Alice & Bob: public key cryptography 101 - Loadays

Transcript

1. Alice & Bob Loadays - 16 & 17 april 2011

   Antwerp - Belgium Public key cryptography 101 http://joind.in/3305 woensdag 25 april 12

2. Who am I? Joshua Thijssen (32) Senior Software Engineer @

   Enrise Development in PHP, Python, Perl, C, Java.... Blogs: http://www.adayinthelifeof.nl http://www.enrise.com/blog Email: [email protected] Twitter: @jaytaph Identi.ca: jaytaph woensdag 25 april 12

3. What are we discussing? ‣ An introduction into public key

   encryption ‣ But first of all... ‣ Who are Alice and Bob??? woensdag 25 april 12

4. Terminology (1) woensdag 25 april 12

5. Terminology (1) Meet Alice, and Bob. woensdag 25 april 12

6. Terminology (2) Fictional characters who are representing either side of

   the (communication) line. Person A(lice) is sending a message to person B(ob). woensdag 25 april 12

7. Terminology (3) http://labs.google.com/sets?hl=en&q1=plaintext&q2=ciphertext&q3=cipher&q4=deterministic&q5=rsa&btn=Large+Set http://www.wordle.net/create woensdag 25 april 12

8. Encryption history Before we look at good encryptions, let’s take

   a look at some bad ones... http://www.flickr.com/photos/wwworks/4612188594/sizes/m/in/photostream/ woensdag 25 april 12

9. Encryption history (1) “algorithm”: A = 1, B = 2,

   C = 3, ...., Z = 26 ‣ SUBSTITUTION SCHEME woensdag 25 april 12

10. Encryption history (1) Encrypted message: 12,1,13,5 “algorithm”: A = 1,

    B = 2, C = 3, ...., Z = 26 ‣ SUBSTITUTION SCHEME woensdag 25 april 12

11. Encryption history (1) Encrypted message: 12,1,13,5 “algorithm”: A = 1,

    B = 2, C = 3, ...., Z = 26 = L,A,M,E ‣ SUBSTITUTION SCHEME woensdag 25 april 12

12. “algorithm”: A = (A + key) mod 26, B =

    (B + key) mod 26 .... Z = (Z + key) mod 26 or: m = m + k mod 26 ‣ CAESAREAN CIPHER Encryption history (2) woensdag 25 april 12

13. “algorithm”: A = (A + key) mod 26, B =

    (B + key) mod 26 .... Z = (Z + key) mod 26 or: m = m + k mod 26 Message: L A M E ‣ CAESAREAN CIPHER Encryption history (2) woensdag 25 april 12

14. “algorithm”: A = (A + key) mod 26, B =

    (B + key) mod 26 .... Z = (Z + key) mod 26 or: m = m + k mod 26 Message: L A M E Ciphertext (key=1): M B N F ‣ CAESAREAN CIPHER Encryption history (2) woensdag 25 april 12

15. “algorithm”: A = (A + key) mod 26, B =

    (B + key) mod 26 .... Z = (Z + key) mod 26 or: m = m + k mod 26 Message: L A M E Ciphertext (key=1): M B N F Ciphertext (key=-1): K Z L D ‣ CAESAREAN CIPHER Encryption history (2) woensdag 25 april 12

16. “algorithm”: A = (A + key) mod 26, B =

    (B + key) mod 26 .... Z = (Z + key) mod 26 or: m = m + k mod 26 Message: L A M E Ciphertext (key=1): M B N F Ciphertext (key=-1): K Z L D Ciphertext (key=26): L A M E ‣ CAESAREAN CIPHER Encryption history (2) woensdag 25 april 12

17. “algorithm”: A = (A + key) mod 26, B =

    (B + key) mod 26 .... Z = (Z + key) mod 26 or: m = m + k mod 26 Message: L A M E Ciphertext (key=1): M B N F Ciphertext (key=-1): K Z L D Ciphertext (key=26): L A M E Ciphertext (key=0): L A M E ‣ CAESAREAN CIPHER Encryption history (2) woensdag 25 april 12

18. “algorithm”: A = (A + key) mod 26, B =

    (B + key) mod 26 .... Z = (Z + key) mod 26 or: m = m + k mod 26 Message: L A M E Ciphertext (key=1): M B N F Ciphertext (key=-1): K Z L D Ciphertext (key=26): L A M E Ciphertext (key=0): L A M E Ciphertext (key=13): Y N Z R (ROT13) ‣ CAESAREAN CIPHER Encryption history (2) woensdag 25 april 12

19. Encryption history (3) ‣ FLAWS ON THESE CIPHERS woensdag 25

    april 12

20. Encryption history (3) ‣ Key is too easy to guess.

    ‣ FLAWS ON THESE CIPHERS woensdag 25 april 12

21. Encryption history (3) ‣ Key is too easy to guess.

    ‣ Key has to be send to Bob. ‣ FLAWS ON THESE CIPHERS woensdag 25 april 12

22. Encryption history (3) ‣ Key is too easy to guess.

    ‣ Key has to be send to Bob. ‣ Deterministic. ‣ FLAWS ON THESE CIPHERS woensdag 25 april 12

23. Encryption history (3) ‣ Key is too easy to guess.

    ‣ Key has to be send to Bob. ‣ Deterministic. ‣ Prone to frequency analysis. ‣ FLAWS ON THESE CIPHERS woensdag 25 april 12

24. Frequency Analysis (1) woensdag 25 april 12

25. Frequency Analysis (1) ‣ The usage of every letter in

    the English (or any other language) can be represented by a percentage. woensdag 25 april 12

26. Frequency Analysis (1) ‣ The usage of every letter in

    the English (or any other language) can be represented by a percentage. ‣ ‘E’ is used 12.7% of the times in english texts, the ‘Z’ only 0.074%. woensdag 25 april 12

27. Frequency Analysis (2) http://www.gutenberg.org/cache/epub/14082/pg14082.txt Once upon a midnight dreary, while

    I pondered, weak and weary, Over many a quaint and curious volume of forgotten lore— While I nodded, nearly napping, suddenly there came a tapping, As of some one gently rapping—rapping at my chamber door. "'Tis some visitor," I muttered, "tapping at my chamber door— Only this and nothing more." Ah, distinctly I remember, it was in the bleak December, And each separate dying ember wrought its ghost upon the floor. Eagerly I wished the morrow;—vainly I had sought to borrow From my books surcease of sorrow—sorrow for the lost Lenore— For the rare and radiant maiden whom the angels name Lenore— Nameless here for evermore. And the silken sad uncertain rustling of each purple curtain Thrilled me—filled me with fantastic terrors never felt before; So that now, to still the beating of my heart, I stood repeating "'Tis some visitor entreating entrance at my chamber door— Some late visitor entreating entrance at my chamber door;— This it is and nothing more." ‣ EDGAR ALLAN POE: THE RAVEN woensdag 25 april 12

28. Frequency Analysis (3) A small bit of text can result

    in differences, but still there are some letters we can deduce.. ‣ “THE RAVEN”, FIRST PARAGRAPH woensdag 25 april 12

29. Frequency Analysis (3) A small bit of text can result

    in differences, but still there are some letters we can deduce.. ‣ “THE RAVEN”, FIRST PARAGRAPH woensdag 25 april 12

30. Frequency Analysis (4) We can deduce almost all letters just

    without even CARING about the crypto algorithm used. ‣ “THE RAVEN”, ALL PARAGRAPHS woensdag 25 april 12

31. Encryption algorithms ‣ WHAT IS A GOOD ENCRYPTION ALGORITHM? woensdag

    25 april 12

32. Encryption algorithms ‣ Have an “open” algorithm. ‣ WHAT IS

    A GOOD ENCRYPTION ALGORITHM? woensdag 25 april 12

33. Encryption algorithms ‣ Have an “open” algorithm. ‣ Have strong

    mathematical proof. ‣ WHAT IS A GOOD ENCRYPTION ALGORITHM? woensdag 25 april 12

34. Encryption algorithms ‣ Have an “open” algorithm. ‣ Have strong

    mathematical proof. ‣ Knowing the algorithm cannot let you encrypt or decrypt without the key. ‣ WHAT IS A GOOD ENCRYPTION ALGORITHM? woensdag 25 april 12

35. Encryption algorithms (1) ‣ SYMMETRICAL ALGORITHMS woensdag 25 april 12

36. Encryption algorithms (1) ‣ Previous examples were symmetrical encryptions. ‣

    SYMMETRICAL ALGORITHMS woensdag 25 april 12

37. Encryption algorithms (1) ‣ Previous examples were symmetrical encryptions. ‣

    Same key is used for both encryption and decryption. ‣ SYMMETRICAL ALGORITHMS woensdag 25 april 12

38. Encryption algorithms (1) ‣ Previous examples were symmetrical encryptions. ‣

    Same key is used for both encryption and decryption. ‣ Good symmetrical encryptions: AES, Blowfish, (3)DES ‣ SYMMETRICAL ALGORITHMS woensdag 25 april 12

39. Encryption algorithms (2) ‣ THE PROBLEM WITH SYMMETRICAL ALGORITHMS woensdag

    25 april 12

40. Encryption algorithms (2) ‣ How do we send over the

    key securely? ‣ THE PROBLEM WITH SYMMETRICAL ALGORITHMS woensdag 25 april 12

41. Encryption algorithms (2) ‣ How do we send over the

    key securely? ‣ O hai egg, meet chicken. ‣ THE PROBLEM WITH SYMMETRICAL ALGORITHMS woensdag 25 april 12

42. Public key encryption Another encryption method: asymmetrical encryption or public

    key encryption. ‣ FINALLY, WE HAVE ARRIVED... woensdag 25 april 12

43. Public key encryption (1) http://upload.wikimedia.org/wikipedia/commons/f/f9/Public_key_encryption.svg ‣ USES 2 KEYS INSTEAD

    OF ONE: A KEYPAIR woensdag 25 april 12

44. Public key encryption (2) It is NOT possible to decrypt

    the message with same key that is used to encrypt We can encrypt with either key. woensdag 25 april 12

45. Public key encryption (3) ‣ MULTIPLE APPLICATIONS FOR PUBLIC KEY

    ENCRYPTION woensdag 25 april 12

46. Public key encryption (3) ‣ Can be used for encrypting

    data. ‣ MULTIPLE APPLICATIONS FOR PUBLIC KEY ENCRYPTION woensdag 25 april 12

47. Public key encryption (3) ‣ Can be used for encrypting

    data. ‣ Can be used for data validation and authentication (signing). ‣ MULTIPLE APPLICATIONS FOR PUBLIC KEY ENCRYPTION woensdag 25 april 12

48. Symmetrical vs Asymmetrical (1) Symmetrical ✓ quick. ✓ not resource

    intensive. ✓ useful for small and large messages. ✗ need to send over the key to the other side. Asymmetrical ✓ no need to send over the (whole) key. ✓ can be used for encryption and validation (signing). ✗ very resource intensive. ✗ only useful for small messages. woensdag 25 april 12

49. Symmetrical vs Asymmetrical (2) Use symmetrical encryption for the (large)

    message and encrypt the key used with an asymmetrical encryption method. woensdag 25 april 12

50. Symmetrical vs Asymmetrical (3) Hybrid ✓ quick ✓ not resource

    intensive ✓ useful for small and large messages ✓ safely exchange key data woensdag 25 april 12

51. Symmetrical vs Asymmetrical (3) + Hybrid ✓ quick ✓ not

    resource intensive ✓ useful for small and large messages ✓ safely exchange key data woensdag 25 april 12

52. Symmetrical vs Asymmetrical (3) + = http://www.zastavki.com/pictures/1152x864/2008/Animals_Cats_Small_cat_005241_.jpg Hybrid ✓ quick

    ✓ not resource intensive ✓ useful for small and large messages ✓ safely exchange key data woensdag 25 april 12

53. How does it work? We will focus on the popular

    RSA, but there are other algorithms as well: DH, DSS(DSA) etc... woensdag 25 april 12

54. How does it work? (1) Public key encryption works on

    the premise that it is practically impossible to refactor a large number back into 2 separate prime numbers. woensdag 25 april 12

55. How does it work? (1) Public key encryption works on

    the premise that it is practically impossible to refactor a large number back into 2 separate prime numbers. Prime number is only divisible by 1 and itself: 2, 3, 5, 7, 11, 13, 17, 19 etc... woensdag 25 april 12

56. How does it work? (2) woensdag 25 april 12

57. How does it work? (2) ‣ There is no proof

    that it’s impossible to refactor quickly (all tough it doesn’t look plausible) woensdag 25 april 12

58. How does it work? (2) ‣ There is no proof

    that it’s impossible to refactor quickly (all tough it doesn’t look plausible) ‣ Brute-force decrypting is always lurking around (quicker machines, better algorithms). woensdag 25 april 12

59. How does it work? (2) ‣ There is no proof

    that it’s impossible to refactor quickly (all tough it doesn’t look plausible) ‣ Brute-force decrypting is always lurking around (quicker machines, better algorithms). ‣ Good enough today != good enough tomorrow. woensdag 25 april 12

60. How does it work? (3) woensdag 25 april 12

61. How does it work? (3) “large” number: 221 woensdag 25

    april 12

62. How does it work? (3) “large” number: 221 but we

    cannot “calculate” its prime factors without brute force (it’s 13 and 17 btw) woensdag 25 april 12

63. Math example ‣ LET’S DO SOME MATH woensdag 25 april

    12

64. Math example This is mathness! woensdag 25 april 12

65. Math example No, this is RSAAAAAAAA woensdag 25 april 12

66. Math example woensdag 25 april 12

67. Math example ‣ p = (large) prime number ‣ q

    = (large) prime number (but not too close to p) ‣ n = p . q (= bit length of the rsa-key) ‣ φ = (p-1) . (q-1) (the φ thingie is called phi) ‣ e = gcd(e, φ) = 1 ‣ d = e^-1 mod φ ‣ public key = tuple (n, e) ‣ private key = tuple (n, d) woensdag 25 april 12

68. Math example woensdag 25 april 12

69. Math example Step 1: select primes P and Q ‣

    P = ? | Q = ? | N = ? | Phi = ? | e = ? | d = ? woensdag 25 april 12

70. Math example Step 1: select primes P and Q ‣

    P = 11 ‣ P = ? | Q = ? | N = ? | Phi = ? | e = ? | d = ? woensdag 25 april 12

71. Math example Step 1: select primes P and Q ‣

    P = 11 ‣ Q = 3 ‣ P = ? | Q = ? | N = ? | Phi = ? | e = ? | d = ? woensdag 25 april 12

72. Math example Step 2: calculate N and Phi ‣ P

    = 11 | Q = 3 | N = ? | Phi = ? | e = ? | d = ? woensdag 25 april 12

73. Math example ‣ N = P . Q = 11.3

    = 33 Step 2: calculate N and Phi ‣ P = 11 | Q = 3 | N = ? | Phi = ? | e = ? | d = ? woensdag 25 april 12

74. Math example ‣ N = P . Q = 11.3

    = 33 ‣ Phi = (11-1) . (3-1) = 10.2 = 20 Step 2: calculate N and Phi ‣ P = 11 | Q = 3 | N = ? | Phi = ? | e = ? | d = ? woensdag 25 april 12

75. Math example Step 3: find e ‣ P = 11

    | Q = 3 | N = 33 | Phi = 20 | e = ? | d = ? woensdag 25 april 12

76. Math example Step 3: find e ‣ e = 3

    (Fermat prime: 3, 17, 65537) ‣ P = 11 | Q = 3 | N = 33 | Phi = 20 | e = ? | d = ? woensdag 25 april 12

77. Math example Step 3: find e ‣ e = 3

    (Fermat prime: 3, 17, 65537) ‣ gcd(3, 20) = 1 ‣ P = 11 | Q = 3 | N = 33 | Phi = 20 | e = ? | d = ? woensdag 25 april 12

78. Math example ‣ P = 11 | Q = 3

    | N = 33 | Phi = 20 | e = 3 | d = ? Step 4: find d woensdag 25 april 12

79. Math example ‣ P = 11 | Q = 3

    | N = 33 | Phi = 20 | e = 3 | d = ? Step 4: find d ‣ Extended Euclidean Algorithm gives 7 woensdag 25 april 12

80. Math example ‣ P = 11 | Q = 3

    | N = 33 | Phi = 20 | e = 3 | d = ? Step 4: find d ‣ Extended Euclidean Algorithm gives 7 ‣ brute force: (e.d mod n = 1) woensdag 25 april 12

81. Math example ‣ P = 11 | Q = 3

    | N = 33 | Phi = 20 | e = 3 | d = ? Step 4: find d ‣ Extended Euclidean Algorithm gives 7 ‣ brute force: (e.d mod n = 1) 3 . 1 = 3 mod 20 = 3 3 . 2 = 6 mod 20 = 6 3 . 3 = 9 mod 20 = 9 3 . 4 = 12 mod 20 = 12 3 . 5 = 15 mod 20 = 15 3 . 6 = 18 mod 20 = 18 3 . 7 = 21 mod 20 = 1 3 . 8 = 24 mod 20 = 4 3 . 9 = 27 mod 20 = 7 woensdag 25 april 12

82. Math example ‣ P = 11 | Q = 3

    | N = 33 | Phi = 20 | e = 3 | d = 7 woensdag 25 april 12

83. Math example That’s it: ‣ P = 11 | Q

    = 3 | N = 33 | Phi = 20 | e = 3 | d = 7 woensdag 25 april 12

84. Math example That’s it: ‣ public key = (n, e)

    = (33, 3) ‣ P = 11 | Q = 3 | N = 33 | Phi = 20 | e = 3 | d = 7 woensdag 25 april 12

85. Math example That’s it: ‣ public key = (n, e)

    = (33, 3) ‣ private key = (n, d) = (33, 7) ‣ P = 11 | Q = 3 | N = 33 | Phi = 20 | e = 3 | d = 7 woensdag 25 april 12

86. Math example The actual math is much more complex since

    we use very large numbers, but it all comes down to these (relatively simple) calculations.. woensdag 25 april 12

87. Encrypting & decrypting Encrypting a message: c = me mod

    n Decrypting a message: m = cd mod n woensdag 25 april 12

88. Encrypting & decrypting (1) Encrypting a message: private key =

    (n,d) = (33, 7): m = 13, 20, 15, 5 13^7 mod 33 = 7 20^7 mod 33 = 26 15^7 mod 33 = 27 5^7 mod 33 = 14 c = 7, 26, 27,14 woensdag 25 april 12

89. Encrypting & decrypting (2) Decrypting a message: public key =

    (n,e) = (33, 3): c = 7, 26, 27, 14 7^3 mod 33 = 13 26^3 mod 33 = 20 27^3 mod 33 = 15 14^3 mod 33 =5 m = 13, 20, 15, 5 woensdag 25 april 12

90. Encrypting & decrypting (3) woensdag 25 april 12

91. ‣ A message is an “integer”, not a block of

    data. Encrypting & decrypting (3) woensdag 25 april 12

92. ‣ A message is an “integer”, not a block of

    data. ‣ A message must be between 2 and n-1. Encrypting & decrypting (3) woensdag 25 april 12

93. ‣ A message is an “integer”, not a block of

    data. ‣ A message must be between 2 and n-1. ‣ Deterministic, so we must use a padding scheme to make it non-deterministic. Encrypting & decrypting (3) woensdag 25 april 12

94. ‣ Public Key Cryptography Standard #1 ‣ Pads data with

    (random) bytes up to n bits in length (v1.5 or OAEP/v2.x). ‣ Got it flaws and weaknesses too. Always use the latest available version (v2.1) Encrypting & decrypting (4) ‣ http://www.rsa.com/rsalabs/node.asp?id=2125 woensdag 25 april 12

95. ‣ PKCS#1 (v1.5) IN ACTION Data = 4E636AF98E40F3ADCFCCB698F4E80B9F The encoded

    message block, EMB, after encoding but before encryption, with random padding bytes shown in green: 0002257F48FD1F1793B7E5E02306F2D3228F5C95ADF5F31566729F132AA12009 E3FC9B2B475CD6944EF191E3F59545E671E474B555799FE3756099F044964038 B16B2148E9A2F9C6F44BB5C52E3C6C8061CF694145FAFDB24402AD1819EACEDF 4A36C6E4D2CD8FC1D62E5A1268F496004E636AF98E40F3ADCFCCB698F4E80B9F After RSA encryption, the output is: 3D2AB25B1EB667A40F504CC4D778EC399A899C8790EDECEF062CD739492C9CE5 8B92B9ECF32AF4AAC7A61EAEC346449891F49A722378E008EFF0B0A8DBC6E621 EDC90CEC64CF34C640F5B36C48EE9322808AF8F4A0212B28715C76F3CB99AC7E 609787ADCE055839829E0142C44B676D218111FFE69F9D41424E177CBA3A435B http://www.di-mgt.com.au/rsa_alg.html#pkcs1schemes Encrypting & decrypting (5) woensdag 25 april 12

96. Implementations of public keys in real life http://farm4.static.flickr.com/3538/3420164047_09ccc14e29.jpg woensdag 25

    april 12

97. Web communication public key encryption in Web communications (aka: I

    never use my credit card for internet purchases. It’s not safe. Instead, I gave it to the waiter who walked away with it into the kitchen for 5 minutes..) woensdag 25 april 12

98. Web communication (1) ‣ BACK IN TIME Welcome to 1991:

    HTTP is plaintext. Everybody can be trusted. This page is under construction, here’s a photo of my cat and a link to geocities. woensdag 25 april 12

99. Web communication (2) ‣ BUT NOW... woensdag 25 april 12

100. Web communication (2) ‣ BUT NOW... ‣ Free WiFi everywhere

     woensdag 25 april 12

101. Web communication (2) ‣ BUT NOW... ‣ Free WiFi everywhere

     ‣ Traffic snooping woensdag 25 april 12

102. Web communication (2) ‣ BUT NOW... ‣ Free WiFi everywhere

     ‣ Traffic snooping ‣ Authorization: Basic? (yes, VERY basic) woensdag 25 april 12

103. Web communication (3) ‣ USING HTTPS woensdag 25 april 12

104. Web communication (3) ‣ USING HTTPS ‣ HTTP encapsulated by

     TLS (previously SSL). woensdag 25 april 12

105. Web communication (3) ‣ USING HTTPS ‣ HTTP encapsulated by

     TLS (previously SSL). ‣ More or less: an encryption layer on top of http. woensdag 25 april 12

106. Web communication (3) ‣ USING HTTPS ‣ HTTP encapsulated by

     TLS (previously SSL). ‣ More or less: an encryption layer on top of http. ‣ Hybrid encryption. woensdag 25 april 12

107. Web communication (4) woensdag 25 april 12

108. Web communication (4) ‣ Actual encryption methodology is decided by

     the browser and the server (highest possible encryption used). woensdag 25 april 12

109. Web communication (4) ‣ Actual encryption methodology is decided by

     the browser and the server (highest possible encryption used). ‣ Symmetric encryption (AES-256, others) woensdag 25 april 12

110. Web communication (4) ‣ Actual encryption methodology is decided by

     the browser and the server (highest possible encryption used). ‣ Symmetric encryption (AES-256, others) ‣ But both sides needs the same key, so we have the same problem as before: how do we send over the key? woensdag 25 april 12

111. Web communication (5) woensdag 25 april 12

112. Web communication (5) ‣ Key is exchanged in a public/private

     encrypted communication. woensdag 25 april 12

113. Web communication (5) ‣ Key is exchanged in a public/private

     encrypted communication. ‣ Which public and private key? woensdag 25 april 12

114. Web communication (5) ‣ Key is exchanged in a public/private

     encrypted communication. ‣ Which public and private key? ‣ They are stored inside the server’s SSL certificate woensdag 25 april 12

115. Web communication (6) ‣ “GLOBAL” HTTPS HANDSHAKE woensdag 25 april

     12

116. Web communication (6) ‣ “GLOBAL” HTTPS HANDSHAKE ‣ Browser sends

     over its encryption methods. woensdag 25 april 12

117. Web communication (6) ‣ “GLOBAL” HTTPS HANDSHAKE ‣ Browser sends

     over its encryption methods. ‣ Server decides which one to use. woensdag 25 april 12

118. Web communication (6) ‣ “GLOBAL” HTTPS HANDSHAKE ‣ Browser sends

     over its encryption methods. ‣ Server decides which one to use. ‣ Server send certificate(s). woensdag 25 april 12

119. Web communication (6) ‣ “GLOBAL” HTTPS HANDSHAKE ‣ Browser sends

     over its encryption methods. ‣ Server decides which one to use. ‣ Server send certificate(s). ‣ Client sends “session key” encrypted by the public key found in the server certificate. woensdag 25 april 12

120. Web communication (6) ‣ “GLOBAL” HTTPS HANDSHAKE ‣ Browser sends

     over its encryption methods. ‣ Server decides which one to use. ‣ Server send certificate(s). ‣ Client sends “session key” encrypted by the public key found in the server certificate. ‣ Server and client uses the “session key” for symmetrical encryption. woensdag 25 april 12

121. Web communication (7) woensdag 25 april 12

122. Web communication (7) ‣ Thus: Public/private encryption is only used

     in establishing a secondary (better!?) encryption. woensdag 25 april 12

123. Web communication (7) ‣ Thus: Public/private encryption is only used

     in establishing a secondary (better!?) encryption. ‣ SSL/TLS is a separate talk (it’s way more complex as this) woensdag 25 april 12

124. Email communication public key encryption in Email communication (aka: the

     worst communication method invented when it comes to privacy or secrecy, except for yelling) woensdag 25 april 12

125. Email communication (2) http://torontoemerg.files.wordpress.com/2010/09/spam.gif http://change-your-ip.com/wp-content/uploads/image/nigerian_419_scam.jpg woensdag 25 april 12

126. Email communication (3) ‣ DID YOU EVER SEND/RECEIVE EMAILS LIKE

     THIS? woensdag 25 april 12

127. Email communication (4) woensdag 25 april 12

128. Email communication (4) ‣ Did Bill really send this email?

     woensdag 25 april 12

129. Email communication (4) ‣ Did Bill really send this email?

     ‣ Do we know for sure that nobody has read this email (before it came to us?) woensdag 25 april 12

130. Email communication (4) ‣ Did Bill really send this email?

     ‣ Do we know for sure that nobody has read this email (before it came to us?) ‣ Do we know for sure that the contents of the message isn’t tampered with? woensdag 25 april 12

131. Email communication (4) ‣ Did Bill really send this email?

     ‣ Do we know for sure that nobody has read this email (before it came to us?) ‣ Do we know for sure that the contents of the message isn’t tampered with? ‣ We use signing! woensdag 25 april 12

132. Signing (1) woensdag 25 april 12

133. Signing (1) ‣ Signing a message means adding a signature

     that authenticates the validity of a message. woensdag 25 april 12

134. Signing (1) ‣ Signing a message means adding a signature

     that authenticates the validity of a message. ‣ Like md5 or sha1, so when the message changes, so will the signature. woensdag 25 april 12

135. Signing (1) ‣ Signing a message means adding a signature

     that authenticates the validity of a message. ‣ Like md5 or sha1, so when the message changes, so will the signature. ‣ This works on the premise that Alice and only Alice has the private key that can create the signature. woensdag 25 april 12

136. Signing (2) http://en.wikipedia.org/wiki/File:Digital_Signature_diagram.svg woensdag 25 april 12

137. Signing (3) woensdag 25 april 12

138. Signing (3) ‣ GPG / PGP: Application for signing and/or

     encrypting data (or emails). woensdag 25 april 12

139. Signing (3) ‣ GPG / PGP: Application for signing and/or

     encrypting data (or emails). ‣ Try it yourself with Thunderbird’s Enigmail extension. woensdag 25 april 12

140. Signing (3) ‣ GPG / PGP: Application for signing and/or

     encrypting data (or emails). ‣ Try it yourself with Thunderbird’s Enigmail extension. ‣ Public keys can be send / found on PGP- servers so you don’t need to send your keys to everybody all the time. woensdag 25 april 12

141. Signing (4) woensdag 25 april 12

142. Signing (5) woensdag 25 april 12

143. Signing (5) woensdag 25 april 12

144. Signing (5) woensdag 25 april 12

145. Email communication (10) ‣ ADVANTAGES OF SIGNING YOUR MAIL woensdag

     25 april 12

146. Email communication (10) ‣ ADVANTAGES OF SIGNING YOUR MAIL ‣

     Everybody can send emails that ONLY YOU can read. woensdag 25 april 12

147. Email communication (10) ‣ ADVANTAGES OF SIGNING YOUR MAIL ‣

     Everybody can send emails that ONLY YOU can read. ‣ Everybody can verify that YOU have send the email and that it is authentic. woensdag 25 april 12

148. Email communication (10) ‣ ADVANTAGES OF SIGNING YOUR MAIL ‣

     Everybody can send emails that ONLY YOU can read. ‣ Everybody can verify that YOU have send the email and that it is authentic. ‣ Why is this not the standard? woensdag 25 april 12

149. Email communication (10) ‣ ADVANTAGES OF SIGNING YOUR MAIL ‣

     Everybody can send emails that ONLY YOU can read. ‣ Everybody can verify that YOU have send the email and that it is authentic. ‣ Why is this not the standard? ‣ No really, why isn’t it the standard? woensdag 25 april 12

150. Email communication (7) woensdag 25 april 12

151. Email communication (8) woensdag 25 april 12

152. Email communication (9) Stupidity trumps everything: Don’t loose your private

     key(s) (as I did on multiple occasions) http://farm4.static.flickr.com/3231/2783827537_b4d2a5cc9a.jpg woensdag 25 april 12

153. Other applications ‣ PUBLIC KEY ENCRYPTION IN OTHER FIELDS PGP

     / GPG (encrypt / decrypt sensitive data) OpenSSH (Secure connection to other systems) IPSEC (VPN tunnels) Software signing woensdag 25 april 12

154. Any questions? http://farm1.static.flickr.com/73/163450213_18478d3aa6_d.jpg woensdag 25 april 12

155. ‣ THANK YOU FOR YOUR ATTENTION Please rate my talk

     on joind.in: http://joind.in/3305 woensdag 25 april 12