ECE-6612http://www.ece.gatech.edu/~copeland/jac/6612/

Prof. John A. Copelandjohn.copeland@ece.gatech.edu

404 894-5177fax 404 894-0035

Office: Klaus 3362MWF after class; email or call for office visit

Chapter 5a - Pretty Good Privacy (PGP) Email(aka GPG or GnuPG - Gnu Privacy Guard)

Electronic Mail

In 1982, ARPANET email proposals were published as RFC

821 (www.ietf.org/rfc/rfc0821.txt) and RFC 822

• Email services since are based on these RFC's (+ many later)

• CCITT X.400 & ISO MOTIS grew and waned as competitors

• "User Agents" UA, and "Message Transfer Agents" MTA

Three parts to an email message:

• Envelope - information used to forward the contents

• Header - standard strings, some added in route.

> To: Cc: Bcc: From: Sender:

> Received: (added in route), Return-Path: (by final MTA)

> MIME headers added by RFC 1341 and 1521

> A. S. Tanenbaum, "Computer Networks," (3rd ed.) p.651 2

MIME HeadersMultipurpose Internet Mail Extensions (MIME)

RFC 1341 and RFC 1521

• MIME -Version: version number

• Content-Description: human-readable string

• Content-ID: unique identifier

• Content-Transfer-Encoding: body encoding

> ASCII (Plain, quoted-printable, or Richtext)> Binary (base64)

• Content-Type: nature of the message

> Image (gif, jpeg), Video (mpeg), > Application (Postscript, octet-stream)

> A.S.Tanenbaum, "Computer Networks," (3rd ed.) p.653 3

Received: from didier.ee.gatech.edu (didier.ee.gatech.edu[130.207.230.10]) by eagle.gcatt.gatech.edu (8.8.8+Sun/8.7.1) with

ESMTP id UAA00818 for <copeland@eagle.gcatt.gatech.edu>; Fri, 30 Jul1999 20:00:35 -0400 (EDT)

Received: from bwnewsletter.com (gw2.mcgraw-hill.com [198.45.19.20])by didier.ee.gatech.edu (8.9.0/8.9.0) with ESMTP id UAA16500

for <jcopeland@ece.gatech.edu>; Fri, 30 Jul 1999 20:00:33 -0400 (EDT)

Received: from NOP (152.159.60.175) by bwnewsletter.com with SMTP(Eudora Internet Mail Server 2.1); Fri, 30 Jul 1999 16:24:21 -0400

Message-Id: <1.5.4.32.19990730202137.00672900@businessweek.com>X-Sender: mustread@businessweek.com (Unverified)X-Mailer: Windows Eudora Light Version 1.5.4 (32)

Mime-Version: 1.0Date: Fri, 30 Jul 1999 16:21:37 -0400

To: bwnewsletter@bwnewsletter.com (note: I was on a Bcc: list)From: BW Online <insider@businessweek.com>Subject: BUSINESS WEEK ONLINE INSIDER -- July 30Content-Type: text/plain; charset="us-ascii"

Content-Length: 7694 4

The last “Received:” line identifies the sender’s IP*

*Gmail and Yahoo now hide this information on email from a customer

$ nslookup -q=MX ee.gatech.edu (nslookup -> host)

ee.gatech.edu preference = 10,

mail exchanger = mail.ee.gatech.edu

ee.gatech.edu nameserver = eeserv.ee.gatech.edu

ee.gatech.edu nameserver = duchess.ee.gatech.edu

ee.gatech.edu nameserver = didier.ee.gatech.edu

mail.ee.gatech.edu internet address = 130.207.230.10

eeserv.ee.gatech.edu internet address = 130.207.230.5

duchess.ee.gatech.edu internet address = 130.207.230.13

didier.ee.gatech.edu internet address = 130.207.230.10 5

$ nslookup -q=mx mcgraw-hill.com

Non-authoritative answer:mcgraw-hill.com preference = 20, mail exchanger =

interlock.mgh.com

Authoritative answers can be found from:mcgraw-hill.com nameserver = NS-01A.ANS.NETmcgraw-hill.com nameserver = NS-01B.ANS.NETmcgraw-hill.com nameserver = NS-02A.ANS.NETmcgraw-hill.com nameserver = NS-02B.ANS.NET

NS-01A.ANS.NET internet address = 199.221.47.7NS-01B.ANS.NET internet address = 199.221.47.8NS-02A.ANS.NET internet address = 207.24.245.179NS-02B.ANS.NET internet address = 207.24.245.178

6

$ nslookup 198.45.19.20 [can also use “host” or “dig”]Name: gw2.mcgraw-hill.comAddress: 198.45.19.20

$ nslookup 152.159.60.175

*** can't find 152.159.60.175: Non-existent host/domain

$ traceroute 152.159.60.175 [on MS Windows, open DOS, type “tracert”]

1 24.88.12.129 (24.88.12.129 ): 17ms 2 stn-mtn-rtrb.atl.mediaone.net. (24.88.0.254 ): 18ms

3 24.93.64.69 (24.93.64.69 ): 20ms 4 24.93.64.61 (24.93.64.61 ): 17ms 5 24.93.64.57 (24.93.64.57 ): 25ms

6 sgarden-sa-gsr.carolina.rr.com. (24.93.64.30 ): 26ms 7 roc-gsr-greensboro-gsr.carolina. (24.93.64.17 ): 29ms

8 24.93.64.45 (24.93.64.45 ): 38ms 9 sjbrt01-vnbrt01.rr.com. (24.128.6.6 ): 41ms10 pnbrt01-vnbrt01.rr.com. (24.128.6.85 ): 42ms11 p217.t3.ans.net. (192.157.69.52 ): 51ms

12 h13-1.t32-0.new-york.t3.ans.net. (140.223.33.21 ): 49ms13 f0-0.cnss33.new-york.t3.ans.net. (140.222.32.193 ): 53ms14 s0.enss3339.t3.ans.net. (199.222.77.70 ): 61ms

15 * * * 16 * * *

7

$ whois 152.159.60.175

OrgName: McGraw Hill, IncOrgID: MCGRAWAddress: 148 Princeton Htstown RdCity: HightstownStateProv: NJPostalCode: 08520Country: US

NetRange: 152.159.0.0 - 152.159.255.255CIDR: 152.159.0.0/16NetName: MHP-NETNameServer: AUTH111.NS.UU.NETNameServer: AUTH120.NS.UU.NETComment:RegDate: 1992-03-18Updated: 2004-04-01

RTechHandle: MW1053-ARINRTechName: Weyman, MikeRTechPhone: +1-555609-426-5291RTechEmail: mike_weyman@mgh.com

RTechHandle: JGE8-ARINRTechName: Gervasio, JohnRTechPhone: +1-555-426-5017RTechEmail: john_gervasio@mgh.com

OrgTechHandle: HOSTM339-ARINOrgTechName: hostmasterOrgTechPhone: +1-555-426-5291OrgTechEmail: hostmaster@mgh.com

# ARIN WHOIS database, last updated 2006-09-24 19:10# Enter ? for additional hints on searching ARIN's WHOIS database. 8

Security Services for Email

Privacy - only read by intended recipient (confidentiality, access, authorization)

Authentication - confidence in ID of sender

Integrity - assurance of no data alteration

Non-repudiation - proof that sender sent it (attribution)

Less Common:

Proof of submission - was sent to email server

Proof of delivery - was received by addressee

9

10

Investigating Email You Receive

Look at “Raw” or “Source” Message to see:HeadersHTML Links

InvestigateSource (who sent it) -

“Lowest Received:” headerActive Links in

<a href= “http://{IP or URL}”>, {text} </a> Image Links in

<img src=“{URL or filename}” </img> Programs to Use

nslookup - IP from URL, or URL from IPwhois - Register of domain (not URL)traceroute - path of packets through routers

PrivacyEstablishing Keys

• Public Key Certification

• Exchange Public Keys

Multiple Recipients • Encrypt message m with session key, S

• Encrypt S with each recipient's key

• Send: {S; Kbob}, {S; Kann}, ... , {m; S}

Authentication of Source

• Hash (MD4, MD5, SHA1) of message, encrypt withprivate key (provides ciphertext/plaintext pair)

• Secret Key K: MIC is hash of K+m, or CBC residuewith K (assuming message not encrypted with K). 11

Message IntegrityThe source authentication methods thatinclude a hash of the message provide MIC

Non-repudiationPrivate-key signing provides non-repudiation.

Secret-key method requires a "Notary" to"Sign" a time-stamp + hash of the message

Proof of DeliveryAcknowledge before reading - can't prove m was read.

Acknowledge after - may have read without signing.

12

Names and AddressesX.500 Name (ISO standard)

• ?/C=US/O=CIA/OU=drugs/PN='Manny Norriega'

Internet Name

• m_noriega@mail.drugpc.cia.gov or manny@cia.gov

• <user account name> @ <DNS host name or alias>

• using the alias "mail" lets mail server program bemoved from one host to another

• in gatech.edu domain, "mail" is an alias for"vip1.ecc".

Old message - later Non-reputiation• Need Notary to sign hash of message, Certificate

used to authenticate Public Key, and current CRL13

From "PGP Freeware for MacOS, User's Guide" Version 6.5, Network Associates, Inc., www.pgp.com14

PGP Email:Sign (optional)

before Encryption(also optional)

From "PGP Freeware for MacOS, User's Guide" Version 6.5, Network Associates, Inc., www.pgp.com

with signatureattached ifthere is one

R64 EncodingHow PGP Encryption Works

15

16

1. ZIP Compress2. Encrypt with Session Key3. Encode to text with R64

PGP Format

Public key

Private key

Sender

17

PGP Email Receiver

Public Key RingPrivate Key Ring

p.144-145 ed.3

Typed Passphrase

R64 Decode to binary

ZIP Decompress

Receiver’sPrivate Key

Session Key

Sender’sPublic Key

Check Signature Message

H - HashDC - Symmetric DecryptionDP - Pub./Priv. Decryption

011001001011010101101010

18

R64 Encode: Every 3 bytes split into 4 6-bit numbers

n = 0 to 63

printable characters a-z A-Z 0-9 + /

in a received message, “=“, “>”, CR, LF, ... are ignored

01011001 01001011 01010101 01101010

* for most 6-bit inputs, R64(n) just adds 64 (puts an “01” in front)

*

19

ASCII Characters used for R64 Encoding

= used to pad

To: ”Jim Jones" <jim_jones@hotmail.com>From: John Copeland <john.copeland@ece.gatech.edu>Subject: ECE8813 : PGP Endeavor...Cc: Bcc: X-Attachments:

-----BEGIN PGP MESSAGE----- (both 5 –’s required)Version: PGPfreeware 6.5.2 for non-commercial <http://www.pgp.com> (blank line required)qANQR1DBwU4D6cjDU+QAxCwQB/9IZFOIuDSIIQbwa28SQ63DDioFb4bH4bmKfopXcvdDVQ1X53fSJzyLt12RslfQToje8YxRNidYMNg1zDTT7CR9q7LRFoAwBFVtQhWJjFNXn1+aE8oePReMi6vS0DXSSDfgDuUb1R+c8htHoeik6Oebe9R90J3d51yyCojVAHT01kWlpvJIZGKyT3PdCh9wlr1hQsUGto10t32fBGsJCXew/EClb554AnyYSzP8KAjuw1NdKOBlze0DCiO6Z5z+DAxAwlqTxcm42tthF5zFbTk4UKV6ORzIuHmRO7xR5Io5nlM7T11PDaWqsjLr2ttrSySzARt5fAJ9l1mOH+hSl1YebRjZPaxWw+bsYuqNa0GYr2UdwgE1u5HQuhZ+bOIbSliShfKiNuDGHe6VJrchROHnC9Po2JWAOD7wMFq6STZ/MPGzViaCUaaWPLSKleiURUh4Ly5/LaNYkaumO9vh+241FPqtZKqRVmHRg6dYUdgoI3yfc3JrvepFQT1yeRjEVrLQiUtyhcwdVoLjofgerGAfe3YuDCxM6wLIuCf7Ro9edu01qTiXJj25cXHxeNMdA1txLxR3ontbExow+ML5kxs==68Hd-----END PGP MESSAGE----- (both 5 –’s required)

Radix-64 encoding of a binary (all 8-bit bytes) message 6-bits at a time into 64 printable ASCII characters (A-Z, a-z , 0-9, +, / bytes 65-90, 97-122, 48-57, 47, 43) pad with =.

20

21

Public Key Information - PGP Commercial

22

PGP CertificatesAnyone can issue a Certificate to anyone, including themselves. Certificates can be revoked by the issuer, if a Certificate-Server is used that has a Revocation Database.

Where PEM expands data into canonical form,

• (+33% for text, +78% after encryption & R64)

PGP compresses data using ZIP(-50%),encrypts (optional), then converts toR64 encoding (+33%)

Privacy Enhanced Mail, another standard

23

Things of which to be aware• Neither PEM nor PGP encodes mail headers

• Subject can give away useful info

•To and From give an intruder traffic analysis info• PGP gives recipient the original file name and modification date.• PEM may be used in a local system with unknown trustworthiness of certificates

• Certificates often verify that sender is "John Smith" but he may not be the "John Smith” you think. Anyone can copy pictures from the Web)

• Public PGP Key servers allow anyone to send you PGP encrypted mail, but their signature is easily forged. They can give your name & mail address to spammers. Avoid them. Get PGP keys directly from owners. 24

http://www.gnupg.org/

GPGToolshttps://www.gpgtools.org

Includes binaries for GnuPG.

http://www.mozilla.org/en-US/thunderbird/

https://addons.mozilla.org/en-US/thunderbird/addon/enigmail/(Extension for Thunderbird)

Email Program

25

Using GnuPG (PGP)

Install GPGTools : now you have the command line programs available to generate keys, maintain key-chain files, convert text files (.asc) into encrypted and/or signed ciphertext files (.pgp). The .pgp files can be emailed as attachments or, if the are “armored” (R64 encoded,) they can be pasted into the body of an email message.

Install Thunderbird email program. Under the “Tools” menu, select “Add-ons”. In the box at upper right that says “Search all add-ons”, type “Enigmail”. If found, install it; otherwise download the .xpi file from the link on previous slide, and then try again. Once installed you will see in the top Thunderbird menu “OpenPGP” next to “Tools”

26

Using Thunderbird with Enigmail (Open PGP)

Read: http://support.gpgtools.org/kb/how-to/first-steps-where-do-i-start-where-do-i-begin (link) for critical stuff like this:

“You need (to send PGP mail): > a secret key matching the mail address you want to write from (see Mail.app >Settings > Accounts)> the public key of the recipient> recipients and senders mail address have to perfectly match the mail addresses (as IDs) in the keys being used.

Important: For the Encrypt button to become available, you need to enter the recipients mail address - only then will that button be enabled (and only if you have the matching Public Key).”

27

Configuring Thunderbird for GT Mail

Top Menu: File / New / Existing Mail Account ...

Type in your User Name and password. Thunderbird will try to set up the configuration automatically, and fail. Then you can input the following information:

User Name: (your GT id – primary mail name)

Receiving Mail Server Protocol: imap (or pop – if you want to download mail) Server Name: imap.mail.gatech.edu (or pop.mail.gatech.edu) Server Port: 995 Security: SSL/TLS Authentication: Normal Password

Sending Mail Server Protocol: smtp Server Name: smtp.mail.gatech.edu Server Port: 465 Security: SSL/TLS Authentication: Normal Password

28

A PGP Email or .asc File Looks Like This:

29

-----BEGIN PGP MESSAGE-----Version: 9.9.1.287Comment: Do not worry about "UNTRUSTED Good Signature"

qANQR1DBwEwD7GfrZjlPkZ0BB/9YW6/cTpNVkwdyuTmlo/fcTB0lIjy6C4LnUtx210BwJCwdcFHcIkS9Iw0+/9wKNafArxciCwpSM2BBYePksl2JQUf7in8MILirKtd6Foy9yEJmtD5JzaVDF1tYElT9ntzNk2jvcengkD/PhkmEaT+VIY1Cw5Bf5HP6OPOEJ4RqTRjaGjkGrmcP3zywjESzfk0iN2z2mtsDHufFqJ0hvQAusAZ2c5GjK9jUsvHy8gzBW9aFlINHpWL90G3XGtaKfudM9QGTjXIs99Pfdj08jUd/xSn+FsDW6ulhlluWpCwohtN06qN6VvI2vbC3eGV5RCd+5b6iR3O26hY/NOssjI5jwcBOA72/fxTdBTHgEAP8DJVFBQzRjn2RBWr7Bo+zV3DlHXMr9kU02szQ+h4WNU7ffEakhlnwDoqnHvh3QfH/8G7heOlGjM3hITZj8rw66OQ/s4o/8o7N1wERhJYc4/oWOmAopyy8jIliB9AKn90fKWbfrTUrShF1qJdQuLMV0E30lHsKDKDyZ9vhklt2D20D/3Yl0zRlEk4w5x9ci3mZC2XpKsgmttRABg65R1E4tQqPNiQTuL3YrpQfgLT9rMpW5UmyppSuZvD9CpsWIG7I8MT33eY5Eh4twTdErvpXN+uUWDadiPb6J8ifpBfzhuzWhiom7KAI3+4y6OX5sYyyZHtqxNxg6ziZ76B/H+/vaegD0sBrATEJtdnDAipPogZYAzwuQ8PCO985wHuu2aFbPaVqLPMWwwFck3bvV46E49RWIPgkJmpMiimaG236HdQbF4nhZgUjfggGE3cmqP9eChxuV8kyZLIgkh1CaKP/XQSZlpl2js+D0M1Mq6ef4BZ3BNW+TPLjYNGM1Yt/+0NlLn+AxUvZmVNJvuxdeNKIn7jkpK5w466wRaiffujLzwJdzwISIofm7oEp88dPA9udzotKGM+FOHi3tHwPiox+l/PdMv34AlMPY2c2qDEcwBSKAYR8ASBM/nulY6bKwZwbYGlSdxT/FTDb9i32+WuUU7HeUPZvFizUIPwFzPeI8RlkaLdhsElmbPuGar5lC7PMoOHuCnnSB4DdgUEqM5ScJRI6ToGDAjh3XZ9BRwfD0O8==auCB-----END PGP MESSAGE-----

Syntax

Start Comments “1 Blank LineR64 <=78 char.““‘“““““““““““““ (pad =‘s)= ChecksumStop

http://cryptome.org/jya/openpgp-01.htm