+ All Categories
Home > Documents > Crypto Party ATX

Crypto Party ATX

Date post: 23-Feb-2016
Category:
Upload: lucien
View: 65 times
Download: 2 times
Share this document with a friend
Description:
Crypto Party ATX. Shameless self-promotion. Visit us at https://CryptoPartyATX.org Step-by-step guides on how to encrypt your emails, text messages, files and folders Guides to maintaining your privacy by choosing stronger passwords and securely deleting data Info on upcoming parties - PowerPoint PPT Presentation
Popular Tags:
27
Crypto Party ATX Shameless self-promotion Visit us at https://CryptoPartyATX.org Step-by-step guides on how to encrypt your emails, text messages, files and folders Guides to maintaining your privacy by choosing stronger passwords and securely deleting data Info on upcoming parties Need help? Email [email protected] Please contribute! Let us know if you have any questions; chances are someone else has those questions, too. If we know where it’s unclear, we can make those parts better. Can you do it better? Let us know how, or do it yourself and send it to us!
Transcript
Page 1: Crypto Party ATX

Crypto Party ATXShameless self-promotion

Visit us at https://CryptoPartyATX.org• Step-by-step guides on how to encrypt your

emails, text messages, files and folders• Guides to maintaining your privacy by choosing

stronger passwords and securely deleting data• Info on upcoming parties• Need help? Email [email protected]

Please contribute! • Let us know if you have any questions; chances are someone else has those

questions, too. If we know where it’s unclear, we can make those parts better.• Can you do it better? Let us know how, or do it yourself and send it to us!

Page 2: Crypto Party ATX

Tonight’s Topic: Email Encryption

Basics of Encryption in GeneralDefinition and ExamplesKeys and Key Pairs

What Email Encryption does and does not do

How to set up Email Encryption

Questions?

Page 3: Crypto Party ATX

EncryptionAn Introduction

Page 4: Crypto Party ATX

What is Encryption?Encryption is a means of putting text (or any computer data) into a secret code, so only the intended person can read it.

A cipher or algorithm is the set of rules or instructions that shows how to write a message using the secret code.

Historical examples: Caesar’s Cipher, Enigma Machine, PGP

Commonly substitution and/or transpositionSubstitution: switching particular characters for othersTransposition: moving characters around using set rules

Keys – essentially just long passwords, but they also help determine how text is substituted and transformed

Page 5: Crypto Party ATX

Substitution ExamplesSubstitution is the process of switching letters with other letters in a specific way, so the letters can be un-switched later if the reader knows how they were switched, or if the reader can figure out how they were switched.

Reverse-AlphabetABCDEFGHIJKLMNOPQRSTUVWXYZZYXWVUTSRQPONMLKJIHGFEDCBA

The message “HOWDY” is written “SLDWB”

Caesar’s Cipher – Shift letters 3 spacesABCDEFGHIJKLMNOPQRSTUVWXYZDEFGHIJKLMNOPQRSTUVWXYZABC

The message “HOWDY” is written “KRZGB”

Page 6: Crypto Party ATX

Transposition ExamplesTransposition is the process of changing the text in a specific way, so that it can be un-changed later if the reader knows how it was changed, or if someone can figure out how it changed.

Reverse charactersMEET US AT THE NEXT CRYPTO PARTYYTRAP OTPYRC TXEN EHT TA SU TEEM

Alternate charactersMEET_US AT_THE_NEXT CRYPTO_PARTYME_SA_H_ETCYT_ATETU TTENX RPOPRY

Page 7: Crypto Party ATX

A step further…keysThink about Caesar’s cipher. If he always used the same +3 transposition, then anyone who figured it out or learned it would be able to read all of his coded messages.

We need some way to change the code when we need to, and fortunately we have one. This is by adding a key or password to the mix.

In a simple way, Caesar’s cipher could be improved by changing how much is added to each letter. Instead of using the same key of 3 every time, we could use the key 4 for one person, and the key 5 for another.

We’re still following the same method of adding to the letter positions (i.e., the same cipher), but now we can do it differently for different people.

Message Message

+3 +3

Phvvdjh

Same message to two parties coded the same way

Message Message

+4 +5

Qiwweki

Same message to two parties w/ different passwords

Rjxxflj

Page 8: Crypto Party ATX

Keys Keys, along with a cipher, are used to encrypt messages (“plain text”) and/or decrypt coded text (“cipher text”). A key could be as simple as a digit or password, or as complicated as a PGP key.

Keys make it more difficult to decrypt the coded message by changing the rules for how things are encoded or decoded.

Example: Enigma Machine

Sometimes there are two keys –one to lock and another to unlock:Private Keys (or Secret Keys) such as passwords are used to decode messages. Never share a Private Key with anyone you don’t want to read your coded messages.Public Keys are used to encode messages. There is generally no harm in giving out a Public Key.

Page 9: Crypto Party ATX

Single Keys (Symmetric Encryption)

Some types of encryption use a single key such as a password. For example, if you encrypt a message with the password “dog”, you would use the password “dog” to decrypt it as well. To send a coded message, you will have to tell someone the key and hope that no one else finds out.

If a cipher uses the same key to put something into code as it does to take it back out, then the cipher is said to be symmetric.

Message Password Secret Code

Message Password Secret Code

Symmetric EncryptionThe same password works in

both directions

Page 10: Crypto Party ATX

Key Pairs (Asymmetric Encryption)

Some ciphers use a different key to encrypt a message than to decrypt it. For example, you might encrypt a message with the password “dog”, but to read the message you would need the password “cat”.• If a cipher uses one key to put something into code and a different key to take it back

out, then the cipher is said to be asymmetric.

In practice, both keys are created at the same time, and form a key pair. The keys in a key pair only work with each other, so any message encrypted with a one key of the pair can only be decrypted by the other key of the same key pair.

Message Key 1 Secret Code

Message Key 2 Secret Code

Asymmetric EncryptionOne key is used to encrypt

the message, but a completely different key is

used to decrypt the message.

- Key Pair

Page 11: Crypto Party ATX

The Advantage of Key PairsAdvantage: Anyone can encrypt a message for you, but only you can decrypt it.If you have a pair of keys that each work in only one direction, then you only need to keep one key secret. The one you keep secret is called the Private Key. The Private Key is used only to decrypt messages*, and it is the only key that can decrypt those messages.The Public Key is used only to encrypt messages. This means you can give it out to anyone, since the only thing someone could do with it is encrypt a message. Because the key is part of a pair, if someone encrypts a message using your Public Key, then only you can decrypt the message because only you have the Private Key.

Message Public Key Secret Code

Message Private Key Secret Code

A Public Key is used to encrypt a message.

A Private Key is used to decrypt a message.

- Key Pair

Page 12: Crypto Party ATX

SummarySymmetric Encryption

(with Single Keys)

Same key is used to put a message in code and to take it back out of code.

Somehow the key must be shared with the recipient without sharing it with snoops.

Asymmetric Encryption(Key Pairs)

Different keys are used to put a message in or to take a message out of code.

The Public Key can be shared with anyone, so anyone can send you a message.

The Private Key is never shared, so only you can read the messages.

Page 13: Crypto Party ATX

Key Pairs for Email EncryptionIf I have explained this well, you can hopefully already see why we use Key Pairs for encrypting email messages. Here’s a quick summary:

You do not always have a secure way to contact someone. If you only contact someone through email, how could you tell them a password? If you emailed a symmetric password, you might as well not have one, since anyone monitoring the email could see the password and use it just as easily as the intended recipient could.

You want to be the only person who can decrypt the message. If you tell anyone a password, there is some chance of them sharing it with someone else. Having one password to encrypt a message and a different password to decrypt it means that you never have to share the password that “unlocks” the messages, but you can tell anyone the password to “lock” a message. There’s no harm in more people finding out how to send a message that only you can read.

Page 14: Crypto Party ATX

Purpose of Email EncryptionWhat it does, and what it does not

Page 15: Crypto Party ATX

How Private is Email?Would you want to use postcards for nearly every message you send? (You do.)When you send a postcard, anyone who handles it along the way could look down and read the message. Sometimes it doesn’t matter, but I would not want to send every letter this way. Sometimes I want only the recipient to be able to read the message.

When you send an email, it’s just about as private as a postcard. Instead of being handed from person to person and sent by truck, however, emails are passed from server to server until they end up at the destination. But like it is with postcards, any server involved in transmitting the message could also read or store the whole message.

With email, the following parties could possibly read the message as it goes by:• Anyone on the same open or wired network, unless using SSL• Your Internet Service Provider (ISP) (e.g., TWC, ATT, Grande, etc.), unless using SSL• Your email provider (e.g., Gmail, Yahoo, Hotmail, etc.)• Your contact’s email provider• Your contact’s Internet Service Provider (ISP)• Your contact• AND…anyone with access to the data of any person or company above

Page 16: Crypto Party ATX

Making Postcards More PrivateNormal Email Message:Message and Metadata visible

Encrypted Email Message:Only metadata visible

Page 17: Crypto Party ATX

What Email Encryption Does

Email Encryption will allow you to put the content of a message into code.

When you encrypt the message using your contact’s Public Key, only your contact will be able to decrypt it; they are the only one with the Private Key of the same pair.

If a contact sends you a message encrypted with your Public Key, only you have the right Private key to decrypt it.

Page 18: Crypto Party ATX

What Email Encryption Doesn’t

Email Encryption will not hide the fact that you sent a message

It will not hide your email address or your contact’s email address.

It will not hide the date or time the message was sent.

It will not hide the Subject line of your message.

Any snoops will be able to see whom the message was sent from and to, when it was sent, the subject line, and possibly the IP from which the message was sent. But they will not be able to read the message.

Page 19: Crypto Party ATX

Setting Up Email EncryptionPutting theory into practice

Page 20: Crypto Party ATX

Email Encryption in GeneralHere’s how we go about using Key Pairs in Email Encryption:

1. Install an Email Program that supports PGP encryption

2. Install a Key Manager program to keep track of our own Key Pairs and our contacts’ Public Keys.

3. Create a Key Pair.

4. Install an Add-On to the Email Program to let it work with our Key Manager

5. Use a contact’s Public Key to send them a message. Use our own Private Key to read a message from our contact.

Page 21: Crypto Party ATX

Email Program - Thunderbird

https://www.mozilla.org/en-US/thunderbird/

Thunderbird is an open source email program from Mozilla, the makers of Firefox. It is available for Windows, OS X, and Linux.

Download and install Thunderbird, then follow the on-screen steps to add your current email account.

Page 22: Crypto Party ATX

GPG / Key Manager Program

http://www.gpg4win.org/

GNU Privacy Assistant (Windows)

GPA is a key manager included in the the GPG4Win package. GPG4Win is an open-source package implementing many of the features of GPG on Windows systems.

https://gpgtools.org/

GPG Keychain Access (OS X)

GPG Keychain Access is the key manager included in the GPGTools’ GPGSuite package. GPGSuite is an open-source package implementing many of the features of GPG on OS X systems.

Page 23: Crypto Party ATX

Creating a Key Pair

First, download and install the key manager program for your operating system.

WINDOWS USERS: Please be sure to select the checkbox next to GPA when installing gpg4win

Next, find and click “New Key” or something similar.

Fill out the requested information and set a password.

You now have a key a pair – a private key to decrypt messages and a public key so people can send you messages

Page 24: Crypto Party ATX

Thunderbird Add-on: Engimail

https://www.enigmail.net/

Enigmail is a Thunderbird Add-on that works with your key manager program.

Go to the Add-ons section in Thunderbird and search for Enigmail. Install the Add-on and restart Thunderbird.

Check the OpenPGP Security settings in the Account Settings menu to make sure it uses the correct Private Key and encrypts your messages by default (if desired).

Page 25: Crypto Party ATX

Sending an Encrypted MessageFirst you will need someone else’s public key. If you don’t know anyone with a public key, you can download mine from our website (or from a keyserver):

https://cryptopartyatx.org/content/FE0E7924.asc

Save your contact’s public key to a file, and click Import to import it to your Key Manager program (GPA or GPG Keychain Access)

Press the “Write” button in Thunderbird and compose an email. (If you’re using my Public Key, send the email to [email protected])

Click the lock icon in the bottom right to activate it. When you send the message, it will be automatically be encrypted with the Public Key of the recipient (as long as you imported that key into your key manager program already).

Page 26: Crypto Party ATX

Receiving an Encrypted Message

If someone uses your Public Key to encrypt a message, then you will use your Private Key to decrypt it.

The process is nearly automatic. When you get an encrypted email, as soon as you try to read it you will be asked for a password. Type the password you used when you made your key pair.

Page 27: Crypto Party ATX

Questions?


Recommended