PGP managing Key Lecture 007
-
Upload
qaisar-ayub -
Category
Education
-
view
741 -
download
1
description
Transcript of PGP managing Key Lecture 007
Examining and Setting Key Properties
You can view following properties of keys
NameEmail addressValiditySizeKeyIDTrustCreation dateExpiration dateADKStatusKey descriptionKey usage
Working With Photographic IDs
Remove , Delete, Copy
Managing User Names and Email Addresses on a Key
PGP desktop support multiple user names and email addresses on keypair,it help others find your key to send the
encrypted messages.
Delete ?
Importing Keys
Dbl click on the key you want to import (Window explorer)
File->Import
Drag & Drop
Changing Your Passphrase
Select tab PGP keys & select my private keys
Take Properties Click on change passpharase
Deleting Keys, User IDs, and Signatures
Select tab PGP keys & click on all keys
Right click on key and select DELETE
Disabling and Enabling Public Keys
Verifying a Public KeyHow to check the public key belongs to the person you want to communicate
SolutionCheck finger print.Call the person and read the finger print.
NoteFinger prints can be viewed in two ways 1. Unique list of words 2. Hexadecimal numbers
Compare the figure print of key with the original one
Signing a Public KeyOne you are sure the keys belong to the correct person, you can sign that persons public key.This step shows that you have verified the key.
NoteKeys from the backup or from other computer also need to be signed.
Revoking Your Signature from a Public Key
Right click and select REVOKE
Granting Trust for Key Validations
Can define the level of trust on the other keys to show that how well you trustthem act as introducer for others.NoteIf you get a key from some one you don’t know ,but key is signed with a person you show your trust, key is considered to valid.
Working with SubkeysTypes of Keys1. Master Key2. Subkey3. One of More Separate subkeysRelation ship Master keys are used by default for signing Subkeys are used for encryption Separate subkey encryption can be revoked, removed to PGP without
effecting the maser key
NoteFor RSA keypairs Support following subkeys
encryption, signing encryption/signing.
For Diffie-Hellman/DSS keypairs, subkeys encryption or signing You cannot create subkeys that both encrypt and sign.
For older PGP Legacy keypairs, subkeys are not supported.
Creating New Subkeys
Setting the usage of SubkeysEach subkey can have its own key usage properties. one subkey could be used for PGP NetShare
only, and another could be used for all other PGP Desktop functions.
Working with SubkeysRevoking & Removing Subkeys
Working with ADKs
What ?ADK is an encryption key which is used by the security officers of organization to decrypt the Message that have been sent out or received in with in an organization.
Adding an ADK to a Keypair
Take the properties of key pair
Working with ADKsUpdating & Removing ADK’s
Working with RevokersWhat ? Forget your passphrase Lose your keypair Your laptop is stolen or your hard drive crashes, for example). The other users may encrypt your key
Solution is Key Revoker
Supported for Diffie-Hellman/DSS RSA keys.
Appointing a Designated Revoker
Working with RevokersRevoking a Key
Splitting and Rejoining KeysWhat ?
The process in which components of private key is distributed among multiple users This technique is called Balkely-Shamir splitting. Provide high security
Note When need to sign the key all users must be combined to construct the key
Creating a Split Key
When we encrypt the key the shars of the key are stored as file in the encrypted form with shareholder public key.
Rejoining Split KeysWhat ? The process in which components of private key is distributed among multiple users This technique is called Balkely-Shamir splitting. Provide high security
Note When need to sign the key all users must be combined to construct the key
Creating a Split Key
When we encrypt the key the shars of the key are stored as file in the encrypted form with shareholder public key.
Securing Email Messages
7
How PGP Desktop Secures Email Messages
WHAT ?When secure email messaging is enabled , PGP Desktop monitors the email traffic between your email client and your
mail server.NotePGP will encrypt ,sign,decrypt or verify all out going after the configuration
Incoming Messages
Outgoing Messages When ever an out going message is send PGP looks for a key to encrypt the message. For windows system it checks it on All key rings. If it not find the recepnist key their it then by default check the PGP global director for the public key of RECP. If not find then message is send without encryption.
For incoming messages the PGP have the policies to configure. By default these policies are configured to satisfy vast rang of PGP users. You can change the policies according to your requirement
PGP Desktop Secures Email Messages
Message not encrypted or signed PGP does nothing with the content of the messages. Pass message along to email client.
Message not encrypted or signed When PGP sees the message coming to you and is encrypted the PGP tries to decrypt it for you. PGP check local keyring for private key to decrypt the message. If key not found on local keyring the PGP
will not be able to decrypt the message. The message will be passed as it is. If key find in local keyring the PGP will decrypt it if password is cached. Other wise you will be prompted
to enter the password.NOTEPGP MESSAGING PROXY Message signed, but not encrypted
PGP desktop will search the local keyring for a public key that can be used to verify the signature. If PGP can not find the public key on local keyring it will try to search for a key server at keys domain
sender). If not find their then check the PGP Global directory and listed key servers. If PGP find the right key at any
of these locations it verify the message and pass it to the client. If key not find pass the message to client unverified.
Incoming Messages
PGP Desktop Secures Email Messages
Message encrypted and signed Find private key to decrypt the message Find public key to verify the signature
Incoming Messages
Microsoft outlook and PGP
Viewing Services and Policies
Information about one email account on the PGP desktop. PGP desktop will automatically create and configure the service for each email account. In some cases you need to maintain the service of account manually.
Service.
Set of one or more instructions that tells the PGP what to do in specific conditions. Policies are associated with services.
Policy
Specifies that email is both signed and encrypted. When you enable encrypt and sign buttons on outlook express.
Encrypt and signed buttons
Administrative request to mailing list are send in clear (not encrypted).
Mailing list admin request
Submission to mailing list are signed.
Mail List Submissions
Require Encryption: [PGP] Confidential. Specifies that any message flagged as confidential in your email client or containing the text “[PGP]” in the subject line must be encrypted to a valid recipient public key or it cannot be sent.
Opportunistic Encryption. Specifies that any message for which a key to encrypt cannot be found should be sent without encryption (in the clear).
Viewing Services and Policies
Information about one email account on the PGP desktop. PGP desktop will automatically create and configure the service for each email account. In some cases you need to maintain the service of account manually.
Service.
Set of one or more instructions that tells the PGP what to do in specific conditions. Policies are associated with services.
Policy
Specifies that email is both signed and encrypted. When you enable encrypt and sign buttons on outlook express.
Encrypt and signed buttons
Administrative request to mailing list are send in clear (not encrypted).
Mailing list admin request
Submission to mailing list are signed.
Mail List Submissions
Require Encryption: [PGP] Confidential. Specifies that any message flagged as confidential in your email client or containing the text “[PGP]” in the subject line must be encrypted to a valid recipient public key or it cannot be sent.
Opportunistic Encryption. Specifies that any message for which a key to encrypt cannot be found should be sent without encryption (in the clear).