Vous êtes sur la page 1sur 14

October 12, 2004

Email Security PGP

MSU

M. Ramkumar

October 12, 2004

Source A
KRa M H EP || Z

EKRa[H(M)]

Destination B
KUa DP M Compare H KRb DP DC Z-1 M

Z-1

(a) Authentication only KUb Ks M Z EC EP ||

EKUb[Ks]

(b) Confidentiality only KUb KRa M H EP || Z EC || Ks EP

EKUb[Ks] KRb DP

EKRa[H(M)]

KUa DP

DC

Z-1

Compare H

(c) Confidentiality and authentication

Figure 15.1 PGP Cryptographic Functions

MSU

M. Ramkumar

October 12, 2004

X file

convert from radix 64 X R641[X]

Signature required? No

Yes

generate signature X signature || X

Confidentiality required? No

Yes

decrypt key, X

K DKRb[EKUb[Ks]] X DK[X]

Compress X Z(X)

Decompress X Z1(X)

Confidentiality required? No

Yes

encrypt key, X X EKUb[Ks] || EKs[X]

Signature required? No

Yes

strip signature from X verify signature

convert to radix 64 X R64[X]

(a) Generic Transmission Diagram (from A)

(b) Generic Reception Diagram (to B)

Figure 15.2 Transmission and Reception of PGP Messages

MSU

M. Ramkumar

October 12, 2004

MSU

M. Ramkumar

October 12, 2004

Content
Key ID of recipient's public key (KUb) Session key (Ks) Timestamp Signature Key ID of sender's public key (KUa) Leading two octets of message digest Message Digest Filename Timestamp Message Data EKRa EKUb

Operation

Session key component

R64

ZIP

EKs

MSU

Notation: EKUb = encryption with user b's public key EKRa = encryption with user a's private key EKs = encryption with session key ZIP = Zip compression function R64 = Radix-64 conversion function

M. Ramkumar

Figure 15.3 General Format of PGP Message (from A to B)

October 12, 2004

MSU

M. Ramkumar

October 12, 2004

Private Key Ring Timestamp Ti Key ID* KUi mod 264 Public Key KUi Public Key Ring Timestamp Ti Key ID* KUi mod 264 Public Key Kui Owner Trust trust_flagi User ID* User i Key Legitimacy trust_flagi Signature(s) Signature Trust(s) Encrypted Private Key EH(Pi)[KRi] User ID* User i

* = field used to index table

Figure 15.4 General Structure of Private and Public Key Rings

MSU

M. Ramkumar

October 12, 2004

Public key ring passphrase Private key ring IDA select encrypted private key Key ID private key KRa message digest RNG public key KUb

IDB

select Key ID

DC

H Message M

EP

||

session key Ks signature + message

message

EP
encrypted signature + message

||

Output

EC

Figure 15.5 PGP Message Generation (from User A to User B; no compression or radix 64 conversion)

MSU

M. Ramkumar

October 12, 2004

passphrase Private key ring select encrypted private key

H
Public key ring select

DC
private key KRb public key KUa
sender's Key ID Encrypted digest

receiver's Key ID Encrypted session key

DP
session key Ks

encrypted message + signature

DP
Compare

DC
message

H
Figure 15.6 PGP Message Reception (from User A to User B; no compression or radix 64 conversion)

MSU

M. Ramkumar

October 12, 2004

10

You

?
G H

?
X Y

P
= unknown signatory = X is signed by Y = key's owner is trusted by you to sign keys = key's owner is partly trusted by you to sign keys = key is deemed legitimate by you

Figure 15.7 PGP Trust Model Example

MSU

M. Ramkumar

October 12, 2004

11

the brown fox jumped over the brown foxy jumping frog
26 13 5 27
0b26d13d

the brown fox jumped over

0b27d5d

ing frog

Figure 15.9 Example of LZ77 Scheme

MSU

M. Ramkumar

October 12, 2004

12

Shift source text Discard Sliding History Buffer Look-Ahead Buffer Output compressed text (a) General structure Source

he brown fox jumped over the brown foxy

jumping frog

own fox jumped over the brown foxy jump

ing frog

(b) Example

Figure 15.10 LZ77 Scheme

MSU

M. Ramkumar

October 12, 2004

13

24 bits

R64

R64

R64

R64

4 characters = 32 bits

Figure 15.11 Printable Encoding of Binary Data into Radix-64 Format

MSU

M. Ramkumar

October 12, 2004

14

dtbuf

E
rseed

rseed

E E

rseed

E E

rseed

E
rbuf

rbuf

rbuf

K[16..23]

K[8..15]

K[0..7]

Figure 15.12 PGP Session Key and IV Generation (steps G2 through G8)

MSU

M. Ramkumar

Vous aimerez peut-être aussi