1 Introduction to PGP – SANS GIAC LevelOne - © 2000, 2001 1 PGP - Step by Step Hello, my name is Stephen Northcutt, and in our next hour together we will be discussing the application of cryptography, as opposed to the theory of cryptography. I can’t stress the objective of this course strongly enough. I hope you will consider getting Pretty Good Privacy (PGP) and trading keys with people that we may need to communicate with in a secure manner. PGP is easy, widespread, and free to low cost. There is no excuse for not having this tool in your toolbox. Let me illustrate with a story. SANS’ web server is on a BSDI box. For now, GCC is really a challenge on BSDI. That is OK, since it is the fastest OS in the galaxy and you don’t *really* want too many applications compiled on a production web server. But Gnu PGP likes to compile with GCC. We always wanted PGP, but what to do? 2 Introduction to PGP – SANS GIAC LevelOne - © 2000, 2001 2 What You Will Get From This Course – Secure your email – Digitally sign your email – Secure a file at rest on the disk – Obtain and use a certificate So, SANS gets a call at the end of March from the FBI’s National Infrastructure Protection Center (NIPC) asking for help to get the word out to intervene on the 911 (or Chode) virus since at that moment, none of the anti-virus companies had code to stop it. We had to send the advisory out on April 1st. For my international friends, April 1st is called April Fool’s Day and is a traditional day for jokes. Worse, to get the report to as many people as possible, we said “send this to as many people as possible” - a hallmark of virus hoax letters. If we had PGP, we could have easily signed the message. We have a backup trick for now! As it was, I spent the next three days answering, “why didn’t you sign your advisory messages?”. In a sense, we can consider PGP a form of Public Key Infrastructure (PKI). Once this structure is in place, it is fairly easy to maintain and manage from an administrator’s point of view. Depending on how much security you wish to impart to your users, you could even automate the tasks. Automation will be covered in this course, as well as applicable security models for using automation. If you choose, you can build an E-Commerce site or a secured Extranet with the infrastructure you are learning to build in this course. Of course, you will have to scale the systems up quite a bit in order to accommodate the large number of users you hopefully will attract to your site. 3 Introduction to PGP – SANS GIAC LevelOne - © 2000, 2001 3 You Will Learn in This Segment: • How to install PGP on an email system • How to use PGP to encrypt data • How to sign data and what that means • Key management • Key servers for PGP (public key), and how to use them • Pros and cons to the PGP style of key management This segment will step you through how to install PGP onto your email client. The purpose of starting with this step is to familiarize you with the basic structure of PKI, and help you understand how PKI works with other systems. PGP is a good starting place as it is very simple to install on your system, and will give you a very good look into PKI and how it works. There are many steps that you can perform manually (like exporting and importing information) which will give you a great feel for what larger PKI systems are doing. Please note that PGP is freeware, and that you would not want to use it for your business. You can use it for personal use, but should not try and use it to generate money for your company without purchasing licenses for PGP from Network Associates, Inc. (NAI). If you choose to use PGP for your business, the purchased copy works very much the same way, but has many added features. I found it rather challenging to buy PGP, though. I went to the NAI web site and clicked Buy and Shopping Cart and it said “A salesperson will call” instead of letting me give them a credit card number and download the software. Now, once a week, NAI calls and tries to sell me anti-virus software - go figure. Not to worry, NAI may not be in business much longer the way they are going, but PGP always finds a way to survive. To be legal, I just went to Best Buy and bought a few boxes of McAfee Office 2000 and then downloaded the latest freeware version to use. The commercial version of PGP can be obtained from Network Associates at the following sites: Retail/personal version: McAfee.com Store at http://store.mcafee.com Business/corporate version: PGP web site at http://www.pgp.com Links to download the freeware version of PGP appear on slide 6 4 Introduction to PGP – SANS GIAC LevelOne - © 2000, 2001 4 Purpose of PKI •Two main uses – Secure data (hide data) •Email •VPN – Authentication • E-commerce • Web authentication PGP encrypts email and can be used to encrypt files on your hard drive. The version of PGP you are going to be downloading also has a Virtual Private Network (VPN) client (PGPNet) included. Strictly speaking, calling PGP a PKI component could lead to criticism from purists, and we will see why as we examine certificates. However, the commercial version of PGP supports both X.509 PKI and VPN IPSec functionalities. Since one of the big hurdles is to get people comfortable with and using encryption, I think this is fully reasonable. Technically, VPN is both authentication and securing data. You have to authenticate with your VPN server (as the client), and once you have established your identity with the server, your VPN system then encrypts the data, hiding it from view. The main purpose of VPN, however, is to enable you to use a public network for private network traffic. The enhanced PGPNet is a VPN! Freeware PGP gives you authentication and data security for email - you can use a public mail network to send private mail. 5 Introduction to PGP – SANS GIAC LevelOne - © 2000, 2001 5 Secure Email - a Simple Example • PGP – A pioneer, still going strong. – PGP started out in 1991 as a way to bring privacy to a very new, very public communication medium: email. – PGP at version 2.6.2 became a de-facto standard for email encryption. – PGP became part of Network Associates, and moved to version 6.0.X. – PGP is now at version 6.5.8 with new features. Phillip Zimmermann was the person that brought PGP to the world. He wanted to make PGP a free software tool to keep email private, releasing the software in 1991. The United States government viewed this as a violation of the export restrictions for cryptographic software, and made his life pretty tough until the case was dropped in 1996. Though there is now a commercial version of PGP, Phil Zimmermann continues to make it possible to acquire free versions. Because it was free and very hard (at the time) to break, it became very effective in hiding data from anyone. There have been many versions of PGP and many restrictions placed on it, as a result. The Massachusetts Institute of Technology (MIT) distributes the new PGP and PGPNet version 6.5.8. Network Associates owns the commercial version of PGP, and in concert with MIT, distributes the free version as well. 6 Introduction to PGP – SANS GIAC LevelOne - © 2000, 2001 6 How to Install and Use PGP • What you will need – An email system to exchange email –To get PGP and get more information on PGP 6.5.x: • http://web.mit.edu/network/pgp.html – To get the latest International version of PGP 6.5.xi • http://www.pgpi.org/ PGP 6.5.x will work with Outlook 97, 98 or 2000 and Outlook Express 4.x/5.x. Also, PGP 6.5.x will support Qualcomm Eudora; Lotus Notes; Novell GroupWise; and the Claris emailer for Macintosh if you are not using any of the Microsoft products. On the UNIX side, support is available for exmh and Mailcrypt, among others. You can run Windows 2000 to use PGP 6.5.x or PGP 6.5.xi. Windows 2000 is a VPN beast, by the way, and may well become a major player in the secured communications realm. You can now run the PGP 6.5.x products on Windows 95 and Windows 95a. This used to be a big limitation. The newest version of PGP also supports the Intel III processor math enhancements as well. I will be covering the United States version of PGP in this presentation, but you can download the International version of PGP and still follow along if you are unable to obtain the domestic US and Canada version. Keep in mind the key sizes will be different on the International version. 7 Introduction to PGP – SANS GIAC LevelOne - © 2000, 2001 7 Installing PGP on Your System • System requirements for PGP 6.5.x. – You will need. • A machine running Windows 95, 98 or ME, or a Windows NT system with at least Service Pack 3 or higher. • You will of course need TCP/IP and TCP/IP connectivity for your email to work! • This free version of PGP does not support certificates with PGPNet. The free version of PGP does not support certificates. The certificate limitation is really unfortunate, since it means that mailers using PGP can’t inter-operate with those using Secure MIME (S/MIME) to protect electronic mail. The most popular certificate formats are PGP and X.509. Although they contain essentially the same information, that information is formatted differently. This is a strong motivator to convince users to move to the commercial version of PGP. The certificate is how a user of public key cryptography publishes their public key. A certificate identifier is used to “point” to the individual that holds the corresponding secret key. With PGP the identifier is a name and email pair. For instance: John Green <jegreen@crosslink.net>. With X.509 the identifier is called the distinguished name. You may have received email in a similar format: O=SANS Institute,OU=GIAC,CN=John Green In this example, O stands for Organization, OU for Organizational Unit and CN for common name. 8 Introduction to PGP – SANS GIAC LevelOne - © 2000, 2001 8 Establish a Key (Generate a Public / Private Key Pair) • In PGP, you will get a screen like this wizard to generate a key pair: The first part of the wizard establishes the information (or label) that will be associated with your key. You will want to give your correct name, if you are not making a test key, so that your key will be easy to identify. You will also want to use your correct email address as it will be bound to your key. When you change email addresses, you will have to get a new key, as the trust level of your key will look suspicious coming from a different email address then the one that is bound to your key. You can always get a permanent email address, which entails obtaining a domain, then either an email forwarding service, or your own equipment. This way you would never have to change your key again. Remember though, you had better not forget your password or passphrase or lose that key - anything that you have encrypted (files or email) and have not decrypted will be forever lost if you either lose the key, or forget the password. 9 Introduction to PGP – SANS GIAC LevelOne - © 2000, 2001 9 Generating Your Key • You will be prompted to choose a key type and size: You have two choices of key types, Diffie-Hellman/DSS or RSA. Diffe-Hellman/DSS is an older public key cryptography method with the “DSS” added later. The DSS stands for Digital Signature Standard, and was added to Diffie-Hellman to prevent man-in-the-middle attacks. Briefly, what this means, is that someone can intercept your public key and generate their own public key and impersonate you. A message is passed, you intercept it, decrypt it, read and alter (if necessary) the message, and re-encrypt it with your imposter key. The person that the message was originally intended for, gets the message with the assumption that the person they sent it to, was the originator of the message they just got. The Digital Signature was added to include Station to Station (STS) information into the Diffie-Hellman standard, preventing man-in-the-middle attacks. RSA is already a Digital Signature-based public key system. There are no advantages between using one over the other; they are essentially equal in power. Now, we have a very important issue about key length or key size. The key length that you choose is really based on how long you want to keep your information secret and how long the data needs to be hidden. 10 Introduction to PGP – SANS GIAC LevelOne - © 2000, 2001 10 Generating Your Key • Next, how long the key is good for and a pass phrase to protect the key. • Notice you will have an indicator telling you how strong your pass phrase is: 512-bit key lengths are considered only marginally safe, and you do not have the option to choose that key length in modern PGP. Your lowest strength is 1024. Recently, it was thought that a 1024-bit key could be safe for a decade in either a Diffie-Hellman/DSS or RSA scheme. But, with Internet Worms and clustering of high performance computers to crack these codes, 10 years of safety is not realistic. The current default is 2048-bit and this is what I use. To break an RSA system, integer factorization is used, while discrete logarithms using prime numbers in the factor is the attack used on the Diffie-Hellman/DSS system. Elliptic curve cryptography is slowly being brought in as the key sizes for Diffie-Hellman/DSS and RSA keep getting bigger and bigger. Elliptic curve cryptography can use a smaller key and protect as well as a larger key in the previous systems. Until Elliptic curve cryptography can be trusted to be safe (unlikely since a 109-bit key has been cracked), the RSA and Diffie-Hellman/DSS systems will remain popular. Next, you need to set an expiration date and passphrase for your key. For the purposes of this test, DO NOT set an expiration date on your key. The passphrase needs to be just that: a phrase. Use a sentence that you can remember. Use spaces and punctuation as appropriate. Use some non-alphanumeric data in addition to proper punctuation. This is what protects your key over time! [...]... and a very hard-to-guess passphrase are critical disciplines for using PGP! 11 Generating Your Key • You have now generated your public / private key pair, and you are now ready to open your mail client to start encrypting your email • Here is an example of your key, and the other ‘keys’ in your key ring: Introduction to PGP – SANS GIAC LevelOne - © 2000, 2001 12 You will notice many pgp. com and nai.com... 12 Encryption of Email Content • Now that you have PGP installed, what do you do with it? – Start by encrypting an email message • First, open your email client In this example I will use Outlook 98 Introduction to PGP – SANS GIAC LevelOne - © 2000, 2001 13 PGP was first developed to encrypt email content to keep it private This would be a great first step to send a friend (or yourself) an encrypted... in your tool bar, and selections under PGP Introduction to PGP – SANS GIAC LevelOne - © 2000, 2001 14 You can now see on your Outlook client the new item in your menu bar called PGP, and three new icons on your icon tool bar These icons are used by clicking on the icon Once you click on the icon, it stays depressed (appears depressed) When you send the message by clicking on the send button, your email... icon: Introduction to PGP – SANS GIAC LevelOne - © 2000, 2001 17 Notice the large block of encryption and version numbers This will help you see what version of PGP was used to send you the message A recipient with an older version of PGP may have difficulty decrypting a message from a sender who used a newer version of PGP to encrypt it You want to keep the newest version of PGP on your system for... of encryption 30 Directly Send Key • Then you attach the file to the email and send it off: Introduction to PGP – SANS GIAC LevelOne - © 2000, 2001 31 This method has its faults Suppose someone intercepts your key en route - they can then pose as you in the middle of the conversation A man-in-the-middle attack looks like this: Bob wants to send a message to Alice Evil Mallory wants Bob to think that... your private key against the message: Introduction to PGP – SANS GIAC LevelOne - © 2000, 2001 19 What you are doing is receiving a message sent to you, encrypted by your public key, and now you are using your private key against your public key to authenticate that this message indeed was encrypted by your public key Notice that it describes your key by name, email address, and type and length of the... LDAP server Introduction to PGP – SANS GIAC LevelOne - © 2000, 2001 29 Now, the good news is that the PGP infrastructure can support other trust models Since the commercial version can be signed by Certificate Authorities (CAs), you could potentially get your key signed in this way as well if you trust Verisign or Entrust more than your friends’ friends Even better, with PGP you can choose which CAs... public key you have Wake up - if you were zoning out and thinking this is too easy, here are some points to remember about trust PGP uses a cumulative trust model We will refer to this later in the presentation as a “web of trust” For PGP, a certificate is valid if it is signed by a trusted individual whose certificate is valid, or (and this is a huge point) it is signed by a group of people that are... PGP – SANS GIAC LevelOne - © 2000, 2001 20 As you can see, there was much more “data” than real data The block of encryption contains more size than the actual message This translates to computational power - your system has to pass more traffic, and spin more CPU cycles in order to process encryption The seeming “garbage” you see in the message is what is (or was) called in the older versions of PGP. .. encrypting the content, there are issues with trust How can you trust a digital signature unless you exchanged the keys face to face? Introduction to PGP – SANS GIAC LevelOne - © 2000, 2001 27 You may see email from security organizations and vendors with PGP- signed headers and footers This is a very strong method of ensuring that the data has not been changed and that the data indeed came from the person . 1 Introduction to PGP – SANS GIAC LevelOne - © 2000, 2001 1 PGP - Step by Step Hello, my name is Stephen Northcutt, and in our next hour. version: PGP web site at http://www .pgp. com Links to download the freeware version of PGP appear on slide 6 4 Introduction to PGP – SANS GIAC LevelOne - ©