callas by linzhengnd

VIEWS: 4 PAGES: 43

									The OpenPGP Standard

         Jonathan Callas
    Senior Security Consultant
        Kroll-O’Gara ISG
                               Outline

• PGP History
• The OpenPGP Standard
• OpenPGP’s relationship to other Relevant
  Standards
• The Future

     • Note: “PGP” and “Pretty Good Privacy” are trademarks of Network Associates, Inc.




                                                 Information Security Group
               PGP History

• Early History
  – PGP 1.0 created in 1991
  – PGP 2.0 introduced original cipher suite (RSA,
    IDEA, MD5)
  – PGP 2.6 created in 1994




                            Information Security Group
              PGP History

• Later History
  – PGP 3 started in 1994-5
  – PGP Inc. Formed by PRZ after customs
    investigation dropped, 1996
  – PGP 3 released as PGP 5.0 in May 1997




                          Information Security Group
                PGP History

• PGP 5.0
  – New Algorithms
    •   DSS signatures
    •   Elgamal public-key encryption
    •   SHA-1 hashes
    •   CAST5 (CAST-128), TripleDES symmetric
        encryption



                             Information Security Group
                PGP History

• PGP 5.0
  – New signature formats
  – New certificate structure
     • Dual-key structure
     • Architecture for N-key structure




                                Information Security Group
               PGP History

• OpenPGP
  – Started in the IETF in September 1997
  – Starts with PGP 5 as a base
  – Encourages but does not require compatibility
    with PGP 2.6
  – Unencumbered architecture



                            Information Security Group
               PGP History

• OpenPGP
  – Promoted to Proposed Standard in October
    1998
  – RFC 2440
  – Implementations include
     • Network Associates PGP
     • Tom Zerucha reference implementation
     • GNU Privacy Guard

                              Information Security Group
    OpenPGP Message Format
Encrypted Session
Key (one per
                    Compressed            Literal
“recipient”)
                    Data                  Data

Encrypted Data




                    Signature
                    (Optional)
                             Information Security Group
 OpenPGP Message Format (2)
Encrypted Session
Key (one per
                    Compressed            Literal
“recipient”)
                    Data                  Data

Encrypted Data




                    Signature
                    (Optional)
                             Information Security Group
 OpenPGP Message Format (3)
Encrypted Session
Key (one per
                    Compressed            Literal
“recipient”)
                    Data                  Data

Encrypted Data




                    Signature
                    (Optional)
                             Information Security Group
OpenPGP Certificates

                         key


                                  Certification


            User ID                    User ID




                                                  Signature



Signature             Signature



                      Certificate

                                            Information Security Group
     OpenPGP Dual Key Cert

Signing Key
(Typically DSS)

Encryption Key
(Typically
Elgamal)


Binding signature


                    Information Security Group
  OpenPGP Dual Key Cert (2)

Signing Key
(Typically DSS)

Encryption Key
(Typically
Elgamal)


Binding signature


                    Information Security Group
  OpenPGP Dual Key Cert (3)

Signing Key
(Typically DSS)

Encryption Key      Encryption Key
(Typically          (Typically
Elgamal)            Elgamal)


Binding signature   Binding signature


                              Information Security Group
  OpenPGP Dual Key Cert (4)

Signing Key
(Typically DSS)

Encryption Key      Signing Key         Encryption Key
(Elgamal)           (RSA)               (EC, lives on
                                        Smart card)


Binding signature   Binding signature   Binding signature


                              Information Security Group
       OpenPGP Trust Model

• OpenPGP doesn’t have a trust model
• OpenPGP can use any trust model
• OpenPGP can support
  – Direct Trust
  – Hierarchical Trust
  – Cumulative Trust


                         Information Security Group
                Trust Models

• Direct Trust
  –   I trust your cert because you gave it to me
  –   Very secure trust model (do you trust yourself)
  –   Scales least well
  –   Used in OpenPGP, S/MIME, IPsec, TLS/SSL,
      etc.



                              Information Security Group
               Trust Models

• Hierarchical Trust
  – I trust your cert because its issuer has a cert
    issued by someone … whom I trust
  – Least secure trust model
     • Damage spreads through tree
     • Recovery is difficult




                              Information Security Group
             Trust Models

• Hierarchical Trust (continued)
  – Best scaling, mimics organizations
  – Used in OpenPGP, S/MIME, IPsec, TLS/SSL,
    etc.




                         Information Security Group
               Trust Models

• Cumulative Trust (a.k.a. Web of Trust)
  – I trust your cert because some collection of
    people whom I trust issued certifications
  – Potentially more secure than direct trust
  – Scales almost as well as HT for intra-
    organization



                             Information Security Group
               Trust Models

• Cumulative Trust
  – Handles inter-organization problems
     • Company A issues only to full-time employees
     • Company B issues to contractors and temps
     • A and B’s management issue edict for cross
       certification
  – Addresses “two id” problem
     • How do you know John Smith(1) is John Smith(2)?


                              Information Security Group
    Other Relevant Standards

• So What?
• Why Bother?
• Myths about OpenPGP




                        Information Security Group
                   So What?

• X.509 is everywhere
  – OpenPGP is small (code and data)
     • Zerucha imp. is 5000 lines of C (sans crypto)
  – Suitable for embedded & end-user applications
     • Used by banks, etc. transparently
  – It’s Flexible and Small!
  – It actually works


                                Information Security Group
                Why Bother?

• S/MIME will take over
  – PGP has years of deployment
     • 90%? Traffic is some PGP.
  – PGP is only strong crypto
     • S/MIME 3 is much better
     • Outside the US, there is distrust
     • Can you see the source?
  – Cisco: Secure email is PGP’s to lose

                                 Information Security Group
                     Myths

• It’s email only
  – It’s for any “object”
• It requires the web of trust
  – Can use any trust model
  – Businesses use PGP with hierarchies today
• It’s proprietary
  – IETF Standard

                            Information Security Group
       Present Into The Future

• Ultimately, data formats are less important
  than you’d think
• On desktops, size matters less
  – But small systems will be with us always
• Description of the OpenPGP philosophy
  – PGP implemented in X.509
  – Certification Process

                            Information Security Group
         OpenPGP Philosophy

• Everyone is potentially a CA
   – This is going to happen whether you like or not.
• Everyone has different policies
   – Wait until you do inter-business PKI
• One size will not fit all
   – Validity is in the eye of the beholder
   – Trust comes from below

                              Information Security Group
   Potential PGP/X.509 merger

• Ideas of PGP
• Syntax of X.509
• Disclaimer
  – This doesn’t exist
  – It’s all still experimental




                                  Information Security Group
        X.509 Certificate

     Public Key


User Information
(DN & Stuff)

  Signature binds
Key and Information



                      Information Security Group
    PGP in X.509 Drag

Key 1         Key 1          Key 1

User 1        User 1         User 2

Signature 1   Signature 2    Signature 3




                       Information Security Group
  PGP Certification Process
           PGP Certificate
              Server            Pending
                                 Area


   PGP
   Cert


                                    PGP CA
User


                    Information Security Group
  PGP Certification Process
           PGP Certificate
              Server            Pending
                                 Area


                        PGP
                        Cert

                                    PGP CA
User


                    Information Security Group
  PGP Certification Process
           PGP Certificate
              Server            Pending
                                 Area


                                          PGP
                                          Cert


                                    PGP CA
User


                    Information Security Group
  PGP Certification Process
           PGP Certificate
              Server                Pending
                                     Area




                             PGP       PGP CA
User                         Cert


                    Information Security Group
  PGP Certification Process
               PGP Certificate
                  Server            Pending
                                     Area


        PGP
        Cert

                                        PGP CA
User


                        Information Security Group
 X.509 Certification Process
                       CA
                      Server




                                              CA
User    PKCS10
       Cert Request


                           Information Security Group
 X.509 Certification Process
              CA
             Server

                            PKCS10
                           Cert Request



                                     CA
User


                  Information Security Group
 X.509 Certification Process
              CA
             Server

                            PKCS10
                           Cert Request


                   X.509
                  Certificate        CA
User


                  Information Security Group
 X.509 Certification Process
              CA
             Server




                   X.509             CA
User              Certificate


                  Information Security Group
   Certifying PGP with X.509 CA
                            CA
                           Server




PGP          PKCS10
Cert    Key Cert Request

                                 X.509             CA
       User                     Certificate


                                Information Security Group
  Starting a PGP cert from X.509




 X.509               PGP
              Key
Certificate          Cert

              User


                            Information Security Group
                   Summary

• OpenPGP is an IETF standard
  – Certificates
  – “Objects”
• It’s lightweight and flexible
• Interesting work is being done for the future



                          Information Security Group

								
To top