PGP

A quick introduction

What is it PGP?

Pretty Good Privacy

  • program to allow privacy in communications
  • can ensure that only the intended recipient can access a message/document
  • can guarantee that you are the sender of a message/document and no one tampered it

Why would I want it?

Everyday we send each other tons of emails and documents

What can possibly go wrong???

Confidentiality

Confidentiality

Integrity

Authenticity

But it won't happen!

We might be on a private network, with our own mail and document share servers. It's fine, isn't it? That's why we have a firewall for.

Yes, probably!

But there are still ways for things to go wrong.

The question is: how much risk are we willing to accept? 

Threat modeling

  • how easy it is to interfere with a message?
  • how much damage can be created by interfering?
  • given these, how secure should it be to mitigate the damage?

Menu for team lunch

  • Confidentiality: it's publicly available in front of the restaurant anyway
  • Integrity: I can trick you into thinking that it's cheaper, but won't cause any real problem
  • Authenticity: does it even matter here?

no protection needed at all

The new design draft

  • Confidentiality: not nice to leak it, but it will go public in a couple of weeks anyway
  • Integrity: tampering will probably confuse the devs and cause useless discussions, but probably nothing more
  • Authenticity: probably as above

the internal file server is fine enough

Account details of suppliers

  • Confidentiality: money stuff, only who deals with payments should know it
  • Integrity: might trick into paying huge sums to a stranger's account!
  • Authenticity: as an accountant, I shouldn't trust account details that are not really being communicated by my boss

this should be encryped to be really on the safe side

SO

do we need this encryption thingy or not??

But when you need it it's better to have it rather than treating the situation as lower risk

Most times you'll be fine.

Tools are just a mean to mitigate risk

won't solve anything without a culture of thinking about security

but

Now on for the tech

What do I need?

PGP - the components

  • the program (OpenPGP, GPG, GPGTools etc..)
  • a private key
  • its associated public key
  • possibly published on a keyserver

A message encrypted with a public key can only be opened with the paired private key

Confidentiality

  • want to send message to John
  • ask the keyserver for John's public key
  • use that to encrypt
  • only John will be able to read it, using his private key

A message encrypted with a private key can only be decrypted with the paired public key

Authenticity

  • John sends a message to the mailing list 
  • He creates a signature for the message with his private key
  • Anyone can ask the keyserver for John's public key and try to open the signature
  • If it works fine it means that the sender can only be John!

Integrity

  • A message signature is generated on the message
  • After opening the signature, if it matches the message we're sure that no one modified it!

Cool, how do I do that?

  • Signing, verifying, decrypting mail: can configure your client to do it automatically for you
  • Encrypting mail: your client will probably give you the choice to send encrypted on per-mail basis
  • non-mail documents: depends on the tool
  • signing/verifying commits: an extra option on git's cli

And if the keyserver lies?

That's why we're going to exchange keys (fingerprints) IRL!

Made with Slides.com