Upgrade to Pro — share decks privately, control downloads, hide ads and more …

PGP Encryption and Signing

PGP Encryption and Signing

Personal privacy and security are important. This talk covers what PGP encryption is and how you can use it as a developer. This deck is designed to be used as a lightning talk.

Jeff Carouth

October 29, 2014
Tweet

More Decks by Jeff Carouth

Other Decks in Technology

Transcript

  1. PGP Encryption and
    Key Signing

    View full-size slide

  2. PGP stands for Pretty
    Good Privacy. It is a
    trademarked program for
    encryption and
    decryption.

    View full-size slide

  3. OpenPGP is the standard
    for PGP encryption. PGP
    and other programs
    comply with this
    standard.

    View full-size slide

  4. Gnu Privacy Guard is an
    open source implementation
    of OpenPGP. It is abbreviated
    as GPG.

    View full-size slide

  5. What are you
    trying to hide?
    nothing.

    View full-size slide

  6. Aspects of Security
    Privacy Integrity Authenticity

    View full-size slide

  7. Nobody except the intended
    recipient can read the
    contents of the message.
    Privacy

    View full-size slide

  8. The message that is
    delivered is the exact
    message that was sent.
    integrity

    View full-size slide

  9. The sender and receiver can
    be sure of the other’s
    identity.
    authenticity

    View full-size slide

  10. PGP security features
    Encrypt/Decrypt messages
    Sign and verify messages
    Validate and sign keys

    View full-size slide

  11. encryption basics
    Symmetric Asymmetric

    View full-size slide

  12. Both parties use the same
    secret to encrypt and
    decrypt the message.
    Symmetric

    View full-size slide

  13. One half of a key pair is
    used for encrypting and the
    corresponding other half for
    decryption.
    Asymmetric

    View full-size slide

  14. Symmetric
    Fast
    Not resource intensive
    Useful for messages of various sizes
    Requires sharing the secret password

    View full-size slide

  15. Symmetric
    Does not requiring sharing the whole
    key
    Can be used for both encryption and
    signing
    Very resource intensive
    Useful on only small messages

    View full-size slide

  16. PGP Encryption
    Symmetric Asymmetric
    +

    View full-size slide

  17. PGP encryption uses
    symmetric encryption to
    encrypt the data using a
    generated secret key.

    View full-size slide

  18. It uses asymmetric
    encryption to encrypt the
    generated secret key using
    the recipient’s public key.

    View full-size slide

  19. http://en.wikipedia.org/wiki/Pretty_Good_Privacy

    View full-size slide

  20. Use Cases
    Email Encryption
    Document Signing
    Commit Signing
    Password Sharing
    File Encryption

    View full-size slide

  21. Email Encryption

    View full-size slide

  22. Git Commit Signing

    View full-size slide

  23. Shared Password Encryption

    View full-size slide

  24. Next Steps
    Generate a key pair if you do not have one or have
    forgotten the passphrase.

    !
    Distribute your public key. Consider sending it to a
    public key server.

    !
    Verify keys with people here. Sign and distribute these
    keys.

    !
    Use your key.

    View full-size slide

  25. Resources
    http://carouth.com/blog/2014/05/04/keysigning-at-php-tek-2014/

    http://www.phildev.net/pgp/gpgkeygen.html

    https://alexcabal.com/creating-the-perfect-gpg-keypair/

    http://carouth.com/blog/2014/05/25/signing-pgp-keys/

    http://openpgp.quelltextlich.at/slip.html

    View full-size slide