CRYPTOGRAPHY
How to generate private and public keys utilizing the keyring of PGP
Steps on how to make the keys
- Openbit rot keys by selecting Start or Programs or PGP keys or by clicking the PGP tray icon and selecting PGP keys in the pop-up menu.
- The PGP keys window will start, displaying a list of various Public Keys, among which get assigned to you and your correspondents if you add them to the list.
- Click on the Generate New Keypair icon. PGP Key Generation Wizard automatically starts. See and understand the parlance displayed, and then go next.
- The Wizard will request you to enter your contact information. It’s advisable to use a valid e-mail address for the program to get you the correct key in a case of writing to a particular person. Click on the consequent
- This step requires you to select an essential type. Choose Diffie-Hellman/DSS. Click next.
- The Wizard requires you to specify a size for your new keys. Choose 2048 bits, which is the default, that size of a key is large enough for any other party to figure out regardless of the technology they use. Click on the consequent.
- The Wizard requires you indicate the expiry of your pair of keys. Choose default since Key pair is not supposed to expire. Click Next
- This stage requires you to fill in a passphrase. That should be done carefully make sure to choose a watchword of at least eight characters with a mix of uppercase and lowercase letters and other aspects. You should create a strong passphrase by combining styles and messages to make the passphrase as long as possible. According to Herb Kanner, “the idea of having a long passphrase which includes a mixed case and non-alphabetic is to make it difficult for any force attack on the passphrase.” So, if you use a longer passphrase according to Herb’s 15 characters long are safe, while Bernie’s suggests 33. Even in a case where an attacker used a supercomputer to attack, it would take a long time for it to try all combinations, which may be hard to tolerate before hitting on the passphrase.
- Enter your watchword twice. Click Next
- The Wizard will warn you in case of a weak passphrase and require you to go back to choose a more robust passphrase and then re-enter it. It the passphrase is strong, the Wizard will now generate your pair of keys. You may get a prompt to hit fluky keys on the keyboard to assist the Wizard in the creation of a more impregnable key, wait until the process of developing your key is done, then click Next. You will be asked to send your new Public Key to a drudge where others around the globe can find it and use it when they want to encode data they wish to send you. Click in the box only if you’re going to, and if not, then click Next.
- The recommended standard key length
2048 bits
- Build a certificate for e-mails using PGP
- Connect your computer to the internet so that PGP can access the MIT server, and find a server where your Public Key can be sent and included in the database of Public Keys.
- Start PGP keys by choosing Start or PGP keys or by clicking on the PGPtray icon then select PGP keys in the menu.
- In the PGPKeys window, you need to click on the icon that represents your Public Key. This is the key you need to post to the Main server at MIT.
- Minimize the Server menu, select Send To and then choose the link to the MIT server.
- PGP will now post your Public Key in the server it has accessed. The PGP will inform you whether the key was published successfully when the process is done.
Steps of validating your public key and other public keys
- Click Start/PGPkeys or the PGPtray icon to display the PGP keys, from a menu that pops up you need to select PGP keys.
- Choose the key that you want to sign from the PGP display window by right-clicking on it.
- A pop- up menu is displayed where you need to select a sign, which proceeds to show a dialog box that contains lists of the key you wish to sign, along with its fingerprint. The dialog box contains text that emphasizes the necessary security required for the key you are about to hire; the key should be given in an environment that is entirely secure. The public key’s owner fingerprint should match with the Public Key. It’s safe to confirm the fingerprint to be absolutely sure that the public key you are about to sign belongs to the owner. If not sure, please confirm with the owner to repeat to you the characters of the fingerprint by way of validation.
- Avoid checking the small checkbox that appears next to “Allow signature to be exported,” and you are advised that “others may rely upon your signature.” If you want to do so, just add a non-exportable signature to the Public Key.
- Click OK to
Don't use plagiarised sources.Get your custom essay just from $11/page
Show a practical scenario using PGP on how to guard your private key in case it falls into the wrong hands?
To ensure safety, you issue a “key compromise” certificate. It’s a license that warns other people to stop using your public key. You can use PGP to create this document by using the “-cd” command, and then you must send this compromised certificate to everyone else on the planet, or at least to all your friends and their friends, et cetera. Their PGP software will install this key compromise certificate on their public keyrings and will prevent them from accidentally using your public key ever again. You can then generate a new secret/public key pair and publish the new public key. You could send out one package containing both your new public key and the critical compromise certificate for your old key.
- How to protect public keys from tampering?
- How to validate your public key and other public keys
There is a trusted firm that has specialized in the provision of the services to users by offering secure signatures for their public-key certificates. That entity could be referred to as a “key server” or a “Certifying Authority.” Critical public certificates that have the vital server’s signature could be trusted as truly belonging to whom they appear to be their owners. To participate as a user, one would require a good bright copy of just the key server’s public key so that the key server’s signatures could be verified. A trusted centralized key server or Certifying Authority is especially appropriate for large impersonal centrally-controlled corporate or government institutions.
- How to encode messages to send to one or more people using a secret key?
The process of encoding messages may require a digital signature; PGP helps in encryption of the secret key but not the whole message with your secret key that would consume a lot of time. PGP encryption is on a “message digest” which is a compact (128 bit) “distillate” of your message. It’s like a “fingerprint” of a word. The message digest is a representation of your message; in a way that in case the message was changed, then a different message digest would get generated, which is different from the first one. That makes it easy to notice forgery in send messages during transmission. The hash function is used to calculate a message digest, which uses the cryptographic method; it offers one-way security. It would get hard for hijackers to devise messages during transmission that would result in a similar message-digest when received. As a result, a message digest is better when compared to a checksum. It is possible to devise a message and then produce the same checksum at the receiver end. It’s impossible to derive a similar message-digest after the device of a word using the hash function.
The algorithm of message-digest is well known, and it’s different from the calculation if secret keys that require sophisticated knowledge. The message digest is not just attached to the message being sent. Because if it was so, a forger could change the word and attach altered message digest by calculating from the new altered signal of the system. To offer a secure authentication, the sender has to encrypt the message digest with a secret key. A message digest is derived from the message by the sender. The sender’s secret key is used to encrypt the message digest and with the automatic formation of a digital signature or certificate signature. The sender attaches a digital signature along with the message. The receiver gets the message and the numeric name and decrypts the original message digest from the digital signature by decrypting it using the sender’s public key. The receiver calculates the message digest from the received message, then confirms whether it matches the word from the digital signature. A mismatch means that the letter was forged during transmission. Or it does not come from the expected sender who possesses the public key used to check the signature. A potential forger would modify the message that gives a similar message-digest or create a new digital signature from a different message digest, without the knowledge of the actual sender’s secret key. The digital signature proves the message sender and the originality of the message, which implies that the sender cannot quickly disavow his signature on the message.
How to create a ciphertext message using PGP and include it in your e-mail for transmission as standard e-mail on the internet
- Compose the message of the e-mailyou want to send in the form of any language you wish to use for example; German, French, English, Spanish,
- After composing the e-mail, you can use the cursor, which is located somewhere in the body of your composed message, to make any changes as required. Click on the PGPtray icon, which is located at the lower right corner of your screen.
- From the pop-up menu displayed, choose Current Window, from the Current Window sub-menu displayed, select Encrypt & Sign. It will bring up a dialog box where you should see the list of Public Keys, including that of the person or persons to whom you wish to send your message. The Private Key is kept privately in a Private Keyring file. It is encrypted with your secret passphrase; therefore, if someone gets access to your Private Keyring file, it will be unusable without access to the passphrase, which is used to decrypt the key before using it. When PGP requires to use the Private Key in the process of Decryption of Encrypted Messages or to Sign up a Message before sending or another person’s Public Key, it will be important to re-enter the passphrase. By default, PGP will remember the passphrase that you chose within a short period so that it’s not necessary to re-enter it if needed in more than once within a short time frame. However, two minutes isn’t much time, and the chances are that you will be required to re-enter your passphrase each time it’s required unless you alter that kind of default. Step 14 explains how to perform that process with alerts concerning how to use the cache with minimum risks and safety.
- Double click the identified Public Key of the person to whom you wish to send your message to. It selects the key and moves it to the recipients. When it’s done, click, OK.
- You will get a request to fill your passphrase. Enter carefully to ensure that it’s accurate. Then enter OK. If it goes well, your message is turned to ciphertext.
- Using online certificate checker https://www.digicert.com/help/ to check the validity of iau.edu.sa certificate? Provide details of the certificate
DNS resolves iau.edu.sa to 91.227.24.32
HTTP Server Header: Apache/2.2.22 (Ubuntu)
TLS Certificate
Common Name = *.iau.edu.sa
Subject Alternative Names = *.iau.edu.sa, iau.edu.sa
Issuer = DigiCert SHA2 Secure Server CA
Serial Number = 0499F259C24750908EC9AD5B828B9BE0
SHA1 Thumbprint = BD5C2E867488EE6DDF22A8E850311C32410007E4
Key Length = 2048
Signature algorithm = SHA256-RSA
Secure Renegotiation:
TLS Certificate expiration: The certificate expires August 3, 2020 (119 days from today)
Certificate Name matches iau.edu.sa
TLS Certificate is correctly installed: Congratulations! This certificate is correctly installed.
Test also the uod.edu.sa domain.
DNS resolves uod.edu.sa to 91.227.24.32
HTTP Server Header: Apache/2.2.22 (Ubuntu)
TLS Certificate
Common Name = *.iau.edu.sa
Subject Alternative Names = *.iau.edu.sa, iau.edu.sa
Issuer = DigiCert SHA2 Secure Server CA
Serial Number = 0499F259C24750908EC9AD5B828B9BE0
SHA1 Thumbprint = BD5C2E867488EE6DDF22A8E850311C32410007E4
Key Length = 2048
Signature algorithm = SHA256-RSA
Secure Renegotiation:TLS Certificate has not been revoked
TLS Certificate expiration: The certificate expires August 3, 2020 (119 days from today)
Certificate does not match name uod.edu.sa
Reference
Bennett, C. H., & Brassard, G. (2020). Quantum cryptography: Public key distribution and coin tossing. arXiv preprint arXiv:2003.06557
Froidevaux, N., &Cachin, C. (2020). Threshold Cryptography with Tendermint Core.
Genise, N., Micciancio, D., Peikert, C., & Walter, M. (2020). Improved Discrete Gaussian and Subgaussian Analysis for Lattice Cryptography.
Genise, N., Micciancio, D., Peikert, C., & Walter, M. (2020). Improved Discrete Gaussian and Subgaussian Analysis for Lattice Cryptography.