CryptoParty
BSidesMSP 2014
Copyright 2014 BSidesMSP, LLC
https://creativecommons.org/licenses/by-nc-sa/3.0/us/
https://creativecommons.org/licenses/by-nc-sa/3.0/us/legalcode
Here Be Dragons
CryptoProtocols
CryptoProtocols
CryptoProtocols
CryptoProtocols
CryptoProtocols
Keys
Key Types
Master Keys
Session Keys
Passwords/Passphrases
Key Storage
Typed on a keyboard
Stored on disk
Stored in memory
Transmitted OOB
FOBs
Key Management
Random Number Generators
Truly Random
Pseudo Random
“...[generates] a sequence of numbers whose properties approximate the properties of sequences of random numbers.”
What you want
Implementations
random(3)
random(4) - /dev/random
random(4) - /dev/urandom
Yarrow
Dual_EC-DRBG
Hardware Sources
Passwords/Passphrases
Passwords/Passphrases
Passwords/Passphrases
Passwords/Passphrases
What you want
Implementations
crypt(3)
scrypt
PBKDF2
Shamir’s Secret Sharing
Split a secret into N parts
M parts are needed to recover the secret
ssss
% ssss-split-passwd 4 2 'foobar'
Password to split (2 of 4): foobar
Split passwords:
1. splitPasswd = 3102f8123e3dac19
2. splitPasswd = 61fe89c40d18f6c0
3. splitPasswd = 92fa1b76dbe44176
4. splitPasswd = c3f6ad19aabf8c1d
ssss
% ssss-join-passwd 61fe89c40d18f6c0 c3f6ad19aabf8c1d
Joined password : foobar
Pretty Good Privacy
PGP/GPG
Basics
Identities
Primary Keys
Sub Keys
PGP/GPG Key
% gpg -k 00D026C4
pub 2048D/00D026C4 2010-08-19 [expires: 2015-08-18]
uid [ unknown] GPGTools Team <team@gpgtools.org>
uid [ unknown] GPGMail Project Team (Official OpenPGP Key) <gpgmail-devel@lists.gpgmail.org>
uid [ unknown] GPGTools Project Team (Official OpenPGP Key) <gpgtools-org@lists.gpgtools.org>
uid [ unknown] [jpeg image of size 5871]
sub 2048g/DBCBE671 2010-08-19 [expires: 2015-08-18]
sub 4096R/0D9E43F5 2014-04-08 [expires: 2024-01-02]
PGP/GPG Key
% gpg -k dokas@cs.umn.edu
pub 1024D/ECAB4C20 2000-05-03
uid [ultimate] Paul B. Dokas <dokas@mail.oitsec.umn.edu>
uid [ultimate] Paul B. Dokas <dokas@cs.umn.edu>
uid [ultimate] Paul B. Dokas <dokas@umn.edu>
uid [ultimate] Paul B. Dokas <dokas@oitsec.umn.edu>
sub 3072g/2A0DBC8B 2000-05-03
pub 1024R/E00F9AF9 1996-07-29 [revoked: 2000-05-03]
uid [ revoked] Paul B. Dokas <dokas@cs.umn.edu>
PGP/GPG Key
% gpg -k paul@dokas.name
pub 4096R/7A2B4EFB 2011-03-22
uid [ultimate] Paul Dokas <dokas@dokas.name>
uid [ultimate] Paul Dokas <paul@dokas.name>
sub 4096R/EE20B803 2011-03-22
sub 2048R/F1B85DA1 2014-07-26
Signatures
PGP/GPG Signatures
% gpg --list-sig paul@dokas.name
pub 4096R/7A2B4EFB 2011-03-22
uid [ultimate] Paul Dokas <dokas@dokas.name>
sig 3 7A2B4EFB 2011-03-22 Paul Dokas <dokas@dokas.name>
sig ECAB4C20 2011-03-22 Paul B. Dokas <dokas@mail.oitsec.umn.edu>
sig C5854FEF 2011-03-30 Christopher R. Hertel (www.ubiqx.org - 2004 key) <crh@ubiqx.mn.org>
uid [ultimate] Paul Dokas <paul@dokas.name>
sig 3 7A2B4EFB 2011-03-22 Paul Dokas <dokas@dokas.name>
sig ECAB4C20 2011-03-22 Paul B. Dokas <dokas@mail.oitsec.umn.edu>
sig C5854FEF 2011-03-30 Christopher R. Hertel (www.ubiqx.org - 2004 key) <crh@ubiqx.mn.org>
sub 4096R/EE20B803 2011-03-22
sig 7A2B4EFB 2011-03-22 Paul Dokas <dokas@dokas.name>
sub 2048R/F1B85DA1 2014-07-26
sig 7A2B4EFB 2014-07-26 Paul Dokas <dokas@dokas.name>
Quick Start
http://cryptnet.net/fdp/crypto/keysigning_party/en/keysigning_party.html
Chapter 4. Preparing For the Party
Generating a Key
% gpg --gen-key
Please select what kind of key you want:
(1) RSA and RSA (default)
(2) DSA and Elgamal
(3) DSA (sign only)
(4) RSA (sign only)
Your selection? 1
RSA keys may be between 1024 and 8192 bits long.
What keysize do you want? (2048)
Requested keysize is 2048 bits
Generating a Key
Please specify how long the key should be valid.
0 = key does not expire
<n> = key expires in n days
<n>w = key expires in n weeks
<n>m = key expires in n months
<n>y = key expires in n years
Key is valid for? (0) 2m
Key expires at Sun Sep 21 20:34:51 2014 CDT
Is this correct? (y/N) y
Generating a Key
GnuPG needs to construct a user ID to identify your key.
Real name: Paul B. Dokas
Email address: testing@dokas.name
Comment: THIS IS ONLY FOR TESTING!
You selected this USER-ID:
"Paul B. Dokas (THIS IS ONLY FOR TESTING!) <testing@dokas.name>"
Change (N)ame, (C)omment, (E)mail or (O)kay/(Q)uit? o
You need a Passphrase to protect your secret key.
Generating a Key
We need to generate a lot of random bytes. It is a good idea to perform
some other action (type on the keyboard, move the mouse, utilize the
disks) during the prime generation; this gives the random number
generator a better chance to gain enough entropy.
We need to generate a lot of random bytes. It is a good idea to perform
some other action (type on the keyboard, move the mouse, utilize the
disks) during the prime generation; this gives the random number
generator a better chance to gain enough entropy.
gpg: key 400DB485 marked as ultimately trusted
public and secret key created and signed.
Generating a Key
gpg: checking the trustdb
gpg: 3 marginal(s) needed, 1 complete(s) needed, PGP trust model
gpg: depth: 0 valid: 2 signed: 0 trust: 0-, 0q, 0n, 0m, 0f, 2u
gpg: next trustdb check due at 2014-09-22
pub 2048R/400DB485 2014-07-24 [expires: 2014-09-22]
Key fingerprint = 6943 3DDA F70C E847 DF8D 49C2 4C21 9D82 400D B485
uid Paul B. Dokas (THIS IS ONLY FOR TESTING!) <testing@dokas.name>
sub 2048R/DD417008 2014-07-24 [expires: 2014-09-22]
PGP/GPG Keys
DO NOT LOSE YOUR PRIVATE KEY!
DO NOT GIVE ANYONE ACCESS TO YOUR PRIVATE KEY!
DO NOT LOSE YOUR REVOCATION CERT!
PGP/GPG Generation and Storage
Generating a Revocation Cert
% gpg --output revoke.asc --gen-revoke 400DB485
sec 2048R/400DB485 2014-07-24 Paul B. Dokas (THIS IS ONLY FOR TESTING!) <testing@dokas.name>
Create a revocation certificate for this key? (y/N) y
Please select the reason for the revocation:
0 = No reason specified
1 = Key has been compromised
2 = Key is superseded
3 = Key is no longer used
Q = Cancel
(Probably you want to select 1 here)
Your decision? 0
Enter an optional description; end it with an empty line:
>
Generating a Revocation Cert
Reason for revocation: No reason specified
(No description given)
Is this okay? (y/N) y
You need a passphrase to unlock the secret key for
user: "Paul B. Dokas (THIS IS ONLY FOR TESTING!) <testing@dokas.name>"
2048-bit RSA key, ID 400DB485, created 2014-07-24
ASCII armored output forced.
Revocation certificate created.
Generating a Revocation Cert
Please move it to a medium which you can hide away; if Mallory gets
access to this certificate he can use it to make your key unusable.
It is smart to print this certificate and store it away, just in case
your media become unreadable. But have some caution: The print system of
your machine might store the data and make it available to others!
Generating a Revocation Cert
-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: GnuPG/MacGPG2 v2.0.22 (Darwin)
Comment: GPGTools - https://gpgtools.org
Comment: A revocation certificate should follow
iQEfBCABCgAJBQJT0GULAh0AAAoJEEwhnYJADbSFFpMIAJ6gWGtxyI9KteDiX8T3
h8lzVc/pEBG5Jotwu56oC00bOqDtkno0Arhe+cZMTwXqhIsYk6CMYEXrLlUpsByV
cbzKtkHkcvr9kpWF4v+pF3ze17Fdez/bFGj9JPGyP8B1/MlDkZq9cpMIQA6BSeeF
DgyBdD9tyJgwZp8hsWIgi0AKcLGOZgjX4Mo8a2aSQgiyK5AgTRzZ/5483irysrY0
NFIZcggDCBa1HdNORb6hAujnVGiRrK9pPISVzDqw1McroFlfHnEsPieP94ZHwm9d
BnVPfe4wOaL+7WTfkdRUO4PgTGiBCIkHH2Su32cMVLcjigfAkTrSYZEtErSCyoiK
KMo=
=Jfwe
-----END PGP PUBLIC KEY BLOCK-----
Adding Sub Keys
% gpg --edit-key 400DB485
Secret key is available.
pub 2048R/400DB485 created: 2014-07-24 expires: 2014-09-22 usage: SC
trust: ultimate validity: ultimate
sub 2048R/DD417008 created: 2014-07-24 expires: 2014-09-22 usage: E
[ultimate] (1). Paul B. Dokas (THIS IS ONLY FOR TESTING!) <testing@dokas.name>
gpg> addkey
Key is protected.
You need a passphrase to unlock the secret key for
user: "Paul B. Dokas (THIS IS ONLY FOR TESTING!) <testing@dokas.name>"
2048-bit RSA key, ID 400DB485, created 2014-07-24
Adding Sub Keys
Please select what kind of key you want:
(3) DSA (sign only)
(4) RSA (sign only)
(5) Elgamal (encrypt only)
(6) RSA (encrypt only)
Your selection? 3
DSA keys may be between 1024 and 3072 bits long.
What keysize do you want? (2048)
Requested keysize is 2048 bits
Adding Sub Keys
Please specify how long the key should be valid.
0 = key does not expire
<n> = key expires in n days
<n>w = key expires in n weeks
<n>m = key expires in n months
<n>y = key expires in n years
Key is valid for? (0) 1w
Key expires at Wed Jul 30 20:54:41 2014 CDT
Is this correct? (y/N) y
Really create? (y/N) y
Adding Sub Keys
We need to generate a lot of random bytes. It is a good idea to perform
some other action (type on the keyboard, move the mouse, utilize the
disks) during the prime generation; this gives the random number
generator a better chance to gain enough entropy.
gpg: WARNING: some OpenPGP programs can't handle a DSA key with this digest size
pub 2048R/400DB485 created: 2014-07-24 expires: 2014-09-22 usage: SC
trust: ultimate validity: ultimate
sub 2048R/DD417008 created: 2014-07-24 expires: 2014-09-22 usage: E
sub 2048D/6DFEDE5E created: 2014-07-24 expires: 2014-07-31 usage: S
[ultimate] (1). Paul B. Dokas (THIS IS ONLY FOR TESTING!) <testing@dokas.name>
gpg> save
Sending Keys to Key Servers
% gpg --send-keys 400DB485
gpg: sending key 400DB485 to hkp server keys.gnupg.net
Retrieving Keys from Key Servers
% gpg --recv-key 7A2B4EFB
gpg: requesting key 7A2B4EFB from hkp server keys.gnupg.net
gpg: key 7A2B4EFB: "Paul Dokas <dokas@dokas.name>" not changed
gpg: Total number processed: 1
gpg: unchanged: 1
Updating Keys from Key Servers
% gpg --refresh-key
gpg: refreshing 40 keys from hkp://keys.gnupg.net
gpg: requesting key 00D026C4 from hkp server keys.gnupg.net
<snip, snip>
gpg: key 00D026C4: "GPGTools Team <team@gpgtools.org>" 353 new signatures
gpg: key 00D026C4: "GPGTools Team <team@gpgtools.org>" 1 new subkey
gpg: key 7A2B4EFB: "Paul Dokas <dokas@dokas.name>" not changed
gpgkeys: key 69433DDAF70CE847DF8D49C24C219D82400DB485 not found on keyserver
<snip, snip>
gpg: Total number processed: 39
gpg: unchanged: 38
gpg: new subkeys: 1
gpg: new signatures: 353
gpg: 3 marginal(s) needed, 1 complete(s) needed, PGP trust model
gpg: depth: 0 valid: 2 signed: 0 trust: 0-, 0q, 0n, 0m, 0f, 2u
gpg: next trustdb check due at 2014-09-22
Key Fingerprints
% gpg --fingerprint 7A2B4EFB
pub 4096R/7A2B4EFB 2011-03-22
Key fingerprint = CD7F 7901 B462 4C36 4329 20D4 6F4D 5E6A 7A2B 4EFB
uid [ultimate] Paul Dokas <dokas@dokas.name>
uid [ultimate] Paul Dokas <paul@dokas.name>
sub 4096R/EE20B803 2011-03-22
sub 2048R/F1B85DA1 2014-07-26
Signing Keys
gpg> sign
Really sign all user IDs? (y/N) y
pub 4096R/7A2B4EFB created: 2011-03-22 expires: never usage: SC
trust: unknown validity: unknown
Primary key fingerprint: CD7F 7901 B462 4C36 4329 20D4 6F4D 5E6A 7A2B 4EFB
Paul Dokas <dokas@dokas.name>
Paul Dokas <paul@dokas.name>
Signing Keys
Are you sure that you want to sign this key with your
key "Paul Dokas <paul.dokas@code42.com>" (660496A0)
Really sign? (y/N) y
You need a passphrase to unlock the secret key for
user: "Paul Dokas <paul.dokas@code42.com>"
4096-bit RSA key, ID 660496A0, created 2013-09-13
gpg> save
Revoking Key Signatures
gpg> revsig
You have signed these user IDs on key 7A2B4EFB:
Paul Dokas <dokas@dokas.name>
signed by your key 660496A0 on 2014-07-26
Paul Dokas <paul@dokas.name>
signed by your key 660496A0 on 2014-07-26
Revoking Key Signatures
user ID: "Paul Dokas <dokas@dokas.name>"
signed by your key 660496A0 on 2014-07-26
Create a revocation certificate for this signature? (y/N) y
user ID: "Paul Dokas <paul@dokas.name>"
signed by your key 660496A0 on 2014-07-26
Create a revocation certificate for this signature? (y/N) y
You are about to revoke these signatures:
Paul Dokas <dokas@dokas.name>
signed by your key 660496A0 on 2014-07-26
Paul Dokas <paul@dokas.name>
signed by your key 660496A0 on 2014-07-26
Revoking Key Signatures
Really create the revocation certificates? (y/N) y
Please select the reason for the revocation:
0 = No reason specified
4 = User ID is no longer valid
Q = Cancel
Your decision? 0
Enter an optional description; end it with an empty line:
>
Reason for revocation: No reason specified
(No description given)
Is this okay? (y/N) y
Revoking Key Signatures
You need a passphrase to unlock the secret key for
user: "Paul Dokas <paul.dokas@code42.com>"
4096-bit RSA key, ID 660496A0, created 2013-09-13
You need a passphrase to unlock the secret key for
user: "Paul Dokas <paul.dokas@code42.com>"
4096-bit RSA key, ID 660496A0, created 2013-09-13
Revoking Key Signatures
pub 4096R/7A2B4EFB created: 2011-03-22 expires: never usage: SC
trust: unknown validity: full
sub 4096R/EE20B803 created: 2011-03-22 expires: never usage: E
[ full ] (1). Paul Dokas <dokas@dokas.name>
[ full ] (2) Paul Dokas <paul@dokas.name>
gpg> save
Key Signatures
% gpg --list-sig 660496A0
pub 4096R/660496A0 2013-09-13 [expires: 2017-09-13]
uid [ full ] Paul Dokas <paul.dokas@code42.com>
sig 3 660496A0 2013-09-13 Paul Dokas <paul.dokas@code42.com>
sig 7A2B4EFB 2014-07-26 Paul Dokas <dokas@dokas.name>
sub 4096R/AE930309 2013-09-13 [expires: 2017-09-13]
sig 660496A0 2013-09-13 Paul Dokas <paul.dokas@code42.com>
sub 2048D/4ABD0125 2014-07-26
sig 660496A0 2014-07-26 Paul Dokas <paul.dokas@code42.com>
Trust
gpg> trust
pub 4096R/660496A0 created: 2013-09-13 expires: 2017-09-13 usage: SCEA
trust: unknown validity: full
sub 4096R/AE930309 created: 2013-09-13 expires: 2017-09-13 usage: SEA
sub 2048D/4ABD0125 created: 2014-07-26 expires: never usage: S
[ full ] (1). Paul Dokas <paul.dokas@code42.com>
Trust
Please decide how far you trust this user to correctly verify other users'
keys (by looking at passports, checking fingerprints from different sources,
etc.)
1 = I don't know or won't say
2 = I do NOT trust
3 = I trust marginally
4 = I trust fully
5 = I trust ultimately
m = back to the main menu
Your decision? 3
Trust
pub 4096R/660496A0 created: 2013-09-13 expires: 2017-09-13 usage: SCEA
trust: marginal validity: full
sub 4096R/AE930309 created: 2013-09-13 expires: 2017-09-13 usage: SEA
sub 2048D/4ABD0125 created: 2014-07-26 expires: never usage: S
[ full ] (1). Paul Dokas <paul.dokas@code42.com>
Please note that the shown key validity is not necessarily correct
unless you restart the program.
gpg> save
Trust
% gpg --update-trust
gpg: Note: signatures using the MD5 algorithm are rejected
gpg: public key 06B4110D is 2106 seconds newer than the signature
gpg: public key 8DA0DAEF is 473 seconds newer than the signature
gpg: public key 0BC39EB6 is 354091141 seconds newer than the signature
<snip, snip>
gpg: 3 marginal(s) needed, 1 complete(s) needed, PGP trust model
gpg: depth: 0 valid: 2 signed: 71 trust: 0-, 0q, 0n, 0m, 0f, 2u
gpg: public key 0BC39EB6 is 354091141 seconds newer than the signature
gpg: depth: 1 valid: 71 signed: 460 trust: 0-, 43q, 2n, 24m, 2f, 0u
gpg: depth: 2 valid: 64 signed: 406 trust: 0-, 59q, 2n, 1m, 2f, 0u
gpg: depth: 3 valid: 97 signed: 309 trust: 0-, 96q, 0n, 1m, 0f, 0u
gpg: next trustdb check due at 2014-08-04
Web Of Trust
Key Signing Parties
Informal
A few people establish trust in their keys and sign them
List Based
A coordinator distributes a list of keys to verify and sign
Hash Based
A coordinator creates a list of keys, everyone verifies their identity and the coordinator signs the list of keys
Algorithms
% gpg --version
gpg (GnuPG) 2.0.26
libgcrypt 1.6.1
Copyright (C) 2013 Free Software Foundation, Inc.
License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html>
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.
Home: ~/.gnupg
Supported algorithms:
Pubkey: RSA, ELG, DSA
Cipher: IDEA, 3DES, CAST5, BLOWFISH, AES, AES192, AES256, TWOFISH,
CAMELLIA128, CAMELLIA192, CAMELLIA256
Hash: MD5, SHA1, RIPEMD160, SHA256, SHA384, SHA512, SHA224
Compression: Uncompressed, ZIP, ZLIB, BZIP2
More Reading
Two major flavors
PGP/GPG
S/MIME
Enigmail
Enigmail
Enigmail
Enigmail
Enigmail
Enigmail
Enigmail
Enigmail
Enigmail
Enigmail
Enigmail
GPGTools
GPGTools
GPGTools
GPGTools
GPGTools
GPGTools
GPGTools
End-to-End
Front end for GPG for Chrome
Annoucement:
http://googleonlinesecurity.blogspot.com/2014/06/
making-end-to-end-encryption-easier-to.html
End-to-End
% git clone https://code.google.com/p/end-to-end.build/
% cd end-to-end.build
% ./do.sh install_deps
% ./do.sh build_extension
End-to-End
End-to-End
End-to-End
End-to-End
End-to-End
End-to-End
End-to-End
End-to-End
End-to-End
End-to-End
End-to-End
Watch out…
S/MIME
S/MIME Certificates
Watch out for limitation and problems
S/MIME Certificates
S/MIME Certificates
S/MIME Certificates
S/MIME Certificates
S/MIME Certificates
S/MIME Certificates
Thunderbird
Thunderbird
Thunderbird
Thunderbird
Thunderbird
Thunderbird
STARTTLS Everywhere
STARTTLS Everywhere
Messaging
Off The Record (OTR)
Basics
OTR
OTR
IRC
IRSSI plugins OTR, fish
XChat OTR
Encrirc SSL proxy
XMPP/Jabber
Others
SILC
Tox
Cryptocat
Texting
TextSecure
TextSecure
Steganography
Outguess
Outguess
% outguess -r Liber_primus.jpg Liber-primus.txt
Reading Liber_primus.jpg....
Extracting usable bits: 154283 bits
Steg retrieve: seed: 163, len: 2899
Outguess
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
775d0481115f6e4f3ba8873ac66da1df6bbe3ff19389878f2ddb9423881b
<snip, snip>
fe
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)
iQIcBAEBAgAGBQJSy3GZAAoJEBgfAeV6NQkPWq0P+wS37GvUbr+bYg6HVcP8Qz7Z
<snip, snip>
DwDOHMwAIKZ1k7JtlMfB
=v5mD
-----END PGP SIGNATURE-----