Java Privacy Guard

An Implementation of theOpenPGP Message Format in Java

Stefan More,Advisor: Dieter Bratko, Peter Lipp

June 13, 2014

Overview

1. Problem Statement

2. openPGP

3. Java Privacy Guard

4. Summary & Outlook

Stefan More, Bakk@IAIKJune 13, 20142

Problem Statement

Message Confidentiality

Message Integrity

Sender Authentication

Anonymity

End to End

Stefan More, Bakk@IAIKJune 13, 20144

openPGP

Stefan More, Bakk@IAIKJune 13, 20145

PGP History

Pretty Good Privacy

1991: PGP created by Phil Zimmermann

most widely used email encryption software [6]

1998: PGP 5 standardized: openPGP (RFC 4880)

2010: PGP assets sold to Symantecfor $ 300.000.000 (Enterprise Security)

Stefan More, Bakk@IAIKJune 13, 20146

Standard: openPGP (RFC 4880 etc.)

Implementations:

PGP (Zimmermann, Symantec)GnuPG / GPG (GNU)APG (Android)End-to-End (Google Chrome)Bouncycastle (Java)Java Privacy Guard (IAIK-JCE)

Stefan More, Bakk@IAIKJune 13, 20147

openPGP

Combines Symmetric-Key Cryptographyand Public-Key Cryptography

+ Hashing

+ Data Compression

+ Trust Model

Stefan More, Bakk@IAIKJune 13, 20148

Revisiting Problem Statement

Message Confidentiality: Encryption

Message Integrity: Digital Signatures

Sender Authentication: Web Of Trust

Anonymity? Tor, I2P, . . .

Stefan More, Bakk@IAIKJune 13, 20149

De-/Encryption

Encrypt Data with Random Symmetric-Key,encrypt Symmetric-Key with Public-Key

Multiple Receiver: Encrypt Data only once

Symmetric Cipher: AES, IDEA, 3DES, CAST5, . . .Keysize ≥ 112 bits [7]

Public-Key Cipher: RSA, ElGamalKeysize ≥ 2048 bits [7]

Stefan More, Bakk@IAIKJune 13, 201410

Stefan More, Bakk@IAIKJune 13, 201411

Stefan More, Bakk@IAIKJune 13, 201411

Stefan More, Bakk@IAIKJune 13, 201411

Stefan More, Bakk@IAIKJune 13, 201411

Digital Signatures

Hash Message Body & Sign Hash with Private Key

Sign Other Keys (→ Trust Model)

Hash Algorithms: SHA-2, SHA-1, RIPE-MD/160, MD5

Signature Algorithms: RSA, DSA

Stefan More, Bakk@IAIKJune 13, 201412

Web Of Trust

Decentralized Trust Model(Can be centralized)

No Certificate Authority

Transitive Trust

Pathfinder: pgp.cs.uu.nl/doc/faq.html

Key-Set Analysis: pgp.cs.uu.nl/plot

Stefan More, Bakk@IAIKJune 13, 201413

Java Privacy GuardopenPGP in Java using IAIK-JCE

Stefan More, Bakk@IAIKJune 13, 201414

Java Privacy Guard

Full Implementation of RFC 4880 (not yet)

Compatibility to other PGP Implementations

Simple API & Extended API

Key Management

Crypto provided by JCA (default: IAIK-JCE)

Stefan More, Bakk@IAIKJune 13, 201415

openPGP Structure

Packets:

Internal StructureContain actual Data (+ Metadata)

Transferable:

Consists PacketsMessage, Keys, Signature, Keyring, . . .

Stefan More, Bakk@IAIKJune 13, 201416

-----BEGIN PGP MESSAGE -----

Comment: GPGTools - http :// gpgtools.org

hQIOA5v3tWTQmvtJEAf/QPf5FuQMZpG+cKylmm819K2eoIv75nxTSk25tLwVkGMi

IR0xOVCkTV+PNgi7aSbhNxBZ6dMJougl1cGx/XtKZ3bQ2gli5h+pxzGnRhTBzu2n

BWh361unf42D9cIWV3ME+f18rZynp4EdBDk6NENdPiaV0odMdlxoDbPmrrdEzM5F

ozjm6c9RJD7gDQ4KVfy13eiSX+MSgsbdMeDk0EgqwzczHl /5 ATWFMh3x+uDZ0mop

6NXlX3rvzFoA9NkiDR0CDcYuTXspfDt6JJyDYRlgm4KEaBbP+Eh6rZK4vBIq/Bkj

KK9ZwKZOtkljtMvGYWV9AD2CStOrP5lT7wFM/IAEAwf/RvAq6ixUhqjGExrcxc68

6NB1Ka1zp4FfMYH9I3IKKQTjIVbgCqINil4hvaqUBdF7YXc/gS0skWKztqUqEKky

BIW8pmKw0+AIHuHQUtebSnd/y3LmQhlMj/WjnTEK2DeirU5e05YzKnSdZMRBDAEg

GMFSs9gNgYBvrh1LQhXCdwwga05s5sOFPk4lRMAjm1eKjny74OpBv0Ze4UKWeG /4

DLhPAa5n0GZWVZ81UK5xeQEuWoH2BTtbUJ32yxFDrCFUNqRBJh67AiXQeT3gzkp7

cmjxdvSZLQd94mOChWvPAqxgG4w0SPSeJVaiDDVj0P24Lt+yHBSMOaxi3k7vWJwW

moUCDAO1gB/YJnRgOQEP/iIX3/GYPJvegETBEV8z8ug36TLlqx6VDK2B6wp7C9BB

E0FfIKa6vVDmUt7FOtzHIfcu1by9U0NAt4IzIs8gO9P ++ vI72qwyjJmapkdJ6TOk

w8pJn8sweV/rNT5NoYjhG10ErxtzhspQCykt8d3hx4mCoBxDYtJl6fDLceji/YJV

2tI0/0 I8wiKsl/EkO817/BgjnLKQvVctqiHBlo5o4YxyxWycXVVdkctAtH4NWO0H

dmr76stfCFPQTo24Fjd /1 fi8rIcHVJIv+yuEd1ZkBw/BibaCkBCseNXJUVsedEAC

0rGcCCT56gQuGrzlmRbptvzgr2WQ+qYZJwmomZqeF4xP81A9rbWaDINr5/slkRIZ

ie9HV+6 krAaDJ9iEAJcK0yorkznFszW6+uynljZ+sWn72Ff/UBVSktYF+J8zDISI

e/6 NpeEvgL5EByrY/LEXeCzPjok3JCt7wZhqjdcrDJLveYfw2StGunxhfl33wRqx

kBG0G49ba+v3fyOTSqjlA5yekZ6YkQJaQIfLCa1Guierw9oFKAENMx1xzfL4TJWW

RGx54xBUmMblZPVIDgE5cWVqmaZoRH5SvlEQEi9lW8yuGVvdJfdLHdPsRSxRPwz4

fDHfpYLYM9Kj5My3inYd9NmIvWoFTFgHJuy3B3pd4pPXLxjgA+Qo3ncCneQkluDe

ySG6c8b+hCyl9b4S/qBnzPumxCVZ1FUvubuAboMgGno0hd8=

=2IUj

-----END PGP MESSAGE -----

Stefan More, Bakk@IAIKJune 13, 201417

tag: Public-Key EncryptedSession Key Packetlength: 526version: 3keyId:“9BF7B564D09AFB49”publicKeyAlgorithm:“Elgamal (Encrypt-Only)”encryptedSessionKey

tag: Public-Key EncryptedSession Key Packetlength: 524version: 3keyId:“B5801FD826746039”publicKeyAlgorithm:“RSA (Encrypt or Sign)”encryptedSessionKey

tag: Symmetrically Encrypted Data Packetlength: 33Encrypted Data

Stefan More, Bakk@IAIKJune 13, 201418

Load & Decrypt PGP Message

IAIK . addAsProvider ( ) ;

PGPMessage pgpMessage = parseMessage ( i s1 ) ;PGPPrivateKey pr ivKey = parsePr ivatekey ( i s2 ) ;

PGPCipher c ipher = new PGPCipher ( ) ;c ipher . i n i t ( PGPCipher .DECRYPT MODE, p r i vkey ) ;

byte [ ] c l e a r t e x t = c ipher . doFina l ( pgpmessage ) ;

Stefan More, Bakk@IAIKJune 13, 201419

Summary

Studied RFC 4880 & IAIK-JCE

Implemented:

Reading ASCII-Armor (Base 64 + CRC24)Parsing PGP Message Objects (Packets)Key Management (Simple Keychain)Message Decryption (RSA & ElGamal)Signature Validation (RSA & DSA)Decompression

Stefan More, Bakk@IAIKJune 13, 201420

Outlook / Future Research

Message Encryption and Signature Validation

Missing parts of RFC 4880 (Partial body length, . . . )

RFC 6637: ECC

Keyservers?

Stefan More, Bakk@IAIKJune 13, 201421

Thank You for Your AttentionQuestions? Remarks?

Stefan More, Bakk@IAIKJune 13, 201422

[1] Laura Poitrashttps://commons.wikimedia.org/wiki/File:Edward_Snowden-2.jpg

[2] Glenn Greenwald https://en.wikipedia.org/wiki/File:Glenn_greenwald_portrait_transparent.png

[3] Katy Scogginhttps://commons.wikimedia.org/wiki/File:Laura_Poitras_2014.jpg

[4] Regionales RechenZentrum Erlangenhttps://commons.wikimedia.org/wiki/Category:RRZE-Icon-Set

[5] The Opte Project http://www.opte.org/the-internet

[6] http://www.philzimmermann.com/EN/background/index.html

[7] Recommendation for Key Management, Special Publication 800-57 Part 1Rev. 3, NIST, 07/2012. http://www.keylength.com/en/4/

[8] http://cirw.in/gpg-decoder

Stefan More, Bakk@IAIKJune 13, 201423

Oracle and Java are registered trademarks of Oracle and/or its affiliates.Google and Chrome are registered trademarks of Google and/or its affiliates.Other names may be trademarks of their respective owners.

Stefan More, Bakk@IAIKJune 13, 201424