150 likes | 275 Views
Principle, utilization and limitations for secure electronic mail systems. OpenPGP - OpenPretty Good Privacy. Lindomar Bandeira Rocha. FACULDADE DE ENGENHARIA DA UNIVERSIDADE DO PORTO Segurança em Sistemas Informáticos 2009/2010. Message Encoding. Inline Encoding ( clearsigning )
E N D
Principle, utilization and limitations for secure electronic mail systems OpenPGP - OpenPrettyGoodPrivacy Lindomar Bandeira Rocha FACULDADE DE ENGENHARIA DA UNIVERSIDADE DO PORTO Segurança em Sistemas Informáticos 2009/2010
MessageEncoding • Inline Encoding ( clearsigning ) • Older choice • Good for basic email messages • PGP/MIME • More modern choice • Attachment-based OpenPGP : Principle, utilization and limitations for secure electronic mail systems
MessageEncoding: InlineEncoding • Occurs directly within the body of the email message. • OpenPGP signature at the end of the message. • Encrypted message replaces the original message body completely. OpenPGP : Principle, utilization and limitations for secure electronic mail systems
MessageEncoding: InlineEncoding • Inline- encrypted message opened without using OpenPGP program: OpenPGP : Principle, utilization and limitations for secure electronic mail systems
MessageEncoding: InlineEncoding Disadvantages : Advantages: Read by any mail client. • Non- English caracter sets; • Attachments; • Binary documents; • Mail servers can corrupt clearsigned messages. OpenPGP : Principle, utilization and limitations for secure electronic mail systems
MessageEncoding: PGP/MIME • Attachment-based: • Encrypted message send as attachment; • Signed message and signatures send as attachment; • Attachments are encrypted and attached. OpenPGP : Principle, utilization and limitations for secure electronic mail systems
MessageEncoding: PGP/MIME Disadvantages: Advantages: Mail servers never modifies attachments; Mail clients treat attachments as separated objects; Simple to encrypt different character sets or binary files. • Not supported by all mail Clients OpenPGP : Principle, utilization and limitations for secure electronic mail systems
Email Client Integration • Proxies • sits between your email client and your mail server. • Plug – Ins • integrates with your email client. OpenPGP : Principle, utilization and limitations for secure electronic mail systems
Email Client Integration: Proxies disadvantages: advantages: Works with any mail client; • Configure signing, encryption, and decryption in the proxy; • Won’t get an “encrypt and sign” button or menu option; • Have to open the proxy program and say “Encrypt all messages now” or “Encrypt messages to this email address.” OpenPGP : Principle, utilization and limitations for secure electronic mail systems
Email Client Integration: Plug- Ins disadvantages: advantages: Provides “sign” and “encrypt” buttons directly within the client; Is written to look like it’s part of the mail client program. • Each mail client plug-in is unique; • Each behaves slightly differently ; • Has a different interface. OpenPGP : Principle, utilization and limitations for secure electronic mail systems
OpenPGP: Saving Email - Encrypted or Not? • When you send someone encrypted email, the reader must use the recipient’s private key to read it. However, because you don’t have the recipient’s private key, you can’t read the mail that you sent, even though you created it! OpenPGP : Principle, utilization and limitations for secure electronic mail systems
Saving Unencrypted Email • Email are not protected on your hard drive. • Save all your Email on an encrypted disk partition. • Another popular option is to also “Encrypt to self”. OpenPGP : Principle, utilization and limitations for secure electronic mail systems
Email from beyond Your Web of Trust • Expand my Web of Trust • Trace the Web of Trust to that person • Use the key but limit my trust of the sender OpenPGP : Principle, utilization and limitations for secure electronic mail systems
Tracing the Web of Trust • PGP pathfinder • trace the path through the Web of Trust between any two OpenPGP keys • use the keyid for the two keys involved • Based on WOTSAP, Python program designed to trace relashionships between keys OpenPGP : Principle, utilization and limitations for secure electronic mail systems
Unprotected Email Components • OpenPGP does not encrypt subject lines in email. • Email messages sent with PGP should have innocuous subjects (or perhaps no subject at all) • Mail client might default to storing unencrypted versions of the OpenPGP emails that you send. OpenPGP : Principle, utilization and limitations for secure electronic mail systems