Upgrade to Pro — share decks privately, control downloads, hide ads and more …

PGP Encryption and Signing

PGP Encryption and Signing

Personal privacy and security are important. This talk covers what PGP encryption is and how you can use it as a developer. This deck is designed to be used as a lightning talk.

Jeff Carouth

October 29, 2014
Tweet

More Decks by Jeff Carouth

Other Decks in Technology

Transcript

  1. PGP Encryption and
    Key Signing

    View Slide

  2. PGP stands for Pretty
    Good Privacy. It is a
    trademarked program for
    encryption and
    decryption.

    View Slide

  3. OpenPGP is the standard
    for PGP encryption. PGP
    and other programs
    comply with this
    standard.

    View Slide

  4. Gnu Privacy Guard is an
    open source implementation
    of OpenPGP. It is abbreviated
    as GPG.

    View Slide

  5. What are you
    trying to hide?
    nothing.

    View Slide

  6. Aspects of Security
    Privacy Integrity Authenticity

    View Slide

  7. Nobody except the intended
    recipient can read the
    contents of the message.
    Privacy

    View Slide

  8. The message that is
    delivered is the exact
    message that was sent.
    integrity

    View Slide

  9. The sender and receiver can
    be sure of the other’s
    identity.
    authenticity

    View Slide

  10. PGP security features
    Encrypt/Decrypt messages
    Sign and verify messages
    Validate and sign keys

    View Slide

  11. encryption basics
    Symmetric Asymmetric

    View Slide

  12. Both parties use the same
    secret to encrypt and
    decrypt the message.
    Symmetric

    View Slide

  13. One half of a key pair is
    used for encrypting and the
    corresponding other half for
    decryption.
    Asymmetric

    View Slide

  14. Symmetric
    Fast
    Not resource intensive
    Useful for messages of various sizes
    Requires sharing the secret password

    View Slide

  15. Symmetric
    Does not requiring sharing the whole
    key
    Can be used for both encryption and
    signing
    Very resource intensive
    Useful on only small messages

    View Slide

  16. PGP Encryption
    Symmetric Asymmetric
    +

    View Slide

  17. PGP encryption uses
    symmetric encryption to
    encrypt the data using a
    generated secret key.

    View Slide

  18. It uses asymmetric
    encryption to encrypt the
    generated secret key using
    the recipient’s public key.

    View Slide

  19. http://en.wikipedia.org/wiki/Pretty_Good_Privacy

    View Slide

  20. Use Cases
    Email Encryption
    Document Signing
    Commit Signing
    Password Sharing
    File Encryption

    View Slide

  21. Email Encryption

    View Slide

  22. Git Commit Signing

    View Slide

  23. Shared Password Encryption

    View Slide

  24. Next Steps
    Generate a key pair if you do not have one or have
    forgotten the passphrase.

    !
    Distribute your public key. Consider sending it to a
    public key server.

    !
    Verify keys with people here. Sign and distribute these
    keys.

    !
    Use your key.

    View Slide

  25. View Slide

  26. Resources
    http://carouth.com/blog/2014/05/04/keysigning-at-php-tek-2014/

    http://www.phildev.net/pgp/gpgkeygen.html

    https://alexcabal.com/creating-the-perfect-gpg-keypair/

    http://carouth.com/blog/2014/05/25/signing-pgp-keys/

    http://openpgp.quelltextlich.at/slip.html

    View Slide