SlideShare a Scribd company logo

PGP for Smarties Guide

Jan Schaumann
Jan Schaumann

The document discusses PGP (Pretty Good Privacy) and how it can be used to securely communicate and store secrets. It explains that PGP uses public-key cryptography to provide confidentiality, integrity, and authenticity. It also discusses how to generate a PGP key pair, and the importance of revoking keys if they are compromised or the user no longer needs them.

Technology
1 of 89
Download to read offline
PGP for Smarties PGP for Smarties Jan Schaumann <jschauma@etsy.com> B60D A9F7 0D89 544A 7995 7D25 5A5B 4375 275F 0BB5 http://etsy.me/TF8k2c @jschauma Wednesday, September 5, 12
PGP for Smarties http://etsy.me/N1UIjg 2 08/28/12 Wednesday, September 5, 12
PGP for Smarties http://etsy.me/Tkbefn 3 08/28/12 Wednesday, September 5, 12
PGP for Smarties Common threats to security: 4 08/28/12 Wednesday, September 5, 12
PGP for Smarties PGP stands for… http://etsy.me/SYTYfA 5 08/28/12 Wednesday, September 5, 12
PGP for Smarties PGP stands for… The Pacific Golden Plover (Pluvialis fulva) is a medium-sized plover. http://etsy.me/SYTYfA 5 08/28/12 Wednesday, September 5, 12
PGP for Smarties Pretty Good Privacy http://etsy.me/SYVdeP 6 08/28/12 Wednesday, September 5, 12
PGP for Smarties Pretty Bad Privacy http://etsy.me/hHFUdi 7 08/28/12 Wednesday, September 5, 12
PGP for Smarties Definitions “PGP” == “Pretty Good Privacy” 8 08/28/12 Wednesday, September 5, 12
PGP for Smarties Definitions “PGP” == “Pretty Good Privacy” “OpenPGP” is a standard to provide encryption, decryption, signing, and key management functions. (RFC4880) 8 08/28/12 Wednesday, September 5, 12
PGP for Smarties Definitions “PGP” == “Pretty Good Privacy” “OpenPGP” is a standard to provide encryption, decryption, signing, and key management functions. (RFC4880) “GnuPG” == “GNU Privacy Guard” aka “gpg” 8 08/28/12 Wednesday, September 5, 12
PGP for Smarties OpenPGP • uses a combination of strong public-key and symmetric cryptography • provides security services for electronic communications and data storage – authentication (via digital signatures) – confidentiality (via encryption) – integrity (via digital signatures) – key management – expiration 9 08/28/12 Wednesday, September 5, 12
PGP for Smarties Buzzword Bingo 10 08/28/12 Wednesday, September 5, 12
PGP for Smarties Buzzword Bingo http://etsy.me/iFfqUa 10 08/28/12 Wednesday, September 5, 12
PGP for Smarties Buzzword Bingo http://etsy.me/SZ1G9q http://etsy.me/iFfqUa 10 08/28/12 Wednesday, September 5, 12
PGP for Smarties Buzzword Bingo http://etsy.me/SZ1G9q http://etsy.me/iFfqUa http://etsy.me/N20IIG 10 08/28/12 Wednesday, September 5, 12
PGP for Smarties Buzzword Bingo http://etsy.me/SZ1G9q http://etsy.me/iFfqUa http://etsy.me/N20IIG http://etsy.me/TAHXKG 10 08/28/12 Wednesday, September 5, 12
PGP for Smarties Buzzword Bingo http://etsy.me/SZ1G9q http://etsy.me/iFfqUa http://etsy.me/N20IIG http://etsy.me/TAIEUh http://etsy.me/TAHXKG 10 08/28/12 Wednesday, September 5, 12
PGP for Smarties Buzzword Bingo http://etsy.me/SZ1G9q http://etsy.me/iFfqUa http://etsy.me/N20IIG http://etsy.me/MHNUDQ http://etsy.me/TAIEUh http://etsy.me/TAHXKG 10 08/28/12 Wednesday, September 5, 12
PGP for Smarties http://etsy.me/uLLUaI 11 08/28/12 Wednesday, September 5, 12
PGP for Smarties What's this, then? B60D A9F7 0D89 544A 7995 7D25 5A5B 4375 275F 0BB5 12 08/28/12 Wednesday, September 5, 12
PGP for Smarties What's this, then? B60D A9F7 0D89 544A 7995 7D25 5A5B 4375 275F 0BB5 http://etsy.me/iFfqUa 12 08/28/12 Wednesday, September 5, 12
PGP for Smarties In general: • people who work together need to occasionally share secrets 13 08/28/12 Wednesday, September 5, 12
PGP for Smarties In general: • people who work together need to occasionally share secrets • people who work together need to occasionally share secrets across physical distances 13 08/28/12 Wednesday, September 5, 12
PGP for Smarties In general: • people who work together need to occasionally share secrets • people who work together need to occasionally share secrets across physical distances • people who work together need to occasionally share secrets across physical distances and timezones 13 08/28/12 Wednesday, September 5, 12
PGP for Smarties In general: • people who work together need to occasionally share secrets • people who work together need to occasionally share secrets across physical distances • people who work together need to occasionally share secrets across physical distances and timezones • people who work together don't always work together 13 08/28/12 Wednesday, September 5, 12
PGP for Smarties In general: • people who work together need to occasionally share secrets • people who work together need to occasionally share secrets across physical distances • people who work together need to occasionally share secrets across physical distances and timezones • people who work together don't always work together • people need to store secrets: • store it on a computer system owned by your company => multiple users besides you have full access • store it on a computer system owned by yourself => company-related information leaked 13 08/28/12 Wednesday, September 5, 12
PGP for Smarties In general: § people need to communicate securely http://etsy.me/TAORQb 14 08/28/12 Wednesday, September 5, 12
PGP for Smarties In general: § people need to communicate securely http://etsy.me/TAORQb • people need to store date securely http://etsy.me/SZ4Qdd 14 08/28/12 Wednesday, September 5, 12
PGP for Smarties Common threats to security: 16 08/28/12 Wednesday, September 5, 12
PGP for Smarties Cryptography may provide: § secrecy or confidentiality § accuracy or integrity § authenticity 17 08/28/12 Wednesday, September 5, 12
PGP for Smarties Why we want secrecy: 18 08/28/12 Wednesday, September 5, 12
PGP for Smarties Why we want integrity: Date: Sat, 23 Jun 2012 11:59:40 -0400 From: Chad Dickerson <chad@etsy.com> To: Jan Schaumann <jschauma@etsy.com> Subject: Important X-Mailer: iPad Mail (9B206) Jan, Can you disable Allspaw’s VPN access? We’ll have to let him go. Also, party at my place, byob. Chad Sent from my iPad 19 08/28/12 Wednesday, September 5, 12
PGP for Smarties Why we want integrity: Date: Sat, 23 Jun 2012 11:59:40 -0400 From: Chad Dickerson <chad@etsy.com> To: Jan Schaumann <jschauma@etsy.com> Subject: Important X-Mailer: iPad Mail (9B206) Jan, Can you get Allspaw’s jacket size? We’re planning a surprise gift. Also, party at my place, byob. Chad Sent from my iPad 19 08/28/12 Wednesday, September 5, 12
PGP for Smarties Why we want authenticity: Date: Sat, 23 Jun 2012 11:59:40 -0400 From: Chad Dickerson <chad@etsy.com> To: Jan Schaumann <jschauma@etsy.com> Subject: Important X-Mailer: iPad Mail (9B206) Jan, Can you disable Allspaw’s VPN access? We’ll have to let him go. Also, party at my place, byob. Chad Sent from my iPad 19 08/28/12 Wednesday, September 5, 12
PGP for Smarties Symmetric- or private-key cryptography http://etsy.me/TASe9N 21 08/28/12 Wednesday, September 5, 12
PGP for Smarties Symmetric- or private-key $ cat secret Oehpr Fpuarvre rkcrpgf gur Fcnavfu Vadhvfvgvba. $ 22 08/28/12 Wednesday, September 5, 12
PGP for Smarties Symmetric- or private-key $ cat secret Oehpr Fpuarvre rkcrpgf gur Fcnavfu Vadhvfvgvba. $ rot13 <secret Bruce Schneier expects the Spanish Inquisition. $ 22 08/28/12 Wednesday, September 5, 12
PGP for Smarties Symmetric- or private-key $ cat secret Oehpr Fpuarvre rkcrpgf gur Fcnavfu Vadhvfvgvba. $ rot13 <secret Bruce Schneier expects the Spanish Inquisition. $ http://etsy.me/SZ1G9q 22 08/28/12 Wednesday, September 5, 12
PGP for Smarties Asymmetric- or public-key 23 08/28/12 Wednesday, September 5, 12
PGP for Smarties Public-key cryptography in a nutshell http://etsy.me/SZ63kK http://etsy.me/TAHXKG http://etsy.me/TAIEUh http://etsy.me/TARe5w 24 08/28/12 Wednesday, September 5, 12
PGP for Smarties Public-key cryptography in a nutshell 25 08/28/12 Wednesday, September 5, 12
PGP for Smarties Public-key cryptography in a nutshell 26 08/28/12 Wednesday, September 5, 12
PGP for Smarties PGP can: • provide secrecy or confidentiality (encryption) • provide accuracy or integrity (checksum) • provide authenticity (signature + WoT) 27 08/28/12 Wednesday, September 5, 12
PGP for Smarties PGP can NOT: • magically imply "security" • know by itself whom to trust (or not) • figure out how or when to share secrets • protect you from all threats 28 08/28/12 Wednesday, September 5, 12
PGP for Smarties Yahoo! Presentation, Confidential 29 08/28/12 Wednesday, September 5, 12
PGP for Smarties Common threats to security: https://xkcd.com/399/ 30 08/28/12 Wednesday, September 5, 12
PGP for Smarties Common threats to security: $ man gpg | rman -t ascii | egrep -- "^[ ]*--[^ ]+$" | sort -u | wc –l 167 $ 31 08/28/12 Wednesday, September 5, 12
PGP for Smarties 32 08/28/12 Wednesday, September 5, 12
PGP for Smarties Keypair generation $ gpg --gen-key [...] Real name: Jan Schaumann Email address: jschauma@etsy.com [...] You need a Passphrase to protect your secret key. [...] pub 2048R/275F0BB5 2012-04-24 Key fingerprint = B60D A9F7 0D89 544A 7995 7D25 5A5B 4375 275F 0BB5 uid Jan Schaumann <jschauma@etsy.com> [...] $ 33 08/28/12 Wednesday, September 5, 12
PGP for Smarties Keypair generation $ gpg --gen-key [...] Real name: Jan Schaumann Email address: jschauma@etsy.com [...] You need a Passphrase to protect your secret key. [...] pub 2048R/275F0BB5 2012-04-24 Key fingerprint = B60D A9F7 0D89 544A 7995 7D25 5A5B 4375 275F 0BB5 uid Jan Schaumann <jschauma@etsy.com> [...] $ $ ls ~/.gnupg/*ring.gpg /Users/jschauma/.gnupg/pubring.gpg /Users/jschauma/.gnupg/secring.gpg 33 08/28/12 Wednesday, September 5, 12
PGP for Smarties Common threats to security: https://xkcd.com/538/ 34 08/28/12 Wednesday, September 5, 12
PGP for Smarties Revocation Certificate $ gpg --output 275F0BB5-revocation-cert --gen-revoke 275F0BB5 sec 2048R/275F0BB5 2012-04-24 Jan Schaumann <jschauma@etsy.com> [...] You need a passphrase to unlock the secret key for user: "Jan Schaumann <jschauma@etsy.com>" 2048-bit RSA key, ID 275F0BB5, created 2012-04-24 ASCII armored output forced. Revocation certificate created. Please move it to a medium which you can hide away; if Mallory gets access to this certificate he can use it to make your key unusable. It is smart to print this certificate and store it away, just in case your media become unreadable. But have some caution: The print system of your machine might store the data and make it available to others! 35 08/28/12 Wednesday, September 5, 12
PGP for Smarties Let's have a look... $ gpg --fingerprint jschauma@etsy.com pub 2048R/275F0BB5 2012-04-24 Key fingerprint = B60D A9F7 0D89 544A 7995 7D25 5A5B 4375 275F 0BB5 uid Jan Schaumann <jschauma@etsy.com> sub 2048R/FA19BA98 2012-04-24 $ 36 08/28/12 Wednesday, September 5, 12
PGP for Smarties Let's have a look... $ gpg --fingerprint jschauma@etsy.com pub 2048R/275F0BB5 2012-04-24 Key fingerprint = B60D A9F7 0D89 544A 7995 7D25 5A5B 4375 275F 0BB5 uid Jan Schaumann <jschauma@etsy.com> sub 2048R/FA19BA98 2012-04-24 $ $ gpg --export -a 275F0BB5 -----BEGIN PGP PUBLIC KEY BLOCK----- Version: GnuPG v2.0.18 (Darwin) mQENBE+W6hcBCADcP2qrc4tjVjJxvyCNPJZSxDmDLqWzo9KDEer77WeAocYuXC [...] bWxBdIK299dw4wRJi1Z2Ocg/VlZtflDF54ts55EDsQ== =QJlN -----END PGP PUBLIC KEY BLOCK----- 36 08/28/12 Wednesday, September 5, 12
PGP for Smarties Wot a lot I got! 37 08/28/12 Wednesday, September 5, 12
PGP for Smarties Wot a lot I got! http://etsy.me/iFfqUa 37 08/28/12 Wednesday, September 5, 12
PGP for Smarties Wot a lot I got! http://etsy.me/TARe5w http://etsy.me/iFfqUa 37 08/28/12 Wednesday, September 5, 12
PGP for Smarties Wot a lot I got! http://etsy.me/TARe5w http://etsy.me/iFfqUa http://etsy.me/TASWnp 37 08/28/12 Wednesday, September 5, 12
PGP for Smarties Sharing secrets with Alice $ gpg --encrypt -r alice@etsy.com secret gpg: alice@etsy.com: skipped: public key not found gpg: secret: encryption failed: public key not found $ 38 08/28/12 Wednesday, September 5, 12
PGP for Smarties Public-key cryptography in a nutshell 25 08/28/12 Wednesday, September 5, 12
PGP for Smarties Sharing secrets with Alice $ gpg --encrypt -r alice@etsy.com secret gpg: alice@etsy.com: skipped: public key not found gpg: secret: encryption failed: public key not found $ $ gpg --list-keys alice gpg: error reading key: public key not found $ 40 08/28/12 Wednesday, September 5, 12
PGP for Smarties Sharing secrets with Alice $ gpg --encrypt -r alice@etsy.com secret gpg: alice@etsy.com: skipped: public key not found gpg: secret: encryption failed: public key not found $ $ gpg --list-keys alice gpg: error reading key: public key not found $ $ gpg --search-keys alice@etsy.com gpg: searching for "alice@etsy.com" from hkp server keys.gnupg.net gpg: key "alice@etsy.com" not found on keyserver $ 40 08/28/12 Wednesday, September 5, 12
PGP for Smarties Sharing secrets with Alice $ gpg --search-keys alice gpg: searching for "alice" from hkp server keys.gnupg.net (1) Alice Cooper <alice@etsy.com> 2048 bit RSA key AB123456, created: 2009-11-25 Keys 1-1 of 1 for "alice". Enter number(s), N)ext, or Q)uit > 1 gpg: requesting key AB123456 from hkp server keys.gnupg.net gpg: key AB123456: public key ”Alice Cooper” <alice@etsy.com>" imported gpg: Total number processed: 1 gpg: imported: 1 $ 42 08/28/12 Wednesday, September 5, 12
PGP for Smarties Sharing secrets with Alice $ gpg --encrypt -r alice@etsy.com secret gpg: AB123456: There is no assurance this key belongs to the named user pub 2048g/AB123456 1969-08-01 Vincent Damon Furnier <alice@etsy.com> Primary key fingerprint: 666C E666 CC66 6EB6 66DB B0B6 6678 6667 AB12 3456 It is NOT certain that the key belongs to the person named in the user ID. If you *really* know what you are doing, you may answer the next question with yes. Use this key anyway? (y/N) 43 08/28/12 Wednesday, September 5, 12
PGP for Smarties Common threats to security: 44 08/28/12 Wednesday, September 5, 12
PGP for Smarties Keypair generation $ gpg --gen-key [...] Real name: Chad Dickerson Email address: chad@etsy.com Comment: CEO You selected this USER-ID: ”Chad Dickerson (CEO) <chad@etsy.com>" [...] You need a Passphrase to protect your secret key. [...] pub 2048R/E157FAB8 2006-09-01 Key fingerprint = E2A7 437A 7AB8 6EA1 7E1D F6DC BF09 CDC9 E157 FAB8 uid Chad Dickerson (CEO) <chad@etsy.com> [...] $ gpg --send-keys E157FAB8 gpg: sending key E157FAB8 to hkp server keys.gnupg.net $ 45 08/28/12 Wednesday, September 5, 12
PGP for Smarties Key Verification • easily done in person • easiest done if both parties actually know each other • reasonable authentication (for some organizations, anyway – mix and match): • Staff Directory info • IRC handle • shared domain username • email 46 08/28/12 Wednesday, September 5, 12
PGP for Smarties Key Verification http://etsy.me/SZ9AQc 50 08/28/12 Wednesday, September 5, 12
PGP for Smarties Web of Trust 52 08/28/12 Wednesday, September 5, 12
PGP for Smarties 53 08/28/12 Wednesday, September 5, 12
PGP for Smarties John Belushi Kevin Bacon 54 08/28/12 Wednesday, September 5, 12
PGP for Smarties Donald Sutherland (Animal House) John Belushi Kevin Bacon (Animal House) 55 08/28/12 Wednesday, September 5, 12
PGP for Smarties Donald Sutherland (Lost Angels) John Belushi Kevin Bacon Pauly Shore (Lost Angels) 56 08/28/12 Wednesday, September 5, 12
PGP for Smarties Andy Dick (In the Army now) Donald Sutherland John Belushi Kevin Bacon Pauly Shore (In the Army now) 57 08/28/12 Wednesday, September 5, 12
PGP for Smarties Andy Dick (Zoolander) Claudia Schiffer (Zoolander) Donald Sutherland John Belushi Kevin Bacon Pauly Shore 58 08/28/12 Wednesday, September 5, 12
PGP for Smarties Andy Dick Claudia Schiffer (Life without Dick) Donald Sutherland John Belushi Kevin Bacon Sarah Jessica Parker (Life without Dick) Pauly Shore 59 08/28/12 Wednesday, September 5, 12
PGP for Smarties Andy Dick Claudia Schiffer Donald Sutherland John Belushi Kevin Bacon (Footlose) Sarah Jessica Parker (Footlose) Pauly Shore 60 08/28/12 Wednesday, September 5, 12
PGP for Smarties Andy Dick Claudia Schiffer Donald Sutherland John Belushi Kevin Bacon Sarah Jessica Parker Pauly Shore 61 08/28/12 Wednesday, September 5, 12
PGP for Smarties Problems with the Web of Trust 62 08/28/12 Wednesday, September 5, 12
PGP for Smarties Better: 63 08/28/12 Wednesday, September 5, 12
PGP for Smarties Web of Trust • you have to trust every signing entity in your trustpath • the shorter the trustpath, the better • the more nodes in your WoT, the better • the more edges in your WoT, the better • the fewer leaves, the better • the more signatures a key has, the better 64 08/28/12 Wednesday, September 5, 12
PGP for Smarties Key Verification • becomes “Key Signing” • makes no assertion of quality of character, coding skills, weight-lifting abilities, taste in movies, etc • only asserts “I have verified that the key with the fingerprint X belongs to person Y” • nothing else 65 08/28/12 Wednesday, September 5, 12
PGP for Smarties Key Signing • retrieve signee’s key • identify signee • signee presents or confirms his/her key’s fingerprint • signer sends encrypted content to email on key • signee decrypts, responds • signer signs and uploads signee’s key 66 08/28/12 Wednesday, September 5, 12
PGP for Smarties Long-Distance Key Signing § same as before modulo: § identify signee › by trusted proxy (ie via WoT) › call phone-# (desk + cell) listed in Staff Directory › multi-channel challenge response (Skype+IRC +Email) › control of uid on shared host 67 08/28/12 Wednesday, September 5, 12
PGP for Smarties Please sign responsibly! https://www.xkcd.com/364/ 68 08/28/12 Wednesday, September 5, 12
PGP for Smarties Wishlist • key generation part of new-hire orientation • manager signs new-hire key on first day • team signs new-hire key on first team meeting • regular keysigning events • sensitive/important data is actually signed • encrypted backups (+ self-restore) • signed packages • … 69 08/28/12 Wednesday, September 5, 12
PGP for Smarties Be paranoid! 70 08/28/12 Wednesday, September 5, 12
PGP for Smarties Links • http://www.mycrypto.net/encryption/encryption_public.html • http://en.wikipedia.org/wiki/Public-key_cryptography • http://en.wikipedia.org/wiki/Pretty_Good_Privacy • http://www.lysator.liu.se/~jc/wotsap/search.html • http://www.usenix.org/publications/library/proceedings/sec99/ whitten.html • http://oracleofbacon.org/ 71 08/28/12 Wednesday, September 5, 12

Recommended

Pgp pretty good privacy
Pgp pretty good privacyPgp pretty good privacy
Pgp pretty good privacyPawan Arya
 
Introduction to SSH & PGP
Introduction to SSH & PGPIntroduction to SSH & PGP
Introduction to SSH & PGPSarang Ananda Rao
 
Gpg basics
Gpg basicsGpg basics
Gpg basicsobsidisconsortia
 
GPG Signing Git Commits
GPG Signing Git CommitsGPG Signing Git Commits
GPG Signing Git CommitsDinis Cruz
 
Gnu Privacy Guard - Intro
Gnu Privacy Guard - IntroGnu Privacy Guard - Intro
Gnu Privacy Guard - IntroO. R. Kumaran
 
"Pretty Good Privacy": smuggling in the "Information Age"
"Pretty Good Privacy": smuggling in the "Information Age""Pretty Good Privacy": smuggling in the "Information Age"
"Pretty Good Privacy": smuggling in the "Information Age"Federico Costantini
 
PGP - Pretty Good Privacy
PGP - Pretty Good PrivacyPGP - Pretty Good Privacy
PGP - Pretty Good PrivacyJuliano Flores
 
Pretty good privacy
Pretty good privacyPretty good privacy
Pretty good privacyJernej Virag
 

Recommended

Pgp pretty good privacy
Pgp pretty good privacyPgp pretty good privacy
Pgp pretty good privacyPawan Arya
 
Introduction to SSH & PGP
Introduction to SSH & PGPIntroduction to SSH & PGP
Introduction to SSH & PGPSarang Ananda Rao
 
Gpg basics
Gpg basicsGpg basics
Gpg basicsobsidisconsortia
 
GPG Signing Git Commits
GPG Signing Git CommitsGPG Signing Git Commits
GPG Signing Git CommitsDinis Cruz
 
Gnu Privacy Guard - Intro
Gnu Privacy Guard - IntroGnu Privacy Guard - Intro
Gnu Privacy Guard - IntroO. R. Kumaran
 
"Pretty Good Privacy": smuggling in the "Information Age"
"Pretty Good Privacy": smuggling in the "Information Age""Pretty Good Privacy": smuggling in the "Information Age"
"Pretty Good Privacy": smuggling in the "Information Age"Federico Costantini
 
PGP - Pretty Good Privacy
PGP - Pretty Good PrivacyPGP - Pretty Good Privacy
PGP - Pretty Good PrivacyJuliano Flores
 
Pretty good privacy
Pretty good privacyPretty good privacy
Pretty good privacyJernej Virag
 
Using PGP for securing the email
Using PGP for securing the emailUsing PGP for securing the email
Using PGP for securing the emailGianni Fiore
 
Bonnes pratiques dans la protection des données personnelles internet
Bonnes pratiques dans la protection des données personnelles internetBonnes pratiques dans la protection des données personnelles internet
Bonnes pratiques dans la protection des données personnelles internetWilfried Nguessan
 
OpenPGP/GnuPG Encryption
OpenPGP/GnuPG EncryptionOpenPGP/GnuPG Encryption
OpenPGP/GnuPG EncryptionTanner Lovelace
 
Installing Gpg
Installing GpgInstalling Gpg
Installing GpgJon Spriggs
 
Gpg Twitter
Gpg TwitterGpg Twitter
Gpg TwitterThe Glover Park Group
 
How Email Works storyboarad_cartoon
How Email Works storyboarad_cartoonHow Email Works storyboarad_cartoon
How Email Works storyboarad_cartoonLori deRoin
 
Fancy pants
Fancy pantsFancy pants
Fancy pantsJan Schaumann
 
Internet Security
Internet SecurityInternet Security
Internet SecurityManoj Sahu
 
Development is Production Too
Development is Production TooDevelopment is Production Too
Development is Production Toojgoulah
 
Gerenciamento de Backups PostgreSQL com pgbarman
Gerenciamento de Backups PostgreSQL com pgbarmanGerenciamento de Backups PostgreSQL com pgbarman
Gerenciamento de Backups PostgreSQL com pgbarmanJuliano Atanazio
 
Computer viruses 911 computer support
Computer viruses 911 computer supportComputer viruses 911 computer support
Computer viruses 911 computer supportbozzerapide
 
Lecture 4 -_internet_infrastructure_2_updated_2011
Lecture 4 -_internet_infrastructure_2_updated_2011Lecture 4 -_internet_infrastructure_2_updated_2011
Lecture 4 -_internet_infrastructure_2_updated_2011Serious_SamSoul
 
Pgp
PgpPgp
PgpNilanjan Danda
 
Pretty good privacy
Pretty good privacyPretty good privacy
Pretty good privacyAlex Adipati
 
Handson 1 (5/6)
Handson 1 (5/6)Handson 1 (5/6)
Handson 1 (5/6)Roberta Cuel
 
E mail security
E mail securityE mail security
E mail securitySoumya Vijoy
 
PGP based social network
PGP based social networkPGP based social network
PGP based social networkJosé Moreira
 
Safely Drinking from the Data Waterhose
Safely Drinking from the Data WaterhoseSafely Drinking from the Data Waterhose
Safely Drinking from the Data WaterhoseJan Schaumann
 
The Razors Edge - Cutting your TLS Baggage
The Razors Edge - Cutting your TLS BaggageThe Razors Edge - Cutting your TLS Baggage
The Razors Edge - Cutting your TLS BaggageJan Schaumann
 
OpSec101
OpSec101OpSec101
OpSec101Jan Schaumann
 
Know Your Enemy - An Introduction to Threat Modeling
Know Your Enemy - An Introduction to Threat ModelingKnow Your Enemy - An Introduction to Threat Modeling
Know Your Enemy - An Introduction to Threat ModelingJan Schaumann
 
Crazy Like A Fox - #Infosec Ideas That Just Might Work
Crazy Like A Fox - #Infosec Ideas That Just Might WorkCrazy Like A Fox - #Infosec Ideas That Just Might Work
Crazy Like A Fox - #Infosec Ideas That Just Might WorkJan Schaumann
 

More Related Content

Viewers also liked

Using PGP for securing the email
Using PGP for securing the emailUsing PGP for securing the email
Using PGP for securing the emailGianni Fiore
 
Bonnes pratiques dans la protection des données personnelles internet
Bonnes pratiques dans la protection des données personnelles internetBonnes pratiques dans la protection des données personnelles internet
Bonnes pratiques dans la protection des données personnelles internetWilfried Nguessan
 
OpenPGP/GnuPG Encryption
OpenPGP/GnuPG EncryptionOpenPGP/GnuPG Encryption
OpenPGP/GnuPG EncryptionTanner Lovelace
 
How Email Works storyboarad_cartoon
How Email Works storyboarad_cartoonHow Email Works storyboarad_cartoon
How Email Works storyboarad_cartoonLori deRoin
 
Internet Security
Internet SecurityInternet Security
Internet SecurityManoj Sahu
 
Development is Production Too
Development is Production TooDevelopment is Production Too
Development is Production Toojgoulah
 
Gerenciamento de Backups PostgreSQL com pgbarman
Gerenciamento de Backups PostgreSQL com pgbarmanGerenciamento de Backups PostgreSQL com pgbarman
Gerenciamento de Backups PostgreSQL com pgbarmanJuliano Atanazio
 
Computer viruses 911 computer support
Computer viruses 911 computer supportComputer viruses 911 computer support
Computer viruses 911 computer supportbozzerapide
 
Lecture 4 -_internet_infrastructure_2_updated_2011
Lecture 4 -_internet_infrastructure_2_updated_2011Lecture 4 -_internet_infrastructure_2_updated_2011
Lecture 4 -_internet_infrastructure_2_updated_2011Serious_SamSoul
 
Pretty good privacy
Pretty good privacyPretty good privacy
Pretty good privacyAlex Adipati
 
PGP based social network
PGP based social networkPGP based social network
PGP based social networkJosé Moreira
 
Safely Drinking from the Data Waterhose
Safely Drinking from the Data WaterhoseSafely Drinking from the Data Waterhose
Safely Drinking from the Data WaterhoseJan Schaumann
 

Viewers also liked (18)

Using PGP for securing the email
Using PGP for securing the emailUsing PGP for securing the email
Using PGP for securing the email
 
Bonnes pratiques dans la protection des données personnelles internet
Bonnes pratiques dans la protection des données personnelles internetBonnes pratiques dans la protection des données personnelles internet
Bonnes pratiques dans la protection des données personnelles internet
 
OpenPGP/GnuPG Encryption
OpenPGP/GnuPG EncryptionOpenPGP/GnuPG Encryption
OpenPGP/GnuPG Encryption
 
Installing Gpg
Installing GpgInstalling Gpg
Installing Gpg
 
Gpg Twitter
Gpg TwitterGpg Twitter
Gpg Twitter
 
How Email Works storyboarad_cartoon
How Email Works storyboarad_cartoonHow Email Works storyboarad_cartoon
How Email Works storyboarad_cartoon
 
Fancy pants
Fancy pantsFancy pants
Fancy pants
 
Internet Security
Internet SecurityInternet Security
Internet Security
 
Development is Production Too
Development is Production TooDevelopment is Production Too
Development is Production Too
 
Gerenciamento de Backups PostgreSQL com pgbarman
Gerenciamento de Backups PostgreSQL com pgbarmanGerenciamento de Backups PostgreSQL com pgbarman
Gerenciamento de Backups PostgreSQL com pgbarman
 
Computer viruses 911 computer support
Computer viruses 911 computer supportComputer viruses 911 computer support
Computer viruses 911 computer support
 
Lecture 4 -_internet_infrastructure_2_updated_2011
Lecture 4 -_internet_infrastructure_2_updated_2011Lecture 4 -_internet_infrastructure_2_updated_2011
Lecture 4 -_internet_infrastructure_2_updated_2011
 
Pgp
PgpPgp
Pgp
 
Pretty good privacy
Pretty good privacyPretty good privacy
Pretty good privacy
 
Handson 1 (5/6)
Handson 1 (5/6)Handson 1 (5/6)
Handson 1 (5/6)
 
E mail security
E mail securityE mail security
E mail security
 
PGP based social network
PGP based social networkPGP based social network
PGP based social network
 
Safely Drinking from the Data Waterhose
Safely Drinking from the Data WaterhoseSafely Drinking from the Data Waterhose
Safely Drinking from the Data Waterhose
 

More from Jan Schaumann

The Razors Edge - Cutting your TLS Baggage
The Razors Edge - Cutting your TLS BaggageThe Razors Edge - Cutting your TLS Baggage
The Razors Edge - Cutting your TLS BaggageJan Schaumann
 
Know Your Enemy - An Introduction to Threat Modeling
Know Your Enemy - An Introduction to Threat ModelingKnow Your Enemy - An Introduction to Threat Modeling
Know Your Enemy - An Introduction to Threat ModelingJan Schaumann
 
Crazy Like A Fox - #Infosec Ideas That Just Might Work
Crazy Like A Fox - #Infosec Ideas That Just Might WorkCrazy Like A Fox - #Infosec Ideas That Just Might Work
Crazy Like A Fox - #Infosec Ideas That Just Might WorkJan Schaumann
 
It's the people, stupid.
It's the people, stupid.It's the people, stupid.
It's the people, stupid.Jan Schaumann
 
Semper Ubi Sub Ubi - Things They Don't Teach You In School
Semper Ubi Sub Ubi - Things They Don't Teach You In SchoolSemper Ubi Sub Ubi - Things They Don't Teach You In School
Semper Ubi Sub Ubi - Things They Don't Teach You In SchoolJan Schaumann
 
Everything is Awful (And You're Not Helping)
Everything is Awful (And You're Not Helping)Everything is Awful (And You're Not Helping)
Everything is Awful (And You're Not Helping)Jan Schaumann
 
Primum non nocere - Ethical Obligations in Internet Operations
Primum non nocere - Ethical Obligations in Internet OperationsPrimum non nocere - Ethical Obligations in Internet Operations
Primum non nocere - Ethical Obligations in Internet OperationsJan Schaumann
 
Protecting Data in Untrusted Locations
Protecting Data in Untrusted LocationsProtecting Data in Untrusted Locations
Protecting Data in Untrusted LocationsJan Schaumann
 
Headless Host Scanning
Headless Host ScanningHeadless Host Scanning
Headless Host ScanningJan Schaumann
 
L3DSR - Overcoming Layer 2 Limitations of Direct Server Return Load Balancing
L3DSR - Overcoming Layer 2 Limitations of Direct Server Return Load BalancingL3DSR - Overcoming Layer 2 Limitations of Direct Server Return Load Balancing
L3DSR - Overcoming Layer 2 Limitations of Direct Server Return Load BalancingJan Schaumann
 
Building better tools
Building better toolsBuilding better tools
Building better toolsJan Schaumann
 

More from Jan Schaumann (16)

The Razors Edge - Cutting your TLS Baggage
The Razors Edge - Cutting your TLS BaggageThe Razors Edge - Cutting your TLS Baggage
The Razors Edge - Cutting your TLS Baggage
 
OpSec101
OpSec101OpSec101
OpSec101
 
Know Your Enemy - An Introduction to Threat Modeling
Know Your Enemy - An Introduction to Threat ModelingKnow Your Enemy - An Introduction to Threat Modeling
Know Your Enemy - An Introduction to Threat Modeling
 
Crazy Like A Fox - #Infosec Ideas That Just Might Work
Crazy Like A Fox - #Infosec Ideas That Just Might WorkCrazy Like A Fox - #Infosec Ideas That Just Might Work
Crazy Like A Fox - #Infosec Ideas That Just Might Work
 
It's the people, stupid.
It's the people, stupid.It's the people, stupid.
It's the people, stupid.
 
Semper Ubi Sub Ubi - Things They Don't Teach You In School
Semper Ubi Sub Ubi - Things They Don't Teach You In SchoolSemper Ubi Sub Ubi - Things They Don't Teach You In School
Semper Ubi Sub Ubi - Things They Don't Teach You In School
 
Everything is Awful (And You're Not Helping)
Everything is Awful (And You're Not Helping)Everything is Awful (And You're Not Helping)
Everything is Awful (And You're Not Helping)
 
Defense at Scale
Defense at ScaleDefense at Scale
Defense at Scale
 
Primum non nocere - Ethical Obligations in Internet Operations
Primum non nocere - Ethical Obligations in Internet OperationsPrimum non nocere - Ethical Obligations in Internet Operations
Primum non nocere - Ethical Obligations in Internet Operations
 
Protecting Data in Untrusted Locations
Protecting Data in Untrusted LocationsProtecting Data in Untrusted Locations
Protecting Data in Untrusted Locations
 
Headless Host Scanning
Headless Host ScanningHeadless Host Scanning
Headless Host Scanning
 
Ipv6 basics
Ipv6 basicsIpv6 basics
Ipv6 basics
 
L3DSR - Overcoming Layer 2 Limitations of Direct Server Return Load Balancing
L3DSR - Overcoming Layer 2 Limitations of Direct Server Return Load BalancingL3DSR - Overcoming Layer 2 Limitations of Direct Server Return Load Balancing
L3DSR - Overcoming Layer 2 Limitations of Direct Server Return Load Balancing
 
Building better tools
Building better toolsBuilding better tools
Building better tools
 
Useless use of *
Useless use of *Useless use of *
Useless use of *
 
DST @ Yahoo!
DST @ Yahoo!DST @ Yahoo!
DST @ Yahoo!
 

Recently uploaded

How to write a Business Continuity Plan
How to write a Business Continuity PlanHow to write a Business Continuity Plan
How to write a Business Continuity PlanDatabarracks
 
[Webinar] SpiraTest - Setting New Standards in Quality Assurance
[Webinar] SpiraTest - Setting New Standards in Quality Assurance[Webinar] SpiraTest - Setting New Standards in Quality Assurance
[Webinar] SpiraTest - Setting New Standards in Quality AssuranceInflectra
 
Scale your database traffic with Read & Write split using MySQL Router
Scale your database traffic with Read & Write split using MySQL RouterScale your database traffic with Read & Write split using MySQL Router
Scale your database traffic with Read & Write split using MySQL RouterMydbops
 
Time Series Foundation Models - current state and future directions
Time Series Foundation Models - current state and future directionsTime Series Foundation Models - current state and future directions
Time Series Foundation Models - current state and future directionsNathaniel Shimoni
 
Sample pptx for embedding into website for demo
Sample pptx for embedding into website for demoSample pptx for embedding into website for demo
Sample pptx for embedding into website for demoHarshalMandlekar2
 
2024 April Patch Tuesday
2024 April Patch Tuesday2024 April Patch Tuesday
2024 April Patch TuesdayIvanti
 
So einfach geht modernes Roaming fuer Notes und Nomad.pdf
So einfach geht modernes Roaming fuer Notes und Nomad.pdfSo einfach geht modernes Roaming fuer Notes und Nomad.pdf
So einfach geht modernes Roaming fuer Notes und Nomad.pdfpanagenda
 
Long journey of Ruby standard library at RubyConf AU 2024
Long journey of Ruby standard library at RubyConf AU 2024Long journey of Ruby standard library at RubyConf AU 2024
Long journey of Ruby standard library at RubyConf AU 2024Hiroshi SHIBATA
 
Testing tools and AI - ideas what to try with some tool examples
Testing tools and AI - ideas what to try with some tool examplesTesting tools and AI - ideas what to try with some tool examples
Testing tools and AI - ideas what to try with some tool examplesKari Kakkonen
 
Modern Roaming for Notes and Nomad – Cheaper Faster Better Stronger
Modern Roaming for Notes and Nomad – Cheaper Faster Better StrongerModern Roaming for Notes and Nomad – Cheaper Faster Better Stronger
Modern Roaming for Notes and Nomad – Cheaper Faster Better Strongerpanagenda
 
Potential of AI (Generative AI) in Business: Learnings and Insights
Potential of AI (Generative AI) in Business: Learnings and InsightsPotential of AI (Generative AI) in Business: Learnings and Insights
Potential of AI (Generative AI) in Business: Learnings and InsightsRavi Sanghani
 
Genislab builds better products and faster go-to-market with Lean project man...
Genislab builds better products and faster go-to-market with Lean project man...Genislab builds better products and faster go-to-market with Lean project man...
Genislab builds better products and faster go-to-market with Lean project man...Farhan Tariq
 
The Future Roadmap for the Composable Data Stack - Wes McKinney - Data Counci...
The Future Roadmap for the Composable Data Stack - Wes McKinney - Data Counci...The Future Roadmap for the Composable Data Stack - Wes McKinney - Data Counci...
The Future Roadmap for the Composable Data Stack - Wes McKinney - Data Counci...Wes McKinney
 
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptxThe Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptxLoriGlavin3
 
TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024Lonnie McRorey
 
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptxMerck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptxLoriGlavin3
 
New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024BookNet Canada
 
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptx
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptxPasskey Providers and Enabling Portability: FIDO Paris Seminar.pptx
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptxLoriGlavin3
 
Enhancing User Experience - Exploring the Latest Features of Tallyman Axis Lo...
Enhancing User Experience - Exploring the Latest Features of Tallyman Axis Lo...Enhancing User Experience - Exploring the Latest Features of Tallyman Axis Lo...
Enhancing User Experience - Exploring the Latest Features of Tallyman Axis Lo...Scott Andery
 
(How to Program) Paul Deitel, Harvey Deitel-Java How to Program, Early Object...
(How to Program) Paul Deitel, Harvey Deitel-Java How to Program, Early Object...(How to Program) Paul Deitel, Harvey Deitel-Java How to Program, Early Object...
(How to Program) Paul Deitel, Harvey Deitel-Java How to Program, Early Object...AliaaTarek5
 

Recently uploaded (20)

How to write a Business Continuity Plan
How to write a Business Continuity PlanHow to write a Business Continuity Plan
How to write a Business Continuity Plan
 
[Webinar] SpiraTest - Setting New Standards in Quality Assurance
[Webinar] SpiraTest - Setting New Standards in Quality Assurance[Webinar] SpiraTest - Setting New Standards in Quality Assurance
[Webinar] SpiraTest - Setting New Standards in Quality Assurance
 
Scale your database traffic with Read & Write split using MySQL Router
Scale your database traffic with Read & Write split using MySQL RouterScale your database traffic with Read & Write split using MySQL Router
Scale your database traffic with Read & Write split using MySQL Router
 
Time Series Foundation Models - current state and future directions
Time Series Foundation Models - current state and future directionsTime Series Foundation Models - current state and future directions
Time Series Foundation Models - current state and future directions
 
Sample pptx for embedding into website for demo
Sample pptx for embedding into website for demoSample pptx for embedding into website for demo
Sample pptx for embedding into website for demo
 
2024 April Patch Tuesday
2024 April Patch Tuesday2024 April Patch Tuesday
2024 April Patch Tuesday
 
So einfach geht modernes Roaming fuer Notes und Nomad.pdf
So einfach geht modernes Roaming fuer Notes und Nomad.pdfSo einfach geht modernes Roaming fuer Notes und Nomad.pdf
So einfach geht modernes Roaming fuer Notes und Nomad.pdf
 
Long journey of Ruby standard library at RubyConf AU 2024
Long journey of Ruby standard library at RubyConf AU 2024Long journey of Ruby standard library at RubyConf AU 2024
Long journey of Ruby standard library at RubyConf AU 2024
 
Testing tools and AI - ideas what to try with some tool examples
Testing tools and AI - ideas what to try with some tool examplesTesting tools and AI - ideas what to try with some tool examples
Testing tools and AI - ideas what to try with some tool examples
 
Modern Roaming for Notes and Nomad – Cheaper Faster Better Stronger
Modern Roaming for Notes and Nomad – Cheaper Faster Better StrongerModern Roaming for Notes and Nomad – Cheaper Faster Better Stronger
Modern Roaming for Notes and Nomad – Cheaper Faster Better Stronger
 
Potential of AI (Generative AI) in Business: Learnings and Insights
Potential of AI (Generative AI) in Business: Learnings and InsightsPotential of AI (Generative AI) in Business: Learnings and Insights
Potential of AI (Generative AI) in Business: Learnings and Insights
 
Genislab builds better products and faster go-to-market with Lean project man...
Genislab builds better products and faster go-to-market with Lean project man...Genislab builds better products and faster go-to-market with Lean project man...
Genislab builds better products and faster go-to-market with Lean project man...
 
The Future Roadmap for the Composable Data Stack - Wes McKinney - Data Counci...
The Future Roadmap for the Composable Data Stack - Wes McKinney - Data Counci...The Future Roadmap for the Composable Data Stack - Wes McKinney - Data Counci...
The Future Roadmap for the Composable Data Stack - Wes McKinney - Data Counci...
 
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptxThe Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
 
TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024
 
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptxMerck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptx
 
New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
 
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptx
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptxPasskey Providers and Enabling Portability: FIDO Paris Seminar.pptx
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptx
 
Enhancing User Experience - Exploring the Latest Features of Tallyman Axis Lo...
Enhancing User Experience - Exploring the Latest Features of Tallyman Axis Lo...Enhancing User Experience - Exploring the Latest Features of Tallyman Axis Lo...
Enhancing User Experience - Exploring the Latest Features of Tallyman Axis Lo...
 
(How to Program) Paul Deitel, Harvey Deitel-Java How to Program, Early Object...
(How to Program) Paul Deitel, Harvey Deitel-Java How to Program, Early Object...(How to Program) Paul Deitel, Harvey Deitel-Java How to Program, Early Object...
(How to Program) Paul Deitel, Harvey Deitel-Java How to Program, Early Object...
 

PGP for Smarties Guide

  • 1. PGP for Smarties PGP for Smarties Jan Schaumann <jschauma@etsy.com> B60D A9F7 0D89 544A 7995 7D25 5A5B 4375 275F 0BB5 http://etsy.me/TF8k2c @jschauma Wednesday, September 5, 12
  • 2. PGP for Smarties http://etsy.me/N1UIjg 2 08/28/12 Wednesday, September 5, 12
  • 3. PGP for Smarties http://etsy.me/Tkbefn 3 08/28/12 Wednesday, September 5, 12
  • 4. PGP for Smarties Common threats to security: 4 08/28/12 Wednesday, September 5, 12
  • 5. PGP for Smarties PGP stands for… http://etsy.me/SYTYfA 5 08/28/12 Wednesday, September 5, 12
  • 6. PGP for Smarties PGP stands for… The Pacific Golden Plover (Pluvialis fulva) is a medium-sized plover. http://etsy.me/SYTYfA 5 08/28/12 Wednesday, September 5, 12
  • 7. PGP for Smarties Pretty Good Privacy http://etsy.me/SYVdeP 6 08/28/12 Wednesday, September 5, 12
  • 8. PGP for Smarties Pretty Bad Privacy http://etsy.me/hHFUdi 7 08/28/12 Wednesday, September 5, 12
  • 9. PGP for Smarties Definitions “PGP” == “Pretty Good Privacy” 8 08/28/12 Wednesday, September 5, 12
  • 10. PGP for Smarties Definitions “PGP” == “Pretty Good Privacy” “OpenPGP” is a standard to provide encryption, decryption, signing, and key management functions. (RFC4880) 8 08/28/12 Wednesday, September 5, 12
  • 11. PGP for Smarties Definitions “PGP” == “Pretty Good Privacy” “OpenPGP” is a standard to provide encryption, decryption, signing, and key management functions. (RFC4880) “GnuPG” == “GNU Privacy Guard” aka “gpg” 8 08/28/12 Wednesday, September 5, 12
  • 12. PGP for Smarties OpenPGP • uses a combination of strong public-key and symmetric cryptography • provides security services for electronic communications and data storage – authentication (via digital signatures) – confidentiality (via encryption) – integrity (via digital signatures) – key management – expiration 9 08/28/12 Wednesday, September 5, 12
  • 13. PGP for Smarties Buzzword Bingo 10 08/28/12 Wednesday, September 5, 12
  • 14. PGP for Smarties Buzzword Bingo http://etsy.me/iFfqUa 10 08/28/12 Wednesday, September 5, 12
  • 15. PGP for Smarties Buzzword Bingo http://etsy.me/SZ1G9q http://etsy.me/iFfqUa 10 08/28/12 Wednesday, September 5, 12
  • 16. PGP for Smarties Buzzword Bingo http://etsy.me/SZ1G9q http://etsy.me/iFfqUa http://etsy.me/N20IIG 10 08/28/12 Wednesday, September 5, 12
  • 17. PGP for Smarties Buzzword Bingo http://etsy.me/SZ1G9q http://etsy.me/iFfqUa http://etsy.me/N20IIG http://etsy.me/TAHXKG 10 08/28/12 Wednesday, September 5, 12
  • 18. PGP for Smarties Buzzword Bingo http://etsy.me/SZ1G9q http://etsy.me/iFfqUa http://etsy.me/N20IIG http://etsy.me/TAIEUh http://etsy.me/TAHXKG 10 08/28/12 Wednesday, September 5, 12
  • 19. PGP for Smarties Buzzword Bingo http://etsy.me/SZ1G9q http://etsy.me/iFfqUa http://etsy.me/N20IIG http://etsy.me/MHNUDQ http://etsy.me/TAIEUh http://etsy.me/TAHXKG 10 08/28/12 Wednesday, September 5, 12
  • 20. PGP for Smarties http://etsy.me/uLLUaI 11 08/28/12 Wednesday, September 5, 12
  • 21. PGP for Smarties What's this, then? B60D A9F7 0D89 544A 7995 7D25 5A5B 4375 275F 0BB5 12 08/28/12 Wednesday, September 5, 12
  • 22. PGP for Smarties What's this, then? B60D A9F7 0D89 544A 7995 7D25 5A5B 4375 275F 0BB5 http://etsy.me/iFfqUa 12 08/28/12 Wednesday, September 5, 12
  • 23. PGP for Smarties In general: • people who work together need to occasionally share secrets 13 08/28/12 Wednesday, September 5, 12
  • 24. PGP for Smarties In general: • people who work together need to occasionally share secrets • people who work together need to occasionally share secrets across physical distances 13 08/28/12 Wednesday, September 5, 12
  • 25. PGP for Smarties In general: • people who work together need to occasionally share secrets • people who work together need to occasionally share secrets across physical distances • people who work together need to occasionally share secrets across physical distances and timezones 13 08/28/12 Wednesday, September 5, 12
  • 26. PGP for Smarties In general: • people who work together need to occasionally share secrets • people who work together need to occasionally share secrets across physical distances • people who work together need to occasionally share secrets across physical distances and timezones • people who work together don't always work together 13 08/28/12 Wednesday, September 5, 12
  • 27. PGP for Smarties In general: • people who work together need to occasionally share secrets • people who work together need to occasionally share secrets across physical distances • people who work together need to occasionally share secrets across physical distances and timezones • people who work together don't always work together • people need to store secrets: • store it on a computer system owned by your company => multiple users besides you have full access • store it on a computer system owned by yourself => company-related information leaked 13 08/28/12 Wednesday, September 5, 12
  • 28. PGP for Smarties In general: § people need to communicate securely http://etsy.me/TAORQb 14 08/28/12 Wednesday, September 5, 12
  • 29. PGP for Smarties In general: § people need to communicate securely http://etsy.me/TAORQb • people need to store date securely http://etsy.me/SZ4Qdd 14 08/28/12 Wednesday, September 5, 12
  • 30. PGP for Smarties Common threats to security: 16 08/28/12 Wednesday, September 5, 12
  • 31. PGP for Smarties Cryptography may provide: § secrecy or confidentiality § accuracy or integrity § authenticity 17 08/28/12 Wednesday, September 5, 12
  • 32. PGP for Smarties Why we want secrecy: 18 08/28/12 Wednesday, September 5, 12
  • 33. PGP for Smarties Why we want integrity: Date: Sat, 23 Jun 2012 11:59:40 -0400 From: Chad Dickerson <chad@etsy.com> To: Jan Schaumann <jschauma@etsy.com> Subject: Important X-Mailer: iPad Mail (9B206) Jan, Can you disable Allspaw’s VPN access? We’ll have to let him go. Also, party at my place, byob. Chad Sent from my iPad 19 08/28/12 Wednesday, September 5, 12
  • 34. PGP for Smarties Why we want integrity: Date: Sat, 23 Jun 2012 11:59:40 -0400 From: Chad Dickerson <chad@etsy.com> To: Jan Schaumann <jschauma@etsy.com> Subject: Important X-Mailer: iPad Mail (9B206) Jan, Can you get Allspaw’s jacket size? We’re planning a surprise gift. Also, party at my place, byob. Chad Sent from my iPad 19 08/28/12 Wednesday, September 5, 12
  • 35. PGP for Smarties Why we want authenticity: Date: Sat, 23 Jun 2012 11:59:40 -0400 From: Chad Dickerson <chad@etsy.com> To: Jan Schaumann <jschauma@etsy.com> Subject: Important X-Mailer: iPad Mail (9B206) Jan, Can you disable Allspaw’s VPN access? We’ll have to let him go. Also, party at my place, byob. Chad Sent from my iPad 19 08/28/12 Wednesday, September 5, 12
  • 36. PGP for Smarties Symmetric- or private-key cryptography http://etsy.me/TASe9N 21 08/28/12 Wednesday, September 5, 12
  • 37. PGP for Smarties Symmetric- or private-key $ cat secret Oehpr Fpuarvre rkcrpgf gur Fcnavfu Vadhvfvgvba. $ 22 08/28/12 Wednesday, September 5, 12
  • 38. PGP for Smarties Symmetric- or private-key $ cat secret Oehpr Fpuarvre rkcrpgf gur Fcnavfu Vadhvfvgvba. $ rot13 <secret Bruce Schneier expects the Spanish Inquisition. $ 22 08/28/12 Wednesday, September 5, 12
  • 39. PGP for Smarties Symmetric- or private-key $ cat secret Oehpr Fpuarvre rkcrpgf gur Fcnavfu Vadhvfvgvba. $ rot13 <secret Bruce Schneier expects the Spanish Inquisition. $ http://etsy.me/SZ1G9q 22 08/28/12 Wednesday, September 5, 12
  • 40. PGP for Smarties Asymmetric- or public-key 23 08/28/12 Wednesday, September 5, 12
  • 41. PGP for Smarties Public-key cryptography in a nutshell http://etsy.me/SZ63kK http://etsy.me/TAHXKG http://etsy.me/TAIEUh http://etsy.me/TARe5w 24 08/28/12 Wednesday, September 5, 12
  • 42. PGP for Smarties Public-key cryptography in a nutshell 25 08/28/12 Wednesday, September 5, 12
  • 43. PGP for Smarties Public-key cryptography in a nutshell 26 08/28/12 Wednesday, September 5, 12
  • 44. PGP for Smarties PGP can: • provide secrecy or confidentiality (encryption) • provide accuracy or integrity (checksum) • provide authenticity (signature + WoT) 27 08/28/12 Wednesday, September 5, 12
  • 45. PGP for Smarties PGP can NOT: • magically imply "security" • know by itself whom to trust (or not) • figure out how or when to share secrets • protect you from all threats 28 08/28/12 Wednesday, September 5, 12
  • 46. PGP for Smarties Yahoo! Presentation, Confidential 29 08/28/12 Wednesday, September 5, 12
  • 47. PGP for Smarties Common threats to security: https://xkcd.com/399/ 30 08/28/12 Wednesday, September 5, 12
  • 48. PGP for Smarties Common threats to security: $ man gpg | rman -t ascii | egrep -- "^[ ]*--[^ ]+$" | sort -u | wc –l 167 $ 31 08/28/12 Wednesday, September 5, 12
  • 49. PGP for Smarties 32 08/28/12 Wednesday, September 5, 12
  • 50. PGP for Smarties Keypair generation $ gpg --gen-key [...] Real name: Jan Schaumann Email address: jschauma@etsy.com [...] You need a Passphrase to protect your secret key. [...] pub 2048R/275F0BB5 2012-04-24 Key fingerprint = B60D A9F7 0D89 544A 7995 7D25 5A5B 4375 275F 0BB5 uid Jan Schaumann <jschauma@etsy.com> [...] $ 33 08/28/12 Wednesday, September 5, 12
  • 51. PGP for Smarties Keypair generation $ gpg --gen-key [...] Real name: Jan Schaumann Email address: jschauma@etsy.com [...] You need a Passphrase to protect your secret key. [...] pub 2048R/275F0BB5 2012-04-24 Key fingerprint = B60D A9F7 0D89 544A 7995 7D25 5A5B 4375 275F 0BB5 uid Jan Schaumann <jschauma@etsy.com> [...] $ $ ls ~/.gnupg/*ring.gpg /Users/jschauma/.gnupg/pubring.gpg /Users/jschauma/.gnupg/secring.gpg 33 08/28/12 Wednesday, September 5, 12
  • 52. PGP for Smarties Common threats to security: https://xkcd.com/538/ 34 08/28/12 Wednesday, September 5, 12
  • 53. PGP for Smarties Revocation Certificate $ gpg --output 275F0BB5-revocation-cert --gen-revoke 275F0BB5 sec 2048R/275F0BB5 2012-04-24 Jan Schaumann <jschauma@etsy.com> [...] You need a passphrase to unlock the secret key for user: "Jan Schaumann <jschauma@etsy.com>" 2048-bit RSA key, ID 275F0BB5, created 2012-04-24 ASCII armored output forced. Revocation certificate created. Please move it to a medium which you can hide away; if Mallory gets access to this certificate he can use it to make your key unusable. It is smart to print this certificate and store it away, just in case your media become unreadable. But have some caution: The print system of your machine might store the data and make it available to others! 35 08/28/12 Wednesday, September 5, 12
  • 54. PGP for Smarties Let's have a look... $ gpg --fingerprint jschauma@etsy.com pub 2048R/275F0BB5 2012-04-24 Key fingerprint = B60D A9F7 0D89 544A 7995 7D25 5A5B 4375 275F 0BB5 uid Jan Schaumann <jschauma@etsy.com> sub 2048R/FA19BA98 2012-04-24 $ 36 08/28/12 Wednesday, September 5, 12
  • 55. PGP for Smarties Let's have a look... $ gpg --fingerprint jschauma@etsy.com pub 2048R/275F0BB5 2012-04-24 Key fingerprint = B60D A9F7 0D89 544A 7995 7D25 5A5B 4375 275F 0BB5 uid Jan Schaumann <jschauma@etsy.com> sub 2048R/FA19BA98 2012-04-24 $ $ gpg --export -a 275F0BB5 -----BEGIN PGP PUBLIC KEY BLOCK----- Version: GnuPG v2.0.18 (Darwin) mQENBE+W6hcBCADcP2qrc4tjVjJxvyCNPJZSxDmDLqWzo9KDEer77WeAocYuXC [...] bWxBdIK299dw4wRJi1Z2Ocg/VlZtflDF54ts55EDsQ== =QJlN -----END PGP PUBLIC KEY BLOCK----- 36 08/28/12 Wednesday, September 5, 12
  • 56. PGP for Smarties Wot a lot I got! 37 08/28/12 Wednesday, September 5, 12
  • 57. PGP for Smarties Wot a lot I got! http://etsy.me/iFfqUa 37 08/28/12 Wednesday, September 5, 12
  • 58. PGP for Smarties Wot a lot I got! http://etsy.me/TARe5w http://etsy.me/iFfqUa 37 08/28/12 Wednesday, September 5, 12
  • 59. PGP for Smarties Wot a lot I got! http://etsy.me/TARe5w http://etsy.me/iFfqUa http://etsy.me/TASWnp 37 08/28/12 Wednesday, September 5, 12
  • 60. PGP for Smarties Sharing secrets with Alice $ gpg --encrypt -r alice@etsy.com secret gpg: alice@etsy.com: skipped: public key not found gpg: secret: encryption failed: public key not found $ 38 08/28/12 Wednesday, September 5, 12
  • 61. PGP for Smarties Public-key cryptography in a nutshell 25 08/28/12 Wednesday, September 5, 12
  • 62. PGP for Smarties Sharing secrets with Alice $ gpg --encrypt -r alice@etsy.com secret gpg: alice@etsy.com: skipped: public key not found gpg: secret: encryption failed: public key not found $ $ gpg --list-keys alice gpg: error reading key: public key not found $ 40 08/28/12 Wednesday, September 5, 12
  • 63. PGP for Smarties Sharing secrets with Alice $ gpg --encrypt -r alice@etsy.com secret gpg: alice@etsy.com: skipped: public key not found gpg: secret: encryption failed: public key not found $ $ gpg --list-keys alice gpg: error reading key: public key not found $ $ gpg --search-keys alice@etsy.com gpg: searching for "alice@etsy.com" from hkp server keys.gnupg.net gpg: key "alice@etsy.com" not found on keyserver $ 40 08/28/12 Wednesday, September 5, 12
  • 64. PGP for Smarties Sharing secrets with Alice $ gpg --search-keys alice gpg: searching for "alice" from hkp server keys.gnupg.net (1) Alice Cooper <alice@etsy.com> 2048 bit RSA key AB123456, created: 2009-11-25 Keys 1-1 of 1 for "alice". Enter number(s), N)ext, or Q)uit > 1 gpg: requesting key AB123456 from hkp server keys.gnupg.net gpg: key AB123456: public key ”Alice Cooper” <alice@etsy.com>" imported gpg: Total number processed: 1 gpg: imported: 1 $ 42 08/28/12 Wednesday, September 5, 12
  • 65. PGP for Smarties Sharing secrets with Alice $ gpg --encrypt -r alice@etsy.com secret gpg: AB123456: There is no assurance this key belongs to the named user pub 2048g/AB123456 1969-08-01 Vincent Damon Furnier <alice@etsy.com> Primary key fingerprint: 666C E666 CC66 6EB6 66DB B0B6 6678 6667 AB12 3456 It is NOT certain that the key belongs to the person named in the user ID. If you *really* know what you are doing, you may answer the next question with yes. Use this key anyway? (y/N) 43 08/28/12 Wednesday, September 5, 12
  • 66. PGP for Smarties Common threats to security: 44 08/28/12 Wednesday, September 5, 12
  • 67. PGP for Smarties Keypair generation $ gpg --gen-key [...] Real name: Chad Dickerson Email address: chad@etsy.com Comment: CEO You selected this USER-ID: ”Chad Dickerson (CEO) <chad@etsy.com>" [...] You need a Passphrase to protect your secret key. [...] pub 2048R/E157FAB8 2006-09-01 Key fingerprint = E2A7 437A 7AB8 6EA1 7E1D F6DC BF09 CDC9 E157 FAB8 uid Chad Dickerson (CEO) <chad@etsy.com> [...] $ gpg --send-keys E157FAB8 gpg: sending key E157FAB8 to hkp server keys.gnupg.net $ 45 08/28/12 Wednesday, September 5, 12
  • 68. PGP for Smarties Key Verification • easily done in person • easiest done if both parties actually know each other • reasonable authentication (for some organizations, anyway – mix and match): • Staff Directory info • IRC handle • shared domain username • email 46 08/28/12 Wednesday, September 5, 12
  • 69. PGP for Smarties Key Verification http://etsy.me/SZ9AQc 50 08/28/12 Wednesday, September 5, 12
  • 70. PGP for Smarties Web of Trust 52 08/28/12 Wednesday, September 5, 12
  • 71. PGP for Smarties 53 08/28/12 Wednesday, September 5, 12
  • 72. PGP for Smarties John Belushi Kevin Bacon 54 08/28/12 Wednesday, September 5, 12
  • 73. PGP for Smarties Donald Sutherland (Animal House) John Belushi Kevin Bacon (Animal House) 55 08/28/12 Wednesday, September 5, 12
  • 74. PGP for Smarties Donald Sutherland (Lost Angels) John Belushi Kevin Bacon Pauly Shore (Lost Angels) 56 08/28/12 Wednesday, September 5, 12
  • 75. PGP for Smarties Andy Dick (In the Army now) Donald Sutherland John Belushi Kevin Bacon Pauly Shore (In the Army now) 57 08/28/12 Wednesday, September 5, 12
  • 76. PGP for Smarties Andy Dick (Zoolander) Claudia Schiffer (Zoolander) Donald Sutherland John Belushi Kevin Bacon Pauly Shore 58 08/28/12 Wednesday, September 5, 12
  • 77. PGP for Smarties Andy Dick Claudia Schiffer (Life without Dick) Donald Sutherland John Belushi Kevin Bacon Sarah Jessica Parker (Life without Dick) Pauly Shore 59 08/28/12 Wednesday, September 5, 12
  • 78. PGP for Smarties Andy Dick Claudia Schiffer Donald Sutherland John Belushi Kevin Bacon (Footlose) Sarah Jessica Parker (Footlose) Pauly Shore 60 08/28/12 Wednesday, September 5, 12
  • 79. PGP for Smarties Andy Dick Claudia Schiffer Donald Sutherland John Belushi Kevin Bacon Sarah Jessica Parker Pauly Shore 61 08/28/12 Wednesday, September 5, 12
  • 80. PGP for Smarties Problems with the Web of Trust 62 08/28/12 Wednesday, September 5, 12
  • 81. PGP for Smarties Better: 63 08/28/12 Wednesday, September 5, 12
  • 82. PGP for Smarties Web of Trust • you have to trust every signing entity in your trustpath • the shorter the trustpath, the better • the more nodes in your WoT, the better • the more edges in your WoT, the better • the fewer leaves, the better • the more signatures a key has, the better 64 08/28/12 Wednesday, September 5, 12
  • 83. PGP for Smarties Key Verification • becomes “Key Signing” • makes no assertion of quality of character, coding skills, weight-lifting abilities, taste in movies, etc • only asserts “I have verified that the key with the fingerprint X belongs to person Y” • nothing else 65 08/28/12 Wednesday, September 5, 12
  • 84. PGP for Smarties Key Signing • retrieve signee’s key • identify signee • signee presents or confirms his/her key’s fingerprint • signer sends encrypted content to email on key • signee decrypts, responds • signer signs and uploads signee’s key 66 08/28/12 Wednesday, September 5, 12
  • 85. PGP for Smarties Long-Distance Key Signing § same as before modulo: § identify signee › by trusted proxy (ie via WoT) › call phone-# (desk + cell) listed in Staff Directory › multi-channel challenge response (Skype+IRC +Email) › control of uid on shared host 67 08/28/12 Wednesday, September 5, 12
  • 86. PGP for Smarties Please sign responsibly! https://www.xkcd.com/364/ 68 08/28/12 Wednesday, September 5, 12
  • 87. PGP for Smarties Wishlist • key generation part of new-hire orientation • manager signs new-hire key on first day • team signs new-hire key on first team meeting • regular keysigning events • sensitive/important data is actually signed • encrypted backups (+ self-restore) • signed packages • … 69 08/28/12 Wednesday, September 5, 12
  • 88. PGP for Smarties Be paranoid! 70 08/28/12 Wednesday, September 5, 12
  • 89. PGP for Smarties Links • http://www.mycrypto.net/encryption/encryption_public.html • http://en.wikipedia.org/wiki/Public-key_cryptography • http://en.wikipedia.org/wiki/Pretty_Good_Privacy • http://www.lysator.liu.se/~jc/wotsap/search.html • http://www.usenix.org/publications/library/proceedings/sec99/ whitten.html • http://oracleofbacon.org/ 71 08/28/12 Wednesday, September 5, 12