pgp managing key lecture 007
DESCRIPTION
PGP a software for protected communicationTRANSCRIPT
![Page 2: PGP managing Key Lecture 007](https://reader033.vdocument.in/reader033/viewer/2022061304/5497deccac795925288b5643/html5/thumbnails/2.jpg)
Examining and Setting Key Properties
You can view following properties of keys
NameEmail addressValiditySizeKeyIDTrustCreation dateExpiration dateADKStatusKey descriptionKey usage
![Page 3: PGP managing Key Lecture 007](https://reader033.vdocument.in/reader033/viewer/2022061304/5497deccac795925288b5643/html5/thumbnails/3.jpg)
Working With Photographic IDs
Remove , Delete, Copy
![Page 4: PGP managing Key Lecture 007](https://reader033.vdocument.in/reader033/viewer/2022061304/5497deccac795925288b5643/html5/thumbnails/4.jpg)
Managing User Names and Email Addresses on a Key
PGP desktop support multiple user names and email addresses on keypair,it help others find your key to send the
encrypted messages.
Delete ?
![Page 5: PGP managing Key Lecture 007](https://reader033.vdocument.in/reader033/viewer/2022061304/5497deccac795925288b5643/html5/thumbnails/5.jpg)
Importing Keys
Dbl click on the key you want to import (Window explorer)
File->Import
Drag & Drop
![Page 6: PGP managing Key Lecture 007](https://reader033.vdocument.in/reader033/viewer/2022061304/5497deccac795925288b5643/html5/thumbnails/6.jpg)
Changing Your Passphrase
Select tab PGP keys & select my private keys
Take Properties Click on change passpharase
![Page 7: PGP managing Key Lecture 007](https://reader033.vdocument.in/reader033/viewer/2022061304/5497deccac795925288b5643/html5/thumbnails/7.jpg)
Deleting Keys, User IDs, and Signatures
Select tab PGP keys & click on all keys
Right click on key and select DELETE
![Page 8: PGP managing Key Lecture 007](https://reader033.vdocument.in/reader033/viewer/2022061304/5497deccac795925288b5643/html5/thumbnails/8.jpg)
Disabling and Enabling Public Keys
![Page 9: PGP managing Key Lecture 007](https://reader033.vdocument.in/reader033/viewer/2022061304/5497deccac795925288b5643/html5/thumbnails/9.jpg)
Verifying a Public KeyHow to check the public key belongs to the person you want to communicate
SolutionCheck finger print.Call the person and read the finger print.
NoteFinger prints can be viewed in two ways 1. Unique list of words 2. Hexadecimal numbers
Compare the figure print of key with the original one
![Page 10: PGP managing Key Lecture 007](https://reader033.vdocument.in/reader033/viewer/2022061304/5497deccac795925288b5643/html5/thumbnails/10.jpg)
Signing a Public KeyOne you are sure the keys belong to the correct person, you can sign that persons public key.This step shows that you have verified the key.
NoteKeys from the backup or from other computer also need to be signed.
![Page 11: PGP managing Key Lecture 007](https://reader033.vdocument.in/reader033/viewer/2022061304/5497deccac795925288b5643/html5/thumbnails/11.jpg)
Revoking Your Signature from a Public Key
Right click and select REVOKE
![Page 12: PGP managing Key Lecture 007](https://reader033.vdocument.in/reader033/viewer/2022061304/5497deccac795925288b5643/html5/thumbnails/12.jpg)
Granting Trust for Key Validations
Can define the level of trust on the other keys to show that how well you trustthem act as introducer for others.NoteIf you get a key from some one you don’t know ,but key is signed with a person you show your trust, key is considered to valid.
![Page 13: PGP managing Key Lecture 007](https://reader033.vdocument.in/reader033/viewer/2022061304/5497deccac795925288b5643/html5/thumbnails/13.jpg)
Working with SubkeysTypes of Keys1. Master Key2. Subkey3. One of More Separate subkeysRelation ship Master keys are used by default for signing Subkeys are used for encryption Separate subkey encryption can be revoked, removed to PGP without
effecting the maser key
NoteFor RSA keypairs Support following subkeys
encryption, signing encryption/signing.
For Diffie-Hellman/DSS keypairs, subkeys encryption or signing You cannot create subkeys that both encrypt and sign.
For older PGP Legacy keypairs, subkeys are not supported.
![Page 14: PGP managing Key Lecture 007](https://reader033.vdocument.in/reader033/viewer/2022061304/5497deccac795925288b5643/html5/thumbnails/14.jpg)
Creating New Subkeys
![Page 15: PGP managing Key Lecture 007](https://reader033.vdocument.in/reader033/viewer/2022061304/5497deccac795925288b5643/html5/thumbnails/15.jpg)
Setting the usage of SubkeysEach subkey can have its own key usage properties. one subkey could be used for PGP NetShare
only, and another could be used for all other PGP Desktop functions.
![Page 16: PGP managing Key Lecture 007](https://reader033.vdocument.in/reader033/viewer/2022061304/5497deccac795925288b5643/html5/thumbnails/16.jpg)
Working with SubkeysRevoking & Removing Subkeys
![Page 17: PGP managing Key Lecture 007](https://reader033.vdocument.in/reader033/viewer/2022061304/5497deccac795925288b5643/html5/thumbnails/17.jpg)
Working with ADKs
What ?ADK is an encryption key which is used by the security officers of organization to decrypt the Message that have been sent out or received in with in an organization.
Adding an ADK to a Keypair
Take the properties of key pair
![Page 18: PGP managing Key Lecture 007](https://reader033.vdocument.in/reader033/viewer/2022061304/5497deccac795925288b5643/html5/thumbnails/18.jpg)
Working with ADKsUpdating & Removing ADK’s
![Page 19: PGP managing Key Lecture 007](https://reader033.vdocument.in/reader033/viewer/2022061304/5497deccac795925288b5643/html5/thumbnails/19.jpg)
Working with RevokersWhat ? Forget your passphrase Lose your keypair Your laptop is stolen or your hard drive crashes, for example). The other users may encrypt your key
Solution is Key Revoker
Supported for Diffie-Hellman/DSS RSA keys.
Appointing a Designated Revoker
![Page 20: PGP managing Key Lecture 007](https://reader033.vdocument.in/reader033/viewer/2022061304/5497deccac795925288b5643/html5/thumbnails/20.jpg)
Working with RevokersRevoking a Key
![Page 21: PGP managing Key Lecture 007](https://reader033.vdocument.in/reader033/viewer/2022061304/5497deccac795925288b5643/html5/thumbnails/21.jpg)
Splitting and Rejoining KeysWhat ?
The process in which components of private key is distributed among multiple users This technique is called Balkely-Shamir splitting. Provide high security
Note When need to sign the key all users must be combined to construct the key
Creating a Split Key
When we encrypt the key the shars of the key are stored as file in the encrypted form with shareholder public key.
![Page 22: PGP managing Key Lecture 007](https://reader033.vdocument.in/reader033/viewer/2022061304/5497deccac795925288b5643/html5/thumbnails/22.jpg)
Rejoining Split KeysWhat ? The process in which components of private key is distributed among multiple users This technique is called Balkely-Shamir splitting. Provide high security
Note When need to sign the key all users must be combined to construct the key
Creating a Split Key
When we encrypt the key the shars of the key are stored as file in the encrypted form with shareholder public key.
![Page 23: PGP managing Key Lecture 007](https://reader033.vdocument.in/reader033/viewer/2022061304/5497deccac795925288b5643/html5/thumbnails/23.jpg)
Securing Email Messages
7
![Page 24: PGP managing Key Lecture 007](https://reader033.vdocument.in/reader033/viewer/2022061304/5497deccac795925288b5643/html5/thumbnails/24.jpg)
How PGP Desktop Secures Email Messages
WHAT ?When secure email messaging is enabled , PGP Desktop monitors the email traffic between your email client and your
mail server.NotePGP will encrypt ,sign,decrypt or verify all out going after the configuration
Incoming Messages
Outgoing Messages When ever an out going message is send PGP looks for a key to encrypt the message. For windows system it checks it on All key rings. If it not find the recepnist key their it then by default check the PGP global director for the public key of RECP. If not find then message is send without encryption.
For incoming messages the PGP have the policies to configure. By default these policies are configured to satisfy vast rang of PGP users. You can change the policies according to your requirement
![Page 25: PGP managing Key Lecture 007](https://reader033.vdocument.in/reader033/viewer/2022061304/5497deccac795925288b5643/html5/thumbnails/25.jpg)
PGP Desktop Secures Email Messages
Message not encrypted or signed PGP does nothing with the content of the messages. Pass message along to email client.
Message not encrypted or signed When PGP sees the message coming to you and is encrypted the PGP tries to decrypt it for you. PGP check local keyring for private key to decrypt the message. If key not found on local keyring the PGP
will not be able to decrypt the message. The message will be passed as it is. If key find in local keyring the PGP will decrypt it if password is cached. Other wise you will be prompted
to enter the password.NOTEPGP MESSAGING PROXY Message signed, but not encrypted
PGP desktop will search the local keyring for a public key that can be used to verify the signature. If PGP can not find the public key on local keyring it will try to search for a key server at keys domain
sender). If not find their then check the PGP Global directory and listed key servers. If PGP find the right key at any
of these locations it verify the message and pass it to the client. If key not find pass the message to client unverified.
Incoming Messages
![Page 26: PGP managing Key Lecture 007](https://reader033.vdocument.in/reader033/viewer/2022061304/5497deccac795925288b5643/html5/thumbnails/26.jpg)
PGP Desktop Secures Email Messages
Message encrypted and signed Find private key to decrypt the message Find public key to verify the signature
Incoming Messages
Microsoft outlook and PGP
![Page 27: PGP managing Key Lecture 007](https://reader033.vdocument.in/reader033/viewer/2022061304/5497deccac795925288b5643/html5/thumbnails/27.jpg)
Viewing Services and Policies
Information about one email account on the PGP desktop. PGP desktop will automatically create and configure the service for each email account. In some cases you need to maintain the service of account manually.
Service.
Set of one or more instructions that tells the PGP what to do in specific conditions. Policies are associated with services.
Policy
Specifies that email is both signed and encrypted. When you enable encrypt and sign buttons on outlook express.
Encrypt and signed buttons
Administrative request to mailing list are send in clear (not encrypted).
Mailing list admin request
Submission to mailing list are signed.
Mail List Submissions
Require Encryption: [PGP] Confidential. Specifies that any message flagged as confidential in your email client or containing the text “[PGP]” in the subject line must be encrypted to a valid recipient public key or it cannot be sent.
Opportunistic Encryption. Specifies that any message for which a key to encrypt cannot be found should be sent without encryption (in the clear).
![Page 28: PGP managing Key Lecture 007](https://reader033.vdocument.in/reader033/viewer/2022061304/5497deccac795925288b5643/html5/thumbnails/28.jpg)
Viewing Services and Policies
Information about one email account on the PGP desktop. PGP desktop will automatically create and configure the service for each email account. In some cases you need to maintain the service of account manually.
Service.
Set of one or more instructions that tells the PGP what to do in specific conditions. Policies are associated with services.
Policy
Specifies that email is both signed and encrypted. When you enable encrypt and sign buttons on outlook express.
Encrypt and signed buttons
Administrative request to mailing list are send in clear (not encrypted).
Mailing list admin request
Submission to mailing list are signed.
Mail List Submissions
Require Encryption: [PGP] Confidential. Specifies that any message flagged as confidential in your email client or containing the text “[PGP]” in the subject line must be encrypted to a valid recipient public key or it cannot be sent.
Opportunistic Encryption. Specifies that any message for which a key to encrypt cannot be found should be sent without encryption (in the clear).