430 likes | 662 Views
The OpenPGP Standard. Jonathan Callas Senior Security Consultant Kroll-O’Gara ISG. Outline. PGP History The OpenPGP Standard OpenPGP’s relationship to other Relevant Standards The Future Note: “PGP” and “Pretty Good Privacy” are trademarks of Network Associates, Inc. PGP History.
E N D
The OpenPGP Standard Jonathan Callas Senior Security Consultant Kroll-O’Gara ISG
Outline PGP History The OpenPGP Standard OpenPGP’s relationship to other Relevant Standards The Future Note: “PGP” and “Pretty Good Privacy” are trademarks of Network Associates, Inc.
PGP History Early History PGP 1.0 created in 1991 PGP 2.0 introduced original cipher suite (RSA, IDEA, MD5) PGP 2.6 created in 1994
PGP History Later History PGP 3 started in 1994-5 PGP Inc. Formed by PRZ after customs investigation dropped, 1996 PGP 3 released as PGP 5.0 in May 1997
PGP History PGP 5.0 New Algorithms DSS signatures Elgamal public-key encryption SHA-1 hashes CAST5 (CAST-128), TripleDES symmetric encryption
PGP History PGP 5.0 New signature formats New certificate structure Dual-key structure Architecture for N-key structure
PGP History OpenPGP Started in the IETF in September 1997 Starts with PGP 5 as a base Encourages but does not require compatibility with PGP 2.6 Unencumbered architecture
PGP History OpenPGP Promoted to Proposed Standard in October 1998 RFC 2440 Implementations include Network Associates PGP Tom Zerucha reference implementation GNU Privacy Guard
OpenPGP Message Format Encrypted Session Key (one per “recipient”) Compressed Data Literal Data Encrypted Data Signature (Optional)
OpenPGP Message Format (2) Encrypted Session Key (one per “recipient”) Compressed Data Literal Data Encrypted Data Signature (Optional)
OpenPGP Message Format (3) Encrypted Session Key (one per “recipient”) Compressed Data Literal Data Encrypted Data Signature (Optional)
OpenPGP Certificates key Certification User ID User ID Signature Signature Signature Certificate
OpenPGP Dual Key Cert Signing Key (Typically DSS) Encryption Key (Typically Elgamal) Binding signature
OpenPGP Dual Key Cert (2) Signing Key (Typically DSS) Encryption Key (Typically Elgamal) Binding signature
OpenPGP Dual Key Cert (3) Signing Key (Typically DSS) Encryption Key (Typically Elgamal) Encryption Key (Typically Elgamal) Binding signature Binding signature
OpenPGP Dual Key Cert (4) Signing Key (Typically DSS) Encryption Key (EC, lives on Smart card) Encryption Key (Elgamal) Signing Key (RSA) Binding signature Binding signature Binding signature
OpenPGP Trust Model OpenPGP doesn’t have a trust model OpenPGP can use any trust model OpenPGP can support Direct Trust Hierarchical Trust Cumulative Trust
Trust Models Direct Trust I trust your cert because you gave it to me Very secure trust model (do you trust yourself) Scales least well Used in OpenPGP, S/MIME, IPsec, TLS/SSL, etc.
Trust Models Hierarchical Trust I trust your cert because its issuer has a cert issued by someone … whom I trust Least secure trust model Damage spreads through tree Recovery is difficult
Hierarchical Trust (continued) Best scaling, mimics organizations Used in OpenPGP, S/MIME, IPsec, TLS/SSL, etc. Trust Models
Trust Models Cumulative Trust (a.k.a. Web of Trust) I trust your cert because some collection of people whom I trust issued certifications Potentially more secure than direct trust Scales almost as well as HT for intra-organization
Trust Models Cumulative Trust Handles inter-organization problems Company A issues only to full-time employees Company B issues to contractors and temps A and B’s management issue edict for cross certification Addresses “two id” problem How do you know John Smith(1) is John Smith(2)?
Other Relevant Standards So What? Why Bother? Myths about OpenPGP
So What? X.509 is everywhere OpenPGP is small (code and data) Zerucha imp. is 5000 lines of C (sans crypto) Suitable for embedded & end-user applications Used by banks, etc. transparently It’s Flexible and Small! It actually works
Why Bother? S/MIME will take over PGP has years of deployment 90%? Traffic is some PGP. PGP is only strong crypto S/MIME 3 is much better Outside the US, there is distrust Can you see the source? Cisco: Secure email is PGP’s to lose
Myths It’s email only It’s for any “object” It requires the web of trust Can use any trust model Businesses use PGP with hierarchies today It’s proprietary IETF Standard
Present Into The Future Ultimately, data formats are less important than you’d think On desktops, size matters less But small systems will be with us always Description of the OpenPGP philosophy PGP implemented in X.509 Certification Process
OpenPGP Philosophy Everyone is potentially a CA This is going to happen whether you like or not. Everyone has different policies Wait until you do inter-business PKI One size will not fit all Validity is in the eye of the beholder Trust comes from below
Potential PGP/X.509 merger Ideas of PGP Syntax of X.509 Disclaimer This doesn’t exist It’s all still experimental
X.509 Certificate User Information (DN & Stuff) Public Key Signature binds Key and Information
PGP in X.509 Drag Key 1 User 1 Signature 1 Key 1 User 1 Signature 2 Key 1 User 2 Signature 3
PGP Certification Process User PGP CA PGP Certificate Server Pending Area PGP Cert
PGP Certification Process User PGP CA PGP Certificate Server Pending Area PGP Cert
PGP Certification Process User PGP CA PGP Certificate Server Pending Area PGP Cert
PGP Certification Process User PGP CA PGP Certificate Server Pending Area PGP Cert
PGP Certification Process User PGP CA PGP Certificate Server Pending Area PGP Cert
X.509 Certification Process User CA CA Server PKCS10 Cert Request
X.509 Certification Process User CA CA Server PKCS10 Cert Request
X.509 Certification Process User CA CA Server PKCS10 Cert Request X.509 Certificate
X.509 Certification Process User CA CA Server X.509 Certificate
Certifying PGP with X.509 CA User CA CA Server PGP Cert PKCS10 Cert Request Key X.509 Certificate
Starting a PGP cert from X.509 Key User X.509 Certificate PGP Cert
Summary OpenPGP is an IETF standard Certificates “Objects” It’s lightweight and flexible Interesting work is being done for the future