Foundations of Computer SecurityLecture 69: PGP Key ManagementDr. Bill YoungDepartment of Computer SciencesUniversity of Texas at AustinLecture 69: 1 PGP Key ManagementKey ManagementPGP makes use of four types of keys: one-time session symmetrickeys, public keys, private keys, passphrase-based symmetric keys.Session keys: used once and generated for each new messagePublic keys: used in asymmetric encryptionPrivate keys: also used in asymmetric encryptionPassphrase-based keys: used to protect private keysA single user can have multiple public/private key pairs.Lecture 69: 2 PGP Key ManagementSession Key GenerationEach session key is associated with a single message and used onlyonce. Key size depends on the chosen encryption algorithm E ; e.g.CAST-128: 128 bits, 3DES: 168-bits, etc.The encryption algorithm E is used to generate a new n-bit keyfrom a previous session key and two n/2-bit blocks generatedbased on user keystrokes, including keystroke timing. The twoblocks are encrypted using E and the previous key, and combinedto form the new key.Lecture 69: 3 PGP Key ManagementPublic/Private Key GenerationFor new RSA keys, an odd number n of sufficient size (usually> 200 bits) is generated and tested for primality. If it is not prime,then repeat with another randomly generated number, until aprime is found.Primes appear in the neighborhood of n about every ln(n) = lge(n)numbers. Since we can exclude even numbers, to find a prime ofaround 200 bits, it takes about ln(2200)/2 = 70 tries.This is an expensive operation, but performed relativelyinfrequently.Lecture 69: 4 PGP Key ManagementEncrypting the Private KeyThe private key is stored encrypted with a user-supplied passphrase:1The user selects a passphrase for encrypting private keys.2When a new public/private key pair is generated, the systemasks for the passphrase. Using SHA-1, a 160-bit hash code isgenerated from the passphrase, which is discarded.3The private key is encrypted using CAST-128 with 128 bits ofthe hash code as key. The key is then discarded.Whenever the user wants to access the private key, he must supplythe passphrase.Lecture 69: 5 PGP Key ManagementLessonsPGP uses four kinds of keys: session keys, public and privatekeys, and passphrase generated keys.Public / private key pairs are the most expensive to generate.Since the security of the system depends on protecting privatekeys, these are encrypted using a passphrase system.Next lecture: PGP Key Management IILecture 69: 6 PGP Key
View Full Document