Pro Yearly is on sale from $80 to $50! »

PGP Encryption and Signing

PGP Encryption and Signing

Personal privacy and security are important. This talk covers what PGP encryption is and how you can use it as a developer. This deck is designed to be used as a lightning talk.

0f930e13633535c1c4041e95b8881308?s=128

Jeff Carouth

October 29, 2014
Tweet

Transcript

  1. PGP Encryption and Key Signing

  2. PGP stands for Pretty Good Privacy. It is a trademarked

    program for encryption and decryption.
  3. OpenPGP is the standard for PGP encryption. PGP and other

    programs comply with this standard.
  4. Gnu Privacy Guard is an open source implementation of OpenPGP.

    It is abbreviated as GPG.
  5. What are you trying to hide? nothing.

  6. Aspects of Security Privacy Integrity Authenticity

  7. Nobody except the intended recipient can read the contents of

    the message. Privacy
  8. The message that is delivered is the exact message that

    was sent. integrity
  9. The sender and receiver can be sure of the other’s

    identity. authenticity
  10. PGP security features Encrypt/Decrypt messages Sign and verify messages Validate

    and sign keys
  11. encryption basics Symmetric Asymmetric

  12. Both parties use the same secret to encrypt and decrypt

    the message. Symmetric
  13. One half of a key pair is used for encrypting

    and the corresponding other half for decryption. Asymmetric
  14. Symmetric Fast Not resource intensive Useful for messages of various

    sizes Requires sharing the secret password
  15. Symmetric Does not requiring sharing the whole key Can be

    used for both encryption and signing Very resource intensive Useful on only small messages
  16. PGP Encryption Symmetric Asymmetric +

  17. PGP encryption uses symmetric encryption to encrypt the data using

    a generated secret key.
  18. It uses asymmetric encryption to encrypt the generated secret key

    using the recipient’s public key.
  19. http://en.wikipedia.org/wiki/Pretty_Good_Privacy

  20. Use Cases Email Encryption Document Signing Commit Signing Password Sharing

    File Encryption
  21. Email Encryption

  22. Git Commit Signing

  23. Shared Password Encryption

  24. Next Steps Generate a key pair if you do not

    have one or have forgotten the passphrase. ! Distribute your public key. Consider sending it to a public key server. ! Verify keys with people here. Sign and distribute these keys. ! Use your key.
  25. None
  26. Resources http://carouth.com/blog/2014/05/04/keysigning-at-php-tek-2014/ http://www.phildev.net/pgp/gpgkeygen.html https://alexcabal.com/creating-the-perfect-gpg-keypair/ http://carouth.com/blog/2014/05/25/signing-pgp-keys/ http://openpgp.quelltextlich.at/slip.html