Monica Stoica, [email protected]
Books and papers used: http://www.sun.com/software/white-papers/wp-security-devsecpolicy/ http://people.cs.uchicago.edu/~cbarnard/pgptalk/digsig.html A method for Obtaining Digital Signatures and Public Key Cryptosystems, ACM
Even before the modern electronic age, militaries and individuals encoded sensitive messages. For example, in World War II, the Nazis used an encryption machine called Enigma that manipulated text through a series of alphabetic transformations to make the encoded text, called ciphertext, unreadable to the casual observer (Sale). Decoder rings are a popular item to put into a box of cereal, and they allow children to send and receive secret messages and pretend they are an international spy like James Bond or Ethan Hunt.
Introduction to Encryption
The benefits of this technology are many and varied, ranging from E-commerce to personal privacy issues. However, as with most good things, this technology can be used for evil purposes as well. Just as a person interested in maintaining their personal privacy could use this technology to protect their credit card information for example, a terrorist could encrypt messages sent to worldwide operatives and prevent law enforcement from understanding their movements. The American people have already decided that the benefits of encryption outweigh the potential risks and policy intended to limit this technology is doomed to failure.
Why Use Encryption?
When you send a piece of first class mail, you probably seal the envelope. With that action, you are moderately comfortable that your message will be delivered at the receiving end without anyone in between reading it, or if it has been intercepted your recipient can tell. If someone wanted to watch all of the surface mail traveling through a certain point, he or she would have to open each envelope, read the information, and then reseal the envelope and have the message continue on its way. Very time consuming.
In the electronic world, however, everything is different. Your email message travels in the clear through numerous computers between you and its destination, and at any one of those points the message could be read without your knowledge.
Everyone seals the envelope when they send a first class letter. It therefore doesn't draw any attention. In the electronic world, though, it is still a minority of people who use encryption. This is unfortunate, because it draws attention to yourself. People think to themselves "I wonder what this person has to hide" when in fact the encrypter is simply exercising his or her rights to privacy. That’s why its imperative to get many people using encryption. Once "all of your friends are doing it" it will no longer be considered unusual to be exercising your right to privacy.
With conventional cryptography, you encrypt your message with a key. This key is needed to both encrypt and decrypt. You and your recipient both have that key, and only those with that key can decrypt the message. Problem: How do you get that key to your recipient? If you're a rich government, you can send couriers around with deciphering pads. It was this problem that kept good cryptography from ordinary folks for a long time.
With public key cryptography, there are two keys involved. One key is needed to encrypt (the recipient's public key) and another key is needed to decrypt (the recipient's private key). Both keys are needed: once you've encrypted your message with one of these keys, you can only decrypt it with the other. So when you use PGP, you create a keypair. One of those, the public key, you publicize as widely as possible. The other one, the private key, you keep safe. Anyone who wants to send you private email encrypts the message with your public key. Once that message is encrypted, only you -- the owner of the corresponding private key -- can decypher the message.
Public key cryptography is computationally very expensive. It takes a lot of computing power to decrypt and encrypt a message. Therefore, PGP can be done by encrypting your message with a conventional algorithm (the IDEA algorithm), and then use the recipient's public key to encrypt just the IDEA key needed to decrypt the message.
Public Key Distribution
There are two ways that keys could be distributed. One way is to have a central clearinghouse that will be responsible for the authenticity of all keys that it has. When you create a key, you give it to this clearinghouse, convince them that it is genuine, and then they distribute it to whomever wants it. This is how other encryption algorithms work. PGP doesn't do this. Its that Cental Authority part that PGP users don't like. Instead, there is something called a Web of Trust.
Example of how PGP Works
John creates his key pair and wants to distribute his public key so that anyone can send him email. The first thing he does after he's made the key available is walk down the hall to Sue's office to get her to sign it. She adds the key to her public keyring, verifies with John that it really is his key, and she signs it. The easiest way to verify the key is to compare its fingerprint.
John then takes a copy of his key with her signature and makes that version of his public key available. Now anyone who gets his public key will find Sue's signature attached to it. So if Bill gets the key and doesn't know John but does know Sue, he can use the key confidently because he can verify Sue's signature. Sue is guaranteeing John's key.
Verifying Public Keys
If you receive a public key from someone, either out of their plan, or in the mail, or wherever, you want some way to verify that it is correct. If you were masochistic you could try to read it, character by character, on the phone back and forth to make sure that its right, but I think you'll agree that reading the following page over the phone is just more painful than you care to consider.
-----BEGIN PGP PUBLIC KEY BLOCK----- Version: 2.6.2 mQB9Ai5SBjIAAAEDgMEH/SL1oVXTCojeQFs+LtIbMKTyDOakGe6PVNofoIYBzJOC efPBJuPjAhsy1wdN+drKTzUmc5jttQjAOz/8GdTyDd/Dn2KbdK1nUkhL0uVjQcQK t0I1SwLTNRglqUIk2vgxEn9yusgRKueJy+Gcla0ABRG0KENocmlzdG9waGVyIEwu IEJhcm5hcmQgPGNiYXI0NEBjYm90LmNvbT60MUNocmlzdG9waGVyIEwuIEJhcm5h cmQgPGNiYXJuYXJkQGNzLnVjaGljYWdvLmVkdT6JARUDBRAw9wFk6Ua5BDQ4WtEB AWc/CACKDihbhCb3hxNGDGnphk6wC43v/iX3xsIherTivzpPFzNhbJn7GdWy36Zi H21sS927QvxurE3C8TLPqTIH3vLP6z+5kgHnXKw6uxJQIRvhKfawlIqBssELozyB SjaMxqt16694cdyx9F6D/XgZPwGT0ndQjD1wjrLCuhGk8rvTHiOA5kIzp2k2+0JH pcXuQ5Hm+pIAdUkDOTBG3DX9xrRxz7TayLEWODJ0XRw6xRn0v/Vyu3bmNAUyUf6V qwAnXqS40mkEXyh8ZlH70XPXhK2zNHgplld/ogwh/RSLUnr+Z/aIwb/Suj9vRMmP z3ojbk8yYJOOXiy88OtkO6aiyCgmiQCVAwUQL7qaL+WsBFE8FmB5AQH/9wP+NKQB Eh0IeQm10KTdL95+ZSKioGzqCpG591KXbPTHyRpbuYgteDoDoAGCiZ7taE7dU2Pl 3vuzk5NRyl0yq1VTL6/3crT5CYTgbzBf9BoxIwlLP5kKHShjiYAqrpKMFF/aDNjg PouUcRa27nDDBDC8XK8CydqjV69HFJTouyFQEHmJAJUDBRAv3hJO+0dzfX9RB5kB AV7uA/9h622/Ko0Vz8WsB0EkT/kT5MQvZggqJ5AdaFNhv7u8201wWUrSWc+jNiR4 kVPWu4GqiCbtVcynj7EnzUouJ1r1XQm7qFIM9JC/mkZRjsw6UU/h2AxmVcU2XO4N QKcplHEjEX3KzBqgpdHy2zl0uQKCUGjOKz96xfx8P3HieFAlFIkAlQMFEC/l0hlz 4iuXPmYitQEBCdgD/iJn1C+t34sCk5HWfHG7EYZRaJUn/prXUJFiR7LvOXGLWJni EMa4xalYHqQxnyiOOpoGxwOAUzUhiltLVKPfQvW7X3psaH4P30z3ynT73EKU4aOE prjz7JhkERbiEqQmO0oQTs42FUgdHQkAmDgXr8uu7R770rso5WgqL7ShKPFfiQCV AwUQLylvCa80BYcJwzvpAQF2mwP9FshepD176YuNiBttZuWUv9S++Z7Nj/T9b4sF P4RMUKh7lh7hCAXMujJU+Gyu8zt28lfVf59IlLrQ+zHcLLISlcS0KrO92FZBi/Ys EPlvjKIFCdO92vqKyPssrl4gHoQ7HdqgqUfjHSxcGDD72L3qeQXncIpG80v2k5fH 4ZNYGueJAJUDBRAvOkOg1H1Y19E3Ei0BASAwBADlJ96kDH9e0KTEWioWJwvx2q9K n3hLzFGakxhsDWu69SbS6c24wX5SiW94gZSVIa3+Y2c5JJzMN/TWUeIfNZ/k2lpv xxmARlT4Y42UWANgdJzeG2CEn8Ckxd/deNuTuwPImhy9EwgBNDkPiAGUV/3grUw0 pI81CcZv9MruJM6fpYkAVQIFEC5T2iM62cajbWLdNQEBlKgCALQ8UqtOdapPPZso Uqrb59W5iNWU0HWm2CCRpsea1IriqFN1v2Cgod4AFuuXHxdxjl4+75uPqrb/4Rza +3+vNH+JAIUDBRAuh0MtKueJy+Gcla0BATfTA3wKlwaR5cxNEJjbhWsUPEiynd5G FRAKkGs2PhOj/83WgTbNBV88xOjok0Dm6voBdeFJd9xRMKd41J63hI8PRVIciyK+ EJJK3vf1SbW+AwwQMi38I+R/49q1KR1OaLbvHGnq81Z4OjojS9LV9DTxM6tF =4uim -----END PGP PUBLIC KEY BLOCK-----
A fingerprint is an MD5 checksum of the public key, and is much easier to read. The MD5 (Message Digest number 5) value for a file is a 128-bit value similar to a checksum. Its additional length (conventional checksums are usually either 16 or 32 bits) means that the possibility of a different or corrupted file having the same MD5 value as the file of interest is drastically reduced. Because every different file has an effectively unique MD5 value, these values can also be used to track different versions of a file.
You should generate the fingerprint of your public key as soon as you create it, and write it down somewhere.
ITAR regulations restrict access to PGP to United States and Canadian citizens. So if you are a citizen of the US or Canada, you should get the latest version of PGP (currently 2.6.2) from the official MIT distribution site at http://bs.mit.edu:8001/pgp-form.html If you are outside of the United States or Canada, you should get the program from a European or Asian mirror site. This site in England has a fairly complete list of sites around the world where you can obtain PGP for Unix, Mac, or PC platforms. If you are a commercial company, you should get version 2.7, the commercial version, from ViaCrypt. If you have problems compiling PGP, a FAQ is available from the same site that distributes PGP.
How to Encrypt a Message
A message is encrypted by representing it as a number M, raising M to a publicly specified power e, and then taking the remainder when the result is divided by the publicly specified product, n, of two large secret prime numbers p and q. Decryption is similar; only a different, secret, power d is used, where e * d = 1 (mod (p - 1) * (q - 1)). The security of the system rests in part on the difficulty of factoring the published divisor, n.
If electronic mail systems are to replace the existing paper mail system for business transactions, "signing" an electronic message must be possible. The recipient of a signed message has proof that the message originated from the sender. This quality is stronger than mere authentication (where the recipient can verify that the message came from the sender); the recipient can convince a "judge" that the signer sent the message. To do so, he must convince the judge that he did not forge the signed message himself! In an authentication problem the recipient does not worry about this possibility, since he only wants to satisfy himself that the message came from the sender.
An electronic signature must be messagedependent, as well as signer-dependent. Otherwise the recipient could modify the message before showing the messagesignature pair to a judge. Or he could attach the signature to any message whatsoever, since it is impossible to detect electronic "cutting and pasting."
An electronic checking system could be based on a signature system. It is easy to imagine an encryption device in your home computer terminal allowing you to sign checks that get sent by electronic mail to the payee. It would only be necessary to include a unique check number in each check so that even if the payee copies the check the bank will only honor the first version it sees.
Using signatures in every day life
Another possibility arises if encryption devices can be made fast enough: it will be possible to have a telephone conversation in which every word spoken is signed by the encryption device before transmission. When encryption is used for signatures as above, it is important that the encryption device not be "wired in" between the terminal (or computer) and the communications channel, since a message may have to be successively enciphered with several keys. It is perhaps more natural to view the encryption device as a "hardware subroutine" that can be executed as needed.
Sending checks to the bank
How can user Bob send the bank a "signed" message M in a public-key cryptosystem? He first computes his "signature" S for the message M using DB : S = DB (M). He then encrypts S using EA (for privacy) and sends the result EA (S) to the bank. He need not send M as well since it can be computed from S.
The bank first decrypts the cyphertext with DA to obtain S. The bank knows who is the presumed sender of the signature. The bank then extracts the message with the encryption procedure of the sender, in this case EB available on the public file: M = EB (S) The bank now posses a message-signature pair (M,S) with properties similar to those of a signed document. Bob cannot later deny having sent to the bank this message since no one else could have created S = DB (M). The bank can convince a judge that EB (S) = M, so the bank has proof that Bob signed the document