Upgrade to Pro — share decks privately, control downloads, hide ads and more …

PGP Encryption and Signing

Jeff Carouth
October 29, 2014
Technology
0
69

PGP Encryption and Signing

Personal privacy and security are important. This talk covers what PGP encryption is and how you can use it as a developer. This deck is designed to be used as a lightning talk.

Jeff Carouth

October 29, 2014
Tweet

More Decks by Jeff Carouth

See All by Jeff Carouth
Anti-Patterns Found in Your Object-Oriented Codebase
jcarouth
0
560
Fundamental OOP in PHP
jcarouth
7
350
Conference Speaking 101 & 102
jcarouth
0
67
A Gentle Walk Towards SOA
jcarouth
1
120
Hours Long Deployment to CD
jcarouth
0
240
Dependency Injection, Dependency Inversion, and You
jcarouth
5
890
Git and Github: Working Effectively on a Team at php[tek] 2014
jcarouth
0
560
JavaScript's Difficult Concepts – php[tek] 2014
jcarouth
2
400
Guiding Object-Oriented Design with Tests
jcarouth
5
860

Other Decks in Technology

See All in Technology
IBM Cloud PLUS - #3 IBM PowerVS 入門と最新情報
6onoda
0
110
テスト技法を使ったテストケースの表現方法/How to express test cases using test techniques
shimashima35
0
370
エンジニアのためのドキュメントライティング / Docs for Developers and Paragraph Writing
nttcom
4
730
BUILD UP for Web3 engineer
aramaki
0
600
大規模言語モデル活用総まとめ with Azure OpenAI
hirosatogamo
4
2.2k
Compose Transition Animation
yanzm
1
140
軽率に休学したら Babylon.js×WebARで 夢を3つ叶えてた / my dreams with babylon.js and WebAR
drumath2237
0
140
ZOZOTOWNの裏側に迫る! Javaで作られたBFFの開発事例を紹介
yutaro527
0
430
大規模ブロックチェーンゲームの マスアダプションまでの課題と解決への期待
miyatakoji
0
120
React開発における失敗事例と学び〜実例3選とともに〜
bitkey
PRO
2
660
サクッとAWS入門+モダン開発の基本
minorun365
11
4.1k
PHP で学ぶ Cache の距離の話 / study_cache_with_php
hanhan1978
3
870

Featured

See All Featured
Rebuilding a faster, lazier Slack
samanthasiow
70
7.6k
How To Stay Up To Date on Web Technology
chriscoyier
779
250k
Three Pipe Problems
jasonvnalue
89
9k
Intergalactic Javascript Robots from Outer Space
tanoku
261
26k
GraphQLの誤解/rethinking-graphql
sonatard
40
8k
JazzCon 2018 Closing Keynote - Leadership for the Reluctant Leader
reverentgeek
176
9.2k
The Illustrated Children's Guide to Kubernetes
chrisshort
24
43k
Principles of Awesome APIs and How to Build Them.
keavy
119
16k
How New CSS Is Changing Everything About Graphic Design on the Web
jensimmons
214
12k
Facilitating Awesome Meetings
lara
35
4.7k
The Mythical Team-Month
searls
210
40k
JavaScript: Past, Present, and Future - NDC Porto 2020
reverentgeek
39
3.7k

Transcript

  1. PGP Encryption and
    Key Signing

    View Slide

  2. PGP stands for Pretty
    Good Privacy. It is a
    trademarked program for
    encryption and
    decryption.

    View Slide

  3. OpenPGP is the standard
    for PGP encryption. PGP
    and other programs
    comply with this
    standard.

    View Slide

  4. Gnu Privacy Guard is an
    open source implementation
    of OpenPGP. It is abbreviated
    as GPG.

    View Slide

  5. What are you
    trying to hide?
    nothing.

    View Slide

  6. Aspects of Security
    Privacy Integrity Authenticity

    View Slide

  7. Nobody except the intended
    recipient can read the
    contents of the message.
    Privacy

    View Slide

  8. The message that is
    delivered is the exact
    message that was sent.
    integrity

    View Slide

  9. The sender and receiver can
    be sure of the other’s
    identity.
    authenticity

    View Slide

  10. PGP security features
    Encrypt/Decrypt messages
    Sign and verify messages
    Validate and sign keys

    View Slide

  11. encryption basics
    Symmetric Asymmetric

    View Slide

  12. Both parties use the same
    secret to encrypt and
    decrypt the message.
    Symmetric

    View Slide

  13. One half of a key pair is
    used for encrypting and the
    corresponding other half for
    decryption.
    Asymmetric

    View Slide

  14. Symmetric
    Fast
    Not resource intensive
    Useful for messages of various sizes
    Requires sharing the secret password

    View Slide

  15. Symmetric
    Does not requiring sharing the whole
    key
    Can be used for both encryption and
    signing
    Very resource intensive
    Useful on only small messages

    View Slide

  16. PGP Encryption
    Symmetric Asymmetric
    +

    View Slide

  17. PGP encryption uses
    symmetric encryption to
    encrypt the data using a
    generated secret key.

    View Slide

  18. It uses asymmetric
    encryption to encrypt the
    generated secret key using
    the recipient’s public key.

    View Slide

  19. http://en.wikipedia.org/wiki/Pretty_Good_Privacy

    View Slide

  20. Use Cases
    Email Encryption
    Document Signing
    Commit Signing
    Password Sharing
    File Encryption

    View Slide

  21. Email Encryption

    View Slide

  22. Git Commit Signing

    View Slide

  23. Shared Password Encryption

    View Slide

  24. Next Steps
    Generate a key pair if you do not have one or have
    forgotten the passphrase.

    !
    Distribute your public key. Consider sending it to a
    public key server.

    !
    Verify keys with people here. Sign and distribute these
    keys.

    !
    Use your key.

    View Slide

  25. View Slide

  26. Resources
    http://carouth.com/blog/2014/05/04/keysigning-at-php-tek-2014/

    http://www.phildev.net/pgp/gpgkeygen.html

    https://alexcabal.com/creating-the-perfect-gpg-keypair/

    http://carouth.com/blog/2014/05/25/signing-pgp-keys/

    http://openpgp.quelltextlich.at/slip.html

    View Slide