the source? Cisco: Secure email is PGP’s to lose

  26. Myths It’s email only It’s for any “object” It requires the web of trust Can use any trust model Businesses use PGP with hierarchies today It’s proprietary IETF Standard

  27. Present Into The Future Ultimately, data formats are less important than you’d think On desktops, size matters less But small systems will be with us always Description of the OpenPGP philosophy PGP implemented in X.509 Certification Process

  28. OpenPGP Philosophy Everyone is potentially a CA This is going to happen whether you like or not. Everyone has different policies Wait until you do inter-business PKI One size will not fit all Validity is in the eye of the beholder Trust comes from below

  29. Potential PGP/X.509 merger Ideas of PGP Syntax of X.509 Disclaimer This doesn’t exist It’s all still experimental

  30. X.509 Certificate User Information (DN & Stuff) Public Key Signature binds Key and Information

  31. PGP in X.509 Drag Key 1 User 1 Signature 1 Key 1 User 1 Signature 2 Key 1 User 2 Signature 3

  32. PGP Certification Process User PGP CA PGP Certificate Server Pending Area PGP Cert

  33. PGP Certification Process User PGP CA PGP Certificate Server Pending Area PGP Cert

  34. PGP Certification Process User PGP CA PGP Certificate Server Pending Area PGP Cert

  35. PGP Certification Process User PGP CA PGP Certificate Server Pending Area PGP Cert

  36. PGP Certification Process User PGP CA PGP Certificate Server Pending Area PGP Cert

  37. X.509 Certification Process User CA CA Server PKCS10 Cert Request

  38. X.509 Certification Process User CA CA Server PKCS10 Cert Request

  39. X.509 Certification Process User CA CA Server PKCS10 Cert Request X.509 Certificate

  40. X.509 Certification Process User CA CA Server X.509 Certificate

  41. Certifying PGP with X.509 CA User CA CA Server PGP Cert PKCS10 Cert Request Key X.509 Certificate

  42. Starting a PGP cert from X.509 Key User X.509 Certificate PGP Cert

  43. Summary OpenPGP is an IETF standard Certificates “Objects” It’s lightweight and flexible Interesting work is being done for the future

More Related