Scribd Logo
Hochladen

Willkommen bei Scribd!

  • David Huerta - Encrypted Email & Community Circles of Trust

    Hochgeladen von

    DavidHuerta
    90 Ansichten28 Seiten
    Intro to PGP by David Huerta, a presentation that was part of a workshop at CryptoParty Phoenix, December 4th, 2016.

    Copyright

    © © All Rights Reserved

    Verfügbare Formate

    PDF, TXT oder online auf Scribd lesen

    Stufen Sie dieses Dokument als nützlich ein?

    Sind diese Inhalte unangemessen?

    Dieses Dokument melden
    Intro to PGP by David Huerta, a presentation that was part of a workshop at CryptoParty Phoenix, December 4th, 2016.

    Copyright:

    © All Rights Reserved
    Als PDF, TXT herunterladen oder online auf Scribd lesen
    Markieren Sie unangemessene Inhalte
    90 Ansichten28 Seiten

    David Huerta - Encrypted Email & Community Circles of Trust

    Hochgeladen von

    DavidHuerta
    Intro to PGP by David Huerta, a presentation that was part of a workshop at CryptoParty Phoenix, December 4th, 2016.

    Copyright:

    © All Rights Reserved
    Als PDF, TXT herunterladen oder online auf Scribd lesen
    Markieren Sie unangemessene Inhalte
    von 28

    Encrypted Email and

    Community Webs of Trust


    David Huerta - CryptoParty Phoenix

    Photo credit: Whitney Museum

    Obligatory Bio Slide!

    CryptoPartying since 2012


    before it was cool
    Self Employed
    Also from PHX!
    Fan of burgers and the American
    way
    Trade: Photog skills for Mr. Robot*
    skillz?
    @huertanix
    *mr. robot sux

    Are you sure you need PGP?

    Alternatives to PGP

    Signal

    Peerio*

    Wickr

    Ricochet

    Photo credit: Open Whisper Systems

    PGP (BY ITSELF) IS


    NOT ANONYMOUS!

    Photo credit: Gloving Light

    Email

    Photo credit: Kate Beaton

    Email: How old? 1971.

    Hella metadata

    from address

    ALL to addresses

    subject line (!!!)

    headers

    timestamps

    Email is spoofable

    Email Headers
    Delivered-To: huertanix@gmail.com
    Received: by 10.176.6.101 with SMTP id f92csp2394918uaf;
    Tue, 22 Nov 2016 09:27:42 -0800 (PST)
    X-Received: by 10.28.15.138 with SMTP id 132mr3393427wmp.41.1479835662819;
    Tue, 22 Nov 2016 09:27:42 -0800 (PST)
    Return-Path: <chiron.hypatia@gmail.com>
    Received: from mail-wm0-x22b.google.com (mail-wm0-x22b.google.com. [2a00:1450:400c:c09::22b])
    by mx.google.com with ESMTPS id b5si18858903wjw.261.2016.11.22.09.27.42
    for <huertanix@gmail.com>
    (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128);
    Tue, 22 Nov 2016 09:27:42 -0800 (PST)
    Received-SPF: pass (google.com: domain of chiron.hypatia@gmail.com designates 2a00:1450:400c:c09::22b as permitted
    sender) client-ip=2a00:1450:400c:c09::22b;
    Authentication-Results: mx.google.com;
    dkim=pass header.i=@gmail.com;
    spf=pass (google.com: domain of chiron.hypatia@gmail.com designates 2a00:1450:400c:c09::22b as permitted sender)
    smtp.mailfrom=chiron.hypatia@gmail.com;
    dmarc=pass (p=NONE dis=NONE) header.from=gmail.com
    Received: by mail-wm0-x22b.google.com with SMTP id f82so1577wmf.1
    for <huertanix@gmail.com>; Tue, 22 Nov 2016 09:27:42 -0800 (PST)
    X-Received: by 10.28.58.14 with SMTP id h14mr3527970wma.7.1479835661965; Tue, 22 Nov 2016 09:27:41 -0800 (PST)
    MIME-Version: 1.0
    Received: by 10.28.1.202 with HTTP; Tue, 22 Nov 2016 09:27:40 -0800 (PST)
    In-Reply-To: <20161122163215.6245C1421AD@theochino.com>
    References: <20161122163215.6245C1421AD@theochino.com>
    From: Cassandra Dunlop <chiron.hypatia@gmail.com>
    Date: Tue, 22 Nov 2016 12:27:40 -0500
    Message-ID: <CAD9k8LnrrnEV_5hyPf-KmbH+unD1qjGdtx2mOi+ejnB5XL3R-A@mail.gmail.com>
    Subject: Fwd: #NYCPrivacy : 4th Meeting Agenda - 11/22/2016 - 7 pm
    To: David Huerta <huertanix@gmail.com>
    Content-Type: multipart/mixed; boundary=001a1148f6f2f56b040541e716b2
    --001a1148f6f2f56b040541e716b2
    Content-Type: multipart/alternative; boundary=001a1148f6f2f56aff0541e716b0

    PGP
    Photo credit: Phil Zimmerman

    PGP Prereqs

    Software

    Mac OS X: GPGTools

    Windows: GPG4Win

    Android: K9 Mail

    Optional: Hardware (!) Keys

    Yubikey

    Nitrokey?

    Public and Private Keys

    Based on cool math trix from the 70s

    Public Key == Lockbox and Private Key ==


    Private Key

    Give away lockboxes, never share private key,


    not even to your Bae/Government/Keybase

    Can also sign messages by creating a


    mathematical proof that can be verified by
    anyone with your public key

    -----BEGIN PGP PUBLIC KEY BLOCK----Version: SKS 1.1.5


    Comment: Hostname: pgp.mit.edu
    mQENBFNqenABCADAtL9oVEDGJRwn5et6uzX41yQhy6cSM0P5n1nVu8N2w0Ym0IlkKDoY2ZIJ
    dm0OuLEulyO8OVP6SjnavPS3aQ+Q9E4U4IW9AbzJbhFF2REGfqlh7Kr4h6B//mRK2U4f8t3O
    pRYFOhmYNtiYkucVBlmd7N2SYa/Ct+2GquCftswgVEcpJVJSf7vzdqn62Ej6OqoVuP8eaN2+
    TPvu1C5VMuqzHhFe607UuAN952xINla4szC1xIKc86rR3blsbFE3q/HUusfyybWYGycg480b
    QjJrQlDjsbyokzVn4Ykt9hrjui/lOvLDXwk7sP58N0l/MpZjX3PYzpPZtYNzfuyhiPmXABEB
    AAG0HldpbGwgQnJhZGxleSA8d2lsbEB6eXBob24uY29tPokBHAQQAQIABgUCVb2FbwAKCRBW
    7EUg8mYJwd/WB/4gAEHG0sti6jGxrgfkTjnQ7AXUjaEPVV/eWGyzrHMI8pKPiTLzzmGpvZac
    SACFJIKopYNEcGyg+wOtesKcpKAtdt+M2Y5ys3RQvG96HT/z24IbCr+ZR8hpKscIy+HYco6u
    fGgE2RgoOMdKcGdv+VFUAO6O+2nSZVTBhDRg0dahsiS2DACKUs7xZcb4p7eExzPLLssE/r/D
    CoPJWHpNfEDe0nAEb7Td9Xl7GOgl6FP0xzRSKXvLuUImk6Kh9KqYo7pTrqfdgfT2BQ8NCvQv
    cM2DmTwgTleIH+CZ8xgrwNOs9a7+29W47PAoQpc/k3DpXD1/e6JY8nVpsG10EiaokwyLiQEc
    BBMBCgAGBQJVAORpAAoJEDXXJr2uCfMowRUH/R7g8u6QkFYrKuQSXt6FwYKSEWXGOMQBUd3N
    23nQKmAagb/P/0oOcEWydin4Jpz1qeMmT2H3u2azZo8pHO8M5/4vzADUCRCfw2tvGnc5FbEx
    s+LKzZnKkWkRvxUWF2iN5BHCFBHP5dwYwp0LdMRvgvG8omGmbABMZVhuskYz7uS7QyJimiXq
    CGNyqBxuOZ6jgvLEuw9WyTzDolxxhIz2/FjE+0BYphNHUirpt3b8e43nNwHCQNOw+ND/KvFM
    XB3qpIk4glwtuJhLpFxoMVKRLL05h6PE1J9HNChNtIdo9ixEX3QaHl1ezTV5ibwYaiQdPcoK
    SBmwu6DFla1kaqtYd0SJAT4EEwECACgFAlRJfeYCGyMFCQlmAYAGCwkIBwMCBhUIAgkKCwQW
    AgMBAh4BAheAAAoJEAYIBvDadL5eGsQH/1SvdDmNw0QfC6Ytlqor+bgTXR3DzqWBHX0gRcaU
    nP549G+OH1I0HG2Sz//cqlgEbvSd3hixoYGjzLOzl/d+NpffJFjZM8oZXrwe4JjyjNvcEOJo
    4+P+1unGSQ5KAAcZrXOHptHpp7emJjt++i9Mcbk50suvmvSMHP+JwDnnbJw+vK83ApnhFhoI
    MJBcM8MM1VSSBKBWGD39o/HkKKZ4hCWdg6ksWpS0cmmQOaa18rg0Z7uClC5NW1XQ4AnScL2N
    go+OvVl1pvF2yFI9C6Yb3L6jxUAUPXhDjKdoBRQasOSxI26P755AO6uhF1zotQzJ1/qqaXmh
    d1Y/2m5D2RVD9HeJAhwEEwEKAAYFAlUA4i0ACgkQT/4z+9oYHZnmPA/+OL2u3HQIcNQh2WsD
    TCia5XNY/rb0uL4XbXZst3btnerA4G3CAdfo1kMP2FHttMxNDxDGhwCzK3JjdWwGnQkJ6bPb
    LeU7XPUFHMLB/sWhRsH7DcVEKzZ/FL69MufoQK6+tVPkjg5wHzHUobz/MEc72uthHGqV0Ky0
    sGrbFMySf+RrYmzp4fY709+h0gZ1Znv4bJXQLUePSd868DSBHyMIvP5zoxUVIvF7CNvNz9GC
    6T65VZbcDt85cahFY1tnpaRcO0nrb0wUyQr65PzCePZY7uYkmBTBc72F/GGAiVEhhU7q2qSN
    KyzRRkJ6QwaMbwBIQDuBILnGVhBUqIv4+tTegLBDvE485Tfpbv/09rWL4x9g7zHQSkMx1z11
    j1Puabfq8HcXDNX/lNvkAHhC0BbfXfwYjSbQqgLGzi9Za/ZA0lmnVeXH+zHOilS818U/SJgO
    QRyYBwljdZJecUTV0OCceYMS+iejyk4z/CEpTdW8oYS6LogXhQOlaNpKHbM/VZH+tE3UUk+G
    kItDiuXwhf7GUyvdB1nJf9ybTyfA/Xff0WNdaTzL4jP+ZP+ojNQl2Z4IYYgHxyEXD8EFrdTV
    lndX1oNRMIKxcd2K5pYYH1Z+fBXg8BdyXaKEauD9eSHvqd2ZSyzem64MYpTNe5jqejupwEFK
    FZTzyWYfMUMFGrGZHGuJAhwEEwEKAAYFAlXFVwMACgkQXjTHUUoRU2rEGA/8D+JxMLNLNIM8
    UYJ3cak/3NWt11nmsCC7ldnm1DRmWI/h9A7j4fbh6p8tMAPYjAlGXR+Nnv3+sNXMJjPrZk6c
    MX+ZPzCAbEauV3eoidFu2K17wkcQdapgAXo+xsUDWxM8Kxq7QHBlnw9evjZvM0kjfit2sGli
    W8Lqpldwc9j+1rtW8MwKIigWptIIO1BWISBK+VBUEB3zm92jA21dQflQuPzvZMNVwAnhEqCs
    BnkqvwnWqTBY7RudwamQxnj8c3RdGsindpfDtjiViEp207/ojvO1lW8fSa+OOp7SM3Y5097W
    xHjBSxJrq4X/XZROlI54N4yUsWL0nXZ06jSD3ekYMdEuez2GRdH7gdhAK00/+OUvgEZJkmAj
    cmiRFBwSs/iN1nlYbdaxcAIguHQidup8Lx1sV0i8Cvtrsfh3vQvvuYj4dMfZKRwkHUO5g+x5
    F+8LpLFnfaAdeS49eL6afK0KMRgfqdNwcAUOUcw2owAtZGxyDy2Ux8K75K4+Uzw4GLhhLskf
    W02etoUKJmYtMgTglv2XuYvuN4iOe50/zD4oVYgvBOy0J4nrMdv43c0PjRkNwlS1iXdatC9V
    Mpf6WTiS0DteF4xLRwPByBI2yXmMd3fbgR1GuQQMeb5Q6dKYT/bEGK11aJv7Ls6fE2+8rbf/
    YKFVcQimiU6/fCT2fTS/Ahi0JVdpbGwgQnJhZGxleSA8YnJhZGxleS53aWxsQGdtYWlsLmNv
    bT6JARwEEAECAAYFAlW9hW8ACgkQVuxFIPJmCcHrYQgAl8j3slGyXXLDRIfAT8qyqW2ETuBn
    G9Bv9pVj98O0jA1vs2JKfz1Y3eyD271PGgzzMjHfFwLprWcs7PSL6+HxlVtOL3y+Ue9s+bvz
    O4bwlGarlh953pu6f1iGR5Cgq6Y9G9M/gsUo3wb2gsyDHBLaL5R/5HxIVveFbHLO+TLSwYYE
    RQOSXGyTxm14MgJuSkLsAtzM2XtRunOql6KKZ6bu7UUpqlb4MnFAFaXWy/Nx9oKltWiEugmx
    Fqii3df0Qiz2Dj0TLQBsZ+9oxKC15hfkmrk6kSp2VS1Zr9INbo10CKo82ubqW2FQ524PnTAR
    V8KHfTEO4cCyk2b2tnfIhZVKdIkBHAQTAQoABgUCVQDkZgAKCRA11ya9rgnzKETpCAC0wVRq
    RK9zmScnypamh4RvxpGs2rYGJmWF89g3+Br2MCvB9rrqUImJjeOTaUPYg85+mK94FRPe4l2H
    ClpBS1AyxY/df60UWPV6KBM8mSrKVWSrCVoSWEqwlV0qwlAxLy2a7tGiVsHIOOzY7H2NY0On

    tl;dr

    Fingerprints, Key IDs

    PGP public keys are yuge compared to modern,


    ECC-based counterparts (Minilock)

    Hashing creates a mathematically unique


    identifier for a key, called a fingerprint

    A shorter 32-bit Key ID is used for identifying


    keys but IS NO LONGER reliable to be unique
    because of advances in GPU technology

    1482 F3BF 3F16 6BD4 3525 D55E 35D7 26BD AE09 F328
    Fingerprint

    1482 F3BF 3F16 6BD4 3525 D55E 35D7 26BD AE09 F328
    32-Bit Key ID

    1482 F3BF 3F16 6BD4 3525 D55E 35D7 26BD AE09 F328
    64-Bit Key ID

    Arrreee youuuu
    readyyyyyyy???

    Photo credit: DealNews.com

    Mac OS X

    Mac OS X

    Mac OS X

    Windows

    Windows

    Windows

    Windows

    Windows

    Windows

    brb

    Parting Notes

    Hardcore threat model security protips for PGP


    from The Grugq: https://gist.github.com/grugq/
    03167bed45e774551155

    Questions? Comments?
    huertanix@nycresistor.com

    My PGP Fingerprint: 1482 F3BF 3F16 6BD4


    3525 D55E 35D7 26BD AE09 F328

    Das könnte Ihnen auch gefallen