The document discusses ensuring privacy in electronic communications through the use of public key cryptography. It explains how public key cryptography works using private and public keys to encrypt messages. Keyservers are used to store and distribute public keys so that parties can encrypt messages for intended recipients without needing to share secrets beforehand. Digital signatures are also discussed as a way to verify the identity of the key holder through signing with their private key.
6. Is it that bad?
What kind of private
Information can be
captured?
6
http://herraiz.org
7. Non-cyphered information
● Geolocalization
● Using your IP address
● Web browser and operating system
● Any info written in a form
● Including passwords
● Cookies
● Have a look and take care
– http://www.youtube.com/watch?v=yyLdxO6xvh8
– http://www.youtube.com/watch?v=1FgKL2ywrX0
7
http://herraiz.org
8. Is it important?
● Strong PK crypto illegal
in France up to 2004
● PK implementations in
software considered
weapons in the US
● Software export
restrictions in EU and US
http://en.wikipedia.org/wiki/Cryptography_law
http://en.wikipedia.org/wiki/Key_disclosure_law
http://en.wikipedia.org/wiki/Phil_Zimmermann
http://en.wikipedia.org/wiki/Export_of_cryptography_in_the_United_States#History 8
http://herraiz.org
9. Solution
Enforce cyphering
using public key
cryptography
9
http://herraiz.org
10. Cryptography
● Traditionally, cyphering was done using a
password and an algorithm
● Symmetric approach
● Password shared by both peers
● Public key cryptography
● Insecure channel
● Private and secure communication without any
previous physical contact
10
http://herraiz.org
17. How does it work?
● PKP Algorithms
● Prime number factorization
● From a mathematical point of view, all
messages can be decrypted
● From a computational point of view, decrypting
a message without the private key takes too
long
– Key length is a crucial property
17
http://herraiz.org
18. Public key sample
-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: GnuPG v2.0.19 (GNU/Linux)
JeP5F/eRS9G8EE1fObRRW6mRf+bGSeluFEMiOi3UB/5P0GBx8iM0QIjezR0R+2n8
bMjuJmWHTjvEeplnx9iual4J4BT/9FznFs7o4tFVVfYBacFrhWjQyAf2xoP3gyn3
5OlV55VHVB+oidXUVNSNHZbXwrd1sH42x7x8o17PDFJrWjiq4kAb2EfSOIuSS6na
K9Y06bqh3yRbVtRdZOuCLcY8QJwt/mx//uQqG6NuSvYhx1QyC6g==XuDESOIuSSa
mQINBEtUTeQBEACejdGQhscmsDXM7xG2/ZYFpMQg/GmPlJ85uJJUkLr2T+5Rw8Xv
VfZjNZkMwsq94BGFrBxu477tKhQ5wiUBBz/jJ01a39Wrazgp21fvEon2T0Vay45t
2BYbU4AF815UL6o74YlW5SLdAofwylZS8pX4CKjGAB0T+fDiwkAepQl45nzX0ulv
-----END PGP PUBLIC KEY BLOCK-----
18
http://herraiz.org
20. Keyservers
● Internet hosts that contain public keys
● Federated services
● All servers contain all the public keys in the world
● Public keyserver in Spain thanks to RedIRIS
● URL: pgp.rediris.es
20
http://herraiz.org
21. Message signing
Hi there!
Pub Pri Pub Pri
Keyserver
Pub Pub
21
http://herraiz.org
22. Message signing
Created with the
private key
Hi there!
Pub Pri Pub Pri
Keyserver
Pub Pub
22
http://herraiz.org
23. Message signing
Hi there!
Pub Pri Pub Pri
Keyserver
Pub Pub
23
http://herraiz.org
24. Signing and encrypting
Hi there!
Pub Pri Pub Pri
Keyserver
Pub Pub
24
http://herraiz.org
25. Signing and encrypting
Pub
FAD43A
Pub Pri Pub Pri
Keyserver
Pub Pub
25
http://herraiz.org
26. Signing and encrypting
Pub
FAD43A
Pub Pri Pub Pri
Keyserver
Pub Pub
26
http://herraiz.org
27. Signing and encrypting
Hi there!
Pub Pri Pub Pri
Keyserver
Pub Pub
27
http://herraiz.org
28. Signing and encrypting
Hi there!
Pub Pri Pub Pri
Keyserver
Pub Pub
28
http://herraiz.org
29. Identity certification
How do you know that
public keys belong to their
legitimate owners?
Public key Can we ensure that the
Barack Obama key does belong to
Barack Obama?
29
http://herraiz.org
31. Public key signing
● Public keys are plain text documents that can
be cryptographically signed
● Mutual public signing adds identity certification
to PKP schemes
31
http://herraiz.org
32. Public key signing
Barack Obama
Pub Pri Pub Pri
Keyserver
Pub Pub
32
http://herraiz.org
33. Public key signing
Barack Obama
Key FE0A7AF2
Name Barack Obama
Fingerprint
D0DA E915 BFDD E5CD 8BA0
B159 7E97 2ACB FE0A 7AF2
Pub Pri Pub Pri
Keyserver
Pub Pub
33
http://herraiz.org
34. Public key signing
Barack Obama
Key FE0A7AF2
Name Barack Obama
Fingerprint
D0DA E915 BFDD E5CD 8BA0
B159 7E97 2ACB FE0A 7AF2
Pub Pri Pub Pri
Keyserver
Pub Pub
34
http://herraiz.org
35. Public key signing
Show me
your passport
Barack Obama
Key FE0A7AF2
Name Barack Obama
Fingerprint
D0DA E915 BFDD E5CD 8BA0
B159 7E97 2ACB FE0A 7AF2
Pub Pri Pub Pri
Keyserver
Pub Pub
35
http://herraiz.org
36. Public key signing
Show me
your passport
Barack Obama
Key FE0A7AF2
Name Barack Obama
Fingerprint
Passport D0DA E915 BFDD E5CD 8BA0
Barack B159 7E97 2ACB FE0A 7AF2
Obama
Pub Pri Pub Pri
Keyserver
Pub Pub
36
http://herraiz.org
43. Take away
PK Cryptog.
Each user creates
Secure comms.
a public-private
through
key pair
insec. channels
Trust chain
Keyservers
Identity cert.
contain every
through
key in the world
public key signing
43
http://herraiz.org