ASSIGNMENT No.

Cryptography
Cryptography is an often misunderstood and misused security tool. Today more than ever, privacy is a necessary part of business communications. The following is an overview of public key cryptography and one of its more widely-used implementations, Pretty Good Privacy (PGP).

PGP
PGP, or Pretty Good Privacy is a freely available encryption program written by Phil Zimmermann which provides individuals with the kind of strong cryptography that has, in the past been available only to the military, intelligence agencies, and large corporations. You can use PGP to encrypt your les and electronic mail. You can also use PGP to sign documents with a tamperproof digital signature, proving that you wrote these documents and they werent modied during transmission. We describe how PGP can be used on Linux machines, in the following paragraphs.

Why Use It?

i)Privacy - Store and transmit your data so that only select people may view their contents. ii)Integrity - Ensure your files, data, and applications have not been modified without your consent. iii)Authentication - A way to verify that people actually are who they claim to be.

How does PGP work?

When someone starts using PGP, they generate a Key Pair. These are really just text files that look like gibberish to a human. The keys can be created at various levels of strength 512, 1024, or 2048 bit strengths are used. The higher the number, the stronger the encryption value of the key. One key of the pair is the Private key this key should always be kept safe and never given to anyone. The other key is the public key this key should be given to as many people as possible.

Basic Usage & Key Management

i) To encrypt file with recipent's pubkey: pgp -e textfile her_userid [other userids] ii) To sign a file with your secret key: pgp -s textfile [-u your userid] iii) To sign a file with your secret key, and encrypt it with recipent's pubkey: pgp -es textfile her_userid [-u your_userid] iv) To decrypt or check a signature for a ciphertext (.pgp) file: pgp ciphertextfile v) To produce encryption/signature output in ASCII for email, add the -a option to above options. vi) To generate your own unique public/secret key pair: pgp -kg vii) To add a key file's contents to your public or secret key ring:pgp -ka keyfile [keyring] viii) To remove a key or a user ID from your public or secret key ring: pgp -kr userid [keyring] ix) To edit your user ID or pass phrase: pgp -ke your_userid [keyring] x) To check signatures on your public key ring: pgp -kc [userid] xi) To sign someone else's public key on your public key ring: pgp -ks her_userid xii) To view the contents of your public key ring: pgp -kv

Encrypting les
The simplest thing you can use PGP for, is to keep your les out of reach of everyone except you. pgp -c encrypts a le, pgp -cw will delete the original le upon encryption, leaving just the encrypted le in the directory. This is different from using a command like rm because deleted les can be recovered. pgp will ask for passphrase when you invoke it with the -c option. It is this pass phrase that is used to generate the key for the encryption.

Decrypting an Encrypted le
Files encrypted using -c option can be decrypted, provided the user knows the pass phrase that was given while encrypting the le. Simply, typing pgp followed by the encrypted le name,

Creating PGP keys

Having seen how we can encrypt les and prevent unauthorized access to them, we consider the more interesting usage of PGP, i.e. secure transfer of les and emails. Before we do that, we need to generate keys that PGP will

use. In particular, we need to create a key pair for us. In order to create your key pair, type on the command prompt $ pgp -kg This will ask for the following information. 1. Key size(1024 recommended). 2. User Id(Can be anything, ex: bnjagdale@mail.spce.ac.in>) Giving your full name and email id is recommended since it will appear along with your public key and it makes easier for others to identify you as the owner of your public key. 3. Pass phrase - This is used for encrypting your secret key. The user needs to enter this pass phrase each time he/she is trying to encrypt or decrypt messages. 4. Enter some random data. This is used to generate the random number required while generating your key pairs. If you have entered everything properly, it gives the Key generation completed message. On successful completion of the key generation process your public key will be store in the le $HOME/ .pgp/ pubring.pkr and your secret key(private key) will be stored in the le $HOME/ .pgp/ secring.skr . You cannot directly open the le and see your keys. Viewing the key will be discussed in the next subsection.

Viewing Keys in a Key Ring

The - kv option lets you view the keys in a key ring. For example, the command $ pgp -kv $HOME/.pgp/pubring.pkr will display all the public keys contained in key ring pubring.pkr. The -kvc option (key view and check) option gives additional information about the keys.

Extracting keys from a key ring

The -kx(key extract) option extracts a key from a key ring so that you can give it to someone the -kxa (extract and ASCII armor) option extracts the key and stores it in printable ASCII(the -kx contains nonprintable characters) representation. For example $ pgp -kx xyz filename will create a separate key ring named filename.pgp which contains only one key, ie the key of the person xyz. $ pgp kxa xyz filename This will generate the printable ASCII representation of the key of xyz and put it in the le filename. You can see the contents of the key using a command like cat. This can serve as a readable form of your key which you can distribute.

Distributing Keys
After you create your keys, you need to make them available to others so that they can send you encrypted information and verify your digital signature. You have three alternatives for distributing your public key: Make your public key available through a public key server Include your public key in an email message with every message that you are sending Export your public key or copy it to a text le and distribute the le, or put it on your web page.

Adding keys to a key ring

The -ka(key add) option adds new keys to a key ring. Get the public key of the person you want to add to your public key ring (Getting others public key will be discussed later). Put it in some le. The command $ pgp -ka filename adds the key to your key ring. Try the -kv option to verify if its actually there. You can also specify the key ring to which you wish to add the key. For example the command $ pgp -ka abc.asc will add the public key stored in the le abc.asc into your key ring.

Removing keys from a key ring

The -kr (key remove) option removes keys from a key ring. For example$ pgp -kr aldrin arun.kr would remove public key of user aldrin from the keyring. Typing $ pgp -kr would ask for the user to enter the name of the key to be removed. You can enter a user ID or the fragment of a user ID to select a key. PGP makes an intelligent selection from the keys present and asks the user before deleting the key. You can also use the hexadecimal key ID to select a key.

Editing keys
The -ke (key edit) option edits a key ring. You can edit keys and change user the ID of your public keys, add alternative user IDs, or delete user IDs.

Encrypting Email
Sending encrypted email with PGP is a four step process, consisting of the following steps:

1. Create the message that you want to send which can be done using some word processor. 2. Get the public key of the person to whom you are sending the message. One can get public key of a person either from the person himself or from any key server. 3. Ecrypt the message using the persons public key. It is done using the ea option. For example, $ pgp -ea messagefile aldrin encrypts the message in messagefile using user aldrins key. The a is used to generate ASCII armored output. 4. Sending the encrypted message via your traditional electronic mail program.

Decrypting Email
To decrypt a message sent to you encrypted using your public key, Save the encryted message to some le, and decrypt it using $ pgp messagefile

Digital Signature using PGP

Digital signature can perform two different functions, both very important to the security of your communication: Integrity: A digital signature tells you whether a le or a message has been modied. Authentication: A digital signature makes it possible for you to mathematically verify the name of the person who signed the message. The -s option is used to digitally sign the given le. For example, $ pgp -sa messagefile digitally signs with your keys. Running pgp with a signed messagele as the argument, returns the user id of the key in your key ring that matches the key used for the signature.