Foundations of Computer SecurityLecture 70: PGP Key Management IIDr. Bill YoungDepartment of Computer SciencesUniversity of Texas at AustinLecture 70: 1 PGP Key Management IIKey ManagementIn PGP, session keys and passphrase-based keys are generated onthe fly, used once and discarded.Public and private keys are persistent and need to be preserved andmanaged. Recall that a user can have multiple public/private keypairs.Lecture 70: 2 PGP Key Management IIManaging Key PairsGiven that a user may have multiple public/private key pairs, howdo we know which public key was used to encrypt a message.Send the public key along with the message. Inefficient, sincethe key might be thousands of bits.Associate a unique ID with each key pair and send that withthe message. Would require that all senders know thatmapping of keys to ID’s for all recipients.Generate an ID likely to be unique for a given user. This isPGP’s solution. Use the least significant 64-bits of the key asthe ID.This is used by the receiver to verify that he has such a key on his“key ring.” The associated private key is used for the decryption.Lecture 70: 3 PGP Key Management IIKey Rings: Private Key RingEach user maintains two key ring data structures: a private-keyring for his own public/private key pairs, and a public-key ring forthe public keys of correspondents.The private key ring is a table of rows containing:Timestamp: when the key pair was generated.Key ID: 64 least significant digits of the public key.Public key: the public portion of the key.Private key: the private portion, encrypted using a passphrase.User ID: usually the user’s email address. May be different fordifferent key pairs.Lecture 70: 4 PGP Key Management IIPublic Key RingPublic keys of other users are stored on a user’s public-key ring.This is a table of rows containing (among other fields):Timestamp: when the entry was generated.Key ID: 64 least significant digits of this entry.Public key: the public key for the entry.User ID: Identifier for the owner of this key. Multiple IDs maybe associated with a single public key.The public key can be indexed by either User ID or Key ID.Lecture 70: 5 PGP Key Management IIRetrieving a Private KeyWhenever PGP must use a private key, it must decrypt it. Forexample, suppose R receives a message encrypted with KR.1PGP retrieves receiver’s encrypted private key from theprivate-key ring, using the Key ID field in the session keycomponent of the message as an index.2PGP prompts the user for the passphrase to recover theunencrypted private key.3PGP recovers the session key and decrypts the message.Lecture 70: 6 PGP Key Management IIValidity of Public KeyAssociated with each public key in the user’s public key ring is akey legitimacy field that indicates the extent to which PGP truststhat this is a valid public key for this user.Legitimacy is determined from certificates and chains ofcertificates, the user’s assessment of the trust to be assigned to thekey, and various heuristics for computing trust.Lecture 70: 7 PGP Key Management IIRevoking Public KeysA user may wish to revoke a public key because:compromise is suspected, orto limit the period of use of the key.The owner issues a signed key revocation certificate. Recipients areexpected to update their public-key rings.Lecture 70: 8 PGP Key Management IILessonsEach PGP user must manage his own private keys and thepublic keys of others.These are stored on separate keys rings.Private keys are protected by encryption; public keys arestored with certificates attesting to their trustworthiness.Keys can be revoked.Next lecture: AvailabilityLecture 70: 9 PGP Key Management
View Full Document
Unlocking...