cryptography
#define cryptography: \
I-------------------------------------------------------------------------------------------------------------------------------\
I-------------------------------------------------------------------------------------------------------------------------------\
I-------------------------------------------------------------------------------------------------------------------------------\
I /$$$$$$ /$$ /$$ \
I /$$__ $$ | $$ | $$ \
I | $$ \__/ /$$$$$$ /$$ /$$ /$$$$$$ /$$$$$$ /$$$$$$ /$$$$$$ /$$$$$$ /$$$$$$ /$$$$$$ | $$$$$$$ /$$ /$$ \
I | $$ /$$__ $$| $$ | $$ /$$__ $$|_ $$_/ /$$__ $$ /$$__ $$ /$$__ $$|____ $$ /$$__ $$| $$__ $$| $$ | $$ \
I | $$ | $$ \__/| $$ | $$| $$ \ $$ | $$ | $$ \ $$| $$ \ $$| $$ \__/ /$$$$$$$| $$ \ $$| $$ \ $$| $$ | $$ \
I | $$ $$| $$ | $$ | $$| $$ | $$ | $$ /$$| $$ | $$| $$ | $$| $$ /$$__ $$| $$ | $$| $$ | $$| $$ | $$ \
I | $$$$$$/| $$ | $$$$$$$| $$$$$$$/ | $$$$/| $$$$$$/| $$$$$$$| $$ | $$$$$$$| $$$$$$$/| $$ | $$| $$$$$$$ \
I \______/ |__/ \____ $$| $$____/ \___/ \______/ \____ $$|__/ \_______/| $$____/ |__/ |__/ \____ $$ \
I /$$ | $$| $$ /$$ \ $$ | $$ /$$ | $$ \
I | $$$$$$/| $$ | $$$$$$/ | $$ | $$$$$$/ \
I \______/ |__/ \______/ |__/ \______/ \
I-------------------------------------------------------------------------------------------------------------------------------\
I-------------------------------------------------------------------------------------------------------------------------------\
I-------------------------------------------------------------------------------------------------------------------------------I
PGP & GPG Email for the Practical Paranoid by Michael W. Lucas
• the science of encryption
classical_cryptography
#define classical_cryptography:: \
_____ _ _ _ \
/ __ \ | (_) | | \
| / \/ | __ _ ___ ___ _ ___ __ _| | \
| | | |/ _` / __/ __| |/ __/ _` | | \
| \__/\ | (_| \__ \__ \ | (_| (_| | | \
\____/_|\__,_|___/___/_|\___\__,_|_|
• classical cryptography roughly means "pre-computer" cryptography
• all of the BELOW methods are "trivially" brute forceable one way or another
with minimal computational power
Statistical_decryption: Statistical_decryption:
• the encoding must be known
• statistical methods are used to deduct the most common tokens (letters/words/word segments)
Monoalphabetic_systems: Monoalphabetic_systems:
• each token has a single substitute
Casear: Casear:
{
Open alphabet | a | b | c | d | e | f | g | h | i | j | k | l | m | n | o | p | q | r | s | t | u | v | w | x | y | z |
-----------------+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+
Closed alphabet | v | w | x | y | z | a | b | c | d | e | f | g | h | i | j | k | l | m | n | o | p | q | r | s | t | u |
Casear("absent", 5) -> "vwnzio"
}
• the same alphabet is used for I/O
• each letter is mapped to another letter
• ancient roman technique
• the historical method is to shift the alphabet by an int (looping it around)
Keyword_variant:
• a keyword is inserted at the start of the alphabet
• the keyword must not contain any letter multiple times {or just leave out said repetitions}
{
Open alphabet | a | b | c | d | e | f | g | h | i | j | k | l | m | n | o | p | q | r | s | t | u | v | w | x | y | z |
-----------------+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+
Closed alphabet | s | y | m | b | o | l | a | c | d | e | f | g | h | i | j | k | n | p | q | r | t | u | v | w | x | z |
Casear_vk("absent", "symbol") -> "syqoir"
}
Polybios: Polybios:
• anchient greek
• the alphabet is placed in a grid
• conventionally the grid has an equal amount of rows and columns
• the greek alphabet has 25 letters (5^2)
• if the len(alphabet) cannot be squarerooted, its either extended {with ',', '.' symbols}
or multiple letters are merged {'i'/'j' traditionally; 'v'/'u'}
• the coordinates are read and combined into a 2 digit number
• the coordiate rading can be done in arbitrary directions as long as its consistent;
column first is conventional
• a keyword can be added to make decryption harder even if the methodology is known
{
| 1 | 2 | 3 | 4 | 5 |
---+---+---+---+---+---+
1 |'a' 'b' 'c' 'd' 'e'
---+ + + + + +
2 |'f' 'g' 'h'"i/j"'k'
---+ + + + + +
3 |'l' 'm' 'n' 'o' 'p'
---+ + + + + +
4 |'q' 'r' 's' 't' 'u'
---+ + + + + +
5 |'v' 'w' 'x' 'y' 'z'
---+ + + + + +
volatile -> 15 43 13 11 44 41 13 51
| 1 | 2 | 3 | 4 | 5 |
---+---+---+---+---+---+
1 |'s' 'e' 'r' 'b'"i/j"
---+ + + + + +
2 |'a' 'c' 'd' 'f' 'g'
---+ + + + + +
3 |'h' 'k' 'l' 'm' 'n'
---+ + + + + +
4 |'o' 'p' 'q' 't' 'u'
---+ + + + + +
5 |'v' 'w' 'x' 'y' 'z'
---+ + + + + +
volatile -> 15 14 33 12 44 51 33 21
}
Polyalphabetic_systems: Polyalphabetic_systems:
• a single token has multiple substitutes
Vigenere:
• each letter in the keyword represents an offset in the Casear cypther
— to effectively decrypt it, one need a tabula recta (along side with the code and keyword of course):
###| a | b | c | d | e | f | g | h | i | j | k | l | m | n | o | p | q | r | s | t | u | v | w | x | y | z |
---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+
a |'a' 'b' 'c' 'd' 'e' 'f' 'g' 'h' 'i' 'j' 'k' 'l' 'm' 'n' 'o' 'p' 'q' 'r' 's' 't' 'u' 'v' 'w' 'x' 'y' 'z'
b |'b' 'c' 'd' 'e' 'f' 'g' 'h' 'i' 'j' 'k' 'l' 'm' 'n' 'o' 'p' 'q' 'r' 's' 't' 'u' 'v' 'w' 'x' 'y' 'z' 'a'
c |'c' 'd' 'e' 'f' 'g' 'h' 'i' 'j' 'k' 'l' 'm' 'n' 'o' 'p' 'q' 'r' 's' 't' 'u' 'v' 'w' 'x' 'y' 'z' 'a' 'b'
d |'d' 'e' 'f' 'g' 'h' 'i' 'j' 'k' 'l' 'm' 'n' 'o' 'p' 'q' 'r' 's' 't' 'u' 'v' 'w' 'x' 'y' 'z' 'a' 'b' 'c'
e |'e' 'f' 'g' 'h' 'i' 'j' 'k' 'l' 'm' 'n' 'o' 'p' 'q' 'r' 's' 't' 'u' 'v' 'w' 'x' 'y' 'z' 'a' 'b' 'c' 'd'
f |'f' 'g' 'h' 'i' 'j' 'k' 'l' 'm' 'n' 'o' 'p' 'q' 'r' 's' 't' 'u' 'v' 'w' 'x' 'y' 'z' 'a' 'b' 'c' 'd' 'e'
g |'g' 'h' 'i' 'j' 'k' 'l' 'm' 'n' 'o' 'p' 'q' 'r' 's' 't' 'u' 'v' 'w' 'x' 'y' 'z' 'a' 'b' 'c' 'd' 'e' 'f'
h |'h' 'i' 'j' 'k' 'l' 'm' 'n' 'o' 'p' 'q' 'r' 's' 't' 'u' 'v' 'w' 'x' 'y' 'z' 'a' 'b' 'c' 'd' 'e' 'f' 'g'
i |'i' 'j' 'k' 'l' 'm' 'n' 'o' 'p' 'q' 'r' 's' 't' 'u' 'v' 'w' 'x' 'y' 'z' 'a' 'b' 'c' 'd' 'e' 'f' 'g' 'h'
j |'j' 'k' 'l' 'm' 'n' 'o' 'p' 'q' 'r' 's' 't' 'u' 'v' 'w' 'x' 'y' 'z' 'a' 'b' 'c' 'd' 'e' 'f' 'g' 'h' 'i'
k |'k' 'l' 'm' 'n' 'o' 'p' 'q' 'r' 's' 't' 'u' 'v' 'w' 'x' 'y' 'z' 'a' 'b' 'c' 'd' 'e' 'f' 'g' 'h' 'i' 'j'
l |'l' 'm' 'n' 'o' 'p' 'q' 'r' 's' 't' 'u' 'v' 'w' 'x' 'y' 'z' 'a' 'b' 'c' 'd' 'e' 'f' 'g' 'h' 'i' 'j' 'k'
m |'m' 'n' 'o' 'p' 'q' 'r' 's' 't' 'u' 'v' 'w' 'x' 'y' 'z' 'a' 'b' 'c' 'd' 'e' 'f' 'g' 'h' 'i' 'j' 'k' 'l'
n |'n' 'o' 'p' 'q' 'r' 's' 't' 'u' 'v' 'w' 'x' 'y' 'z' 'a' 'b' 'c' 'd' 'e' 'f' 'g' 'h' 'i' 'j' 'k' 'l' 'm'
o |'o' 'p' 'q' 'r' 's' 't' 'u' 'v' 'w' 'x' 'y' 'z' 'a' 'b' 'c' 'd' 'e' 'f' 'g' 'h' 'i' 'j' 'k' 'l' 'm' 'n'
p |'p' 'q' 'r' 's' 't' 'u' 'v' 'w' 'x' 'y' 'z' 'a' 'b' 'c' 'd' 'e' 'f' 'g' 'h' 'i' 'j' 'k' 'l' 'm' 'n' 'o'
q |'q' 'r' 's' 't' 'u' 'v' 'w' 'x' 'y' 'z' 'a' 'b' 'c' 'd' 'e' 'f' 'g' 'h' 'i' 'j' 'k' 'l' 'm' 'n' 'o' 'p'
r |'r' 's' 't' 'u' 'v' 'w' 'x' 'y' 'z' 'a' 'b' 'c' 'd' 'e' 'f' 'g' 'h' 'i' 'j' 'k' 'l' 'm' 'n' 'o' 'p' 'q'
s |'s' 't' 'u' 'v' 'w' 'x' 'y' 'z' 'a' 'b' 'c' 'd' 'e' 'f' 'g' 'h' 'i' 'j' 'k' 'l' 'm' 'n' 'o' 'p' 'q' 'r'
t |'t' 'u' 'v' 'w' 'x' 'y' 'z' 'a' 'b' 'c' 'd' 'e' 'f' 'g' 'h' 'i' 'j' 'k' 'l' 'm' 'n' 'o' 'p' 'q' 'r' 's'
u |'u' 'v' 'w' 'x' 'y' 'z' 'a' 'b' 'c' 'd' 'e' 'f' 'g' 'h' 'i' 'j' 'k' 'l' 'm' 'n' 'o' 'p' 'q' 'r' 's' 't'
v |'v' 'w' 'x' 'y' 'z' 'a' 'b' 'c' 'd' 'e' 'f' 'g' 'h' 'i' 'j' 'k' 'l' 'm' 'n' 'o' 'p' 'q' 'r' 's' 't' 'u'
w |'w' 'x' 'y' 'z' 'a' 'b' 'c' 'd' 'e' 'f' 'g' 'h' 'i' 'j' 'k' 'l' 'm' 'n' 'o' 'p' 'q' 'r' 's' 't' 'u' 'v'
x |'x' 'y' 'z' 'a' 'b' 'c' 'd' 'e' 'f' 'g' 'h' 'i' 'j' 'k' 'l' 'm' 'n' 'o' 'p' 'q' 'r' 's' 't' 'u' 'v' 'w'
y |'y' 'z' 'a' 'b' 'c' 'd' 'e' 'f' 'g' 'h' 'i' 'j' 'k' 'l' 'm' 'n' 'o' 'p' 'q' 'r' 's' 't' 'u' 'v' 'w' 'x'
z |'z' 'a' 'b' 'c' 'd' 'e' 'f' 'g' 'h' 'i' 'j' 'k' 'l' 'm' 'n' 'o' 'p' 'q' 'r' 's' 't' 'u' 'v' 'w' 'x' 'y'
{
let ${keyword} be "internet"
let ${message} be "The kiwi is flightless."
We lay the keyword over the message repeatedly:
"int erne ti nternetint."
"The kiwi is flightless."
We look up each index.
E.g column 'i', row 'T' becomes 'b'.
— > "bux ozjm ba semxuxlmfl"
}
modern_cryptography
#define modern_cryptography:: \
___ ___ _ \
| \/ | | | \
| . . | ___ __| | ___ _ __ _ __ \
| |\/| |/ _ \ / _` |/ _ \ '__| '_ \ \
| | | | (_) | (_| | __/ | | | | | \
\_| |_/\___/ \__,_|\___|_| |_| |_| \
GPG
• "post-classical cryptography"
— (in general) very hard to crack with computers, to quote the GPG FAQ:
" \
Can any of the ciphers in GnuPG be brute-forced? \
\
No. \
The laws of physics require that a certain amount of heat be used in computation. \
This is a consequence of the Second Law of Thermodynamics, \
and may not be violated under our current understanding of the laws of physics. \
Further, physics requires that a certain amount of time be used in computation. \
This is a consequence of the Heisenberg Uncertainty Principle, \
and may not be violated under our current understanding of the laws of physics. \
Using these two principles (the Landauer bound and the Margolus–Levitin limit), \
we can determine quite accurately how much heat would be released by a computer \
that brute-forced a 128-bit cipher. The results are profoundly silly: \
it’s enough to boil the oceans and leave the planet as a charred, smoking ruin. \
This is not to say that GnuPG cannot be successfully attacked. \
It is only to say that none of the ciphers in GnuPG are susceptible to brute-forcing. \
"
• notice the word current. Quantum-computers are theorized to have the potential
to be able to decrypt with much less resources burned through.
However, as of 2024, quantum computation is apparently in a state that is compare
to electricity in the 19th century.
Regardles, so called "post-quantum cryptography" is already being developed.
• relies on one way conversions { I taught of a number, its modulo 10 is 3; you will not be able to figure it out }
and or NP-hard problems with special cases, etc.
• a block cypher is an algorithm that encrypts a fixed sized message
(if you have a longer message, you gotta feed it in segments)
BRIEF_CASE_METAPHORE: BRIEF_CASE_METAPHORE:
• Alice wishes to send a package to Bob over mail
• Alice and Bob have a constitutional right for their packages not to be opened
• if this is violated they can get away jail free
• they wish to make sure the Glowies cannot peak inside without notice, to later on
reverse engineer evidence for an uncomming swatting
• so anyways, they wish to know their briefcase of crack in safety
{
,=, _
|( )| ┌───┐ ( )
.- -. ┏┷━━━┷┓ .---.
| | ┃ XXX ┃ | |
Alice ┗━━━━━┛ Bob
,=, _
|( )| F ┌#──┐ ( )
.- -. O ┏┷━━━┷┓ .---.
| | ┃ XXX ┃ | |
Alice ┗━━━━━┛ Bob
,=, _
|( )| F ┌#─@┐ E ( )
.- -. O ┏┷━━━┷┓ O .---.
| | ┃ XXX ┃ | |
Alice ┗━━━━━┛ Bob
,=, _
|( )| F ┌──@┐ E ( )
.- -. O ┏┷━━━┷┓ O .---.
| | ┃ XXX ┃ | |
Alice # ┗━━━━━┛ Bob
_
E ( ) ┌───┐
O .---. ┏┷━━━┷┓
| | XXX ┃ ┃
@ Bob ┗━━━━━┛
}
SYMMETRIC: SYMMETRIC:
• there is only one key
.--.
┌─────┐ /.-. '----------. ┌─────┐
│ Msg │ \'-' .--"--""-"-' │ A#! │
│ │ '--' │ @i- │
│ │ <---------------------------> │ g\? │
└─────┘ key └─────┘
• the key, for convenience, is usually a passphase
Diffie_Hellman_Merkle:
• relies on the discrete logarithm problem
• commonly explained in terms of mixing pains,
assuming deducting the input colors is hard
{
,=, | Public Space | _
|( )| | │ │ | ( )
.- -. │ │ .---.
| | a=4 | .└────────┘. | b=3 | |
Alice .-' {p=23;g=5} '-. Bob
│ ### │ | .-' '-. | │ ## │
+---│ ### │ .-' '-. │ ## │---+
| └────────┘ .-'| |'-. └────────┘ |
| . .-' '-. . |
| | .-' | | '-. | |
| |.-' '-.| |
| | A=5⁴%23 | | B=5³%23 | |
| V =4 =10 V |
| │ │----....| |....----│ # │ |
| └────────┘ ''''----.... ....----'''' └────────┘ |
| | ....-''''''-.... | |
| ....----'''' ''''----.... |
+-->│XXX##XXX│<'' | | ''>│XXX##XXX│<--+
└────────┘ └────────┘
s=10⁴%23 | | s=4³%23=18
=18 | |
}
• not a concrete algorithm; its protocol-ish
elliptic_curves:
https://curves.xargs.org/
https://www.rareskills.io/post/elliptic-curves-finite-fields
https://www.youtube.com/watch?v=nybVFJVXbww
• "ECC(ryptography)"
y² = x³ + ax + b
• drop-in replacement for the regular discrete logarithm problem
• harder to compute, therefor shorter key sizes yield the same security
• based on point multiplication on the surface of an elliptic curve
• adding a point to itself on an elliptic(!) curve will result in only one point
• the NSA has choosen "recommended" curves to use, for that exact reason,
most people dont trust them (and rightfully so, as it turns out,
it is mathematically proven that a backdoor could exist,
a cryptographical master-key basically)
private key - ${N}th power of the generator point
public key - coordinates of corresponding to the private key
▲ y ▲ y .'
│ ..' │ .'
│ .' │ .. ..'
│ ... .-' │ .' ''--'
│ .' '. .' │ |
│ '. .' '. │ '. ..--.
│ ``` '-. │ `` ''.
│ '. │ '.
│ ''. │ ',
┼──────────────────────▶ x ┼──────────────────────▶ x
finite_field_math:
𝔽 := "field"; set where +, -, * and / are defined
𝔽ₚ := finite field over 'p'
The elements of 𝔽ₚ are {0..'p'-1, O}.
— ${a} := 'p' - ${a}
${a} + ${b} := (${a} + ${b}) % 'p'
${a} - ${b} := (${a} + -${b}) % 'p'
${a} * ${b} := (${a} * ${b}) % 'p'
prime:
${a} * ${a}⁻¹ == 1
• if 'p' is a prime ${a}⁻¹ always exists for ${a} > 0
${a} / ${b} := ${a} * ${b}⁻¹ % 'p'
√${a} * √${a} == ${a}
DES: DES:
• "Data Encryption Standard"
• depricated
• 64 bit block cypher
• the key size is 64 bits
• out of every key byte, 1 is for parity checking, leaving an effective key of 56
• enctyption and decryption is done with the same algorithm
{
64 bits of 64 bit Key
plantext |
| |
V |
┌──────────────┐ |
│ Initial │ |
│ Permutation │ |
└──────────────┘ V
left 32 bits | | right 32 bits ┌─────────────────┐
V ┌──────┐<-|------------------│ key Permutation │
⊕<-│ fn f │<-+ └─────────────────┘
| └──────┘ | |
'-. .-' |
'-.__.-' |
.-' '-. |
.-' '-. V
| | ┌─────────────────┐
V ┌──────┐<-|------------------│ key Permutation │
⊕<-│ fn f │<-+ └─────────────────┘
| └──────┘ | |
' ' '
... 12 more :
to a total of 16 .
. . V
| | ┌─────────────────┐
V ┌──────┐<-|------------------│ key Permutation │
⊕<-│ fn f │<-+ └─────────────────┘
| └──────┘ | |
'-. .-' |
'-.__.-' |
.-' '-. |
.-' '-. V
| | ┌─────────────────┐
V ┌──────┐<-|------------------│ key Permutation │
⊕<-│ fn f │<-+ └─────────────────┘
| └──────┘ |
┌──────────────┐
│ Final │
│ Permutation │
└──────────────┘
|
V
64 bits of
cyphertext
}
3DES:
• "Triple DES"
• attempts to "save" DES
{
M K₁ +--+ k₂ +--+ k₂
| | | | | | | |
V V | V V | V V
┌─────┐ | ┌─────┐ | ┌─────┐
│ DES │ | │ DES │ | │ DES │
└─────┘ | └─────┘ | └─────┘
| | | | |
+----+ +----+ +---> C
}
AES: AES:
• "Advanced Encryption Standard"
• DES replacement
• 128 bit block cypher
• in operation, similar to DES
+----------+--------+
| Key size | Rounds |
+----------+--------+
| 128 bits | 10 |
| 192 bits | 12 |
| 256 bits | 14 |
+----------+--------+
• manages bytes in a grid like manner
• has its own bloody CPU instruction set
PUBLIC_KEY: PUBLIC_KEY:
• there are 2 keys
__ __
/o \______ /o \______
\__/-=^=^=' \__/-=^=^='
Decrypts what the private Decrypts what the public
key encrypted. key encrypted.
Shared with everyone. If leaked, you are fucked
• key must be generated (in contrast to just coming up with a passphase),
and they are too complex to realistically memorized
• keys are commonly stored as files
• the public key is publicised, after which,
the other must NOT be, or any and all security is compromised
• signing is the act of encoding a document with the primate key;
since only the public key can decrypt it, it proves that the keypair
belongs to you
• if someone wishes to send a private message, he would encrypt with your
public key, knowing that only your private key can decrypt it and
hence only you can read it
• secure communication can easily be established after the participiants
traded public keys
Knapsack: Knapsack:
— based on the knapsack problem:
Given a knapstack and an arbitrary number of blocks of various volumes,
can a subset of these blocks be found to completely fill the knapstack?
Formarly:
bool xᵢ
V = a₀x₀ + a₁x₁ + ... + aₙxₙ
3l 4l 6l 8l
│__│ bool | │~~│ bool | │~~~│ bool | │~~~~│ bool
│ │ X is_used[0]? --+-- │ │ X is_used[1]? --+-- │ │ X is_used[2]? --+-- │ │ X is_used[3]?
└──┘ | └──┘ | └───┘ | └────┘
┌──┘ └──┐
│ 10l │
│ Knap- │
│ sack │
└───────┘
• non-special cases of the knapstack problem are NP-hard
• a special case which is not, is when the volumes are super increasing
(each Nth element is larger than the sum of all before it)
• here the 2 keys are non-interchangeable
• depricated as the special case used for the private key turned out to be so special
that it can be correlated with the public key
RSA: RSA:
• "Rivest–Shamir–Adleman"
• the original
• not very performent
• commonly used for transmitting a shared key
• the 2 keys are conceptually interchangeable
• the private key is arbitrarily chosen
• relies on prime numbers (huge ones) and their factors
• cryptography is one of the reasons new primes are fiercely searched for
Signing: Signing:
• "digital signatures"
• named after analog ink signatures
• ensures that a message was approved by someone
• the message is """encrypted""" with a private key, anyone in the possession of the
public key (which, again, should be publicly available), may decrypt it
• since the signature could have been only left by the private key's owner,
we know it belongs to him
• this does not mean it was physically written by him by hand or
he is the messages sender
• whole documents might be signed
• electronic signatures are digital signatures with legal weight
Timestamping: Timestamping:
• signing with a data/time
— in formal cases the signer cannot be trusted with signing with the correct data,
a trusted 3th party must be involved
— RFC 3161 defines TSAs ("TimeStamping Authority"s)
1. the client sends checksum
2. the TSA combines it with the real time
3. the TSA signs it
4. this is sent back
(5. the timestamp is validated using both the author's and the TSA's public key)
Web_of_Trust: Web_of_Trust:
• there is a global Web of Trust and there are many web of trusts,
similar to Internet vs internets
• composed of people who mutually trust eachothers keys
• the web grows by key signing
• (You) know and trust Anon, Anon has signed the public key of Anony,
therefor you know you can trust Anony
• conformation before signing a key is a good idea {phone call; asking back for past events}
• signed keys are return-ed to the sender, granting them the right
to brag with your signature
• keyservers have bultin support
• a keyring is a collection of public keys (which are usually trusted)
• a keysigning party is an in-person social event with the intent
of building a web of trust
— trust levels (actually software implemented):
None : the identity is trusted, but this persons ability to verify is questionable
Marginal : the identity is trusted and this person seems reasonably skilled
Trusted : the identity is trusted and i trust this person completely with verificating others
Implicit : its literally me
• a path-finder is a program that shows how 2 keys relate to each other with regards to trust
PROGRAMS: PROGRAMS:
Gnu Privacy Guard
Shell_variables:
$GNUPGHOME : the directory configurations are read from; unset by default and instead $HOME is used
Files:
$GNUPGHOME/.gnupg/gpg.conf
$GNUPGHOME/.gnupg/dirmngr.conf
Shell_variables:
$GNUPGHOME : where the directory configurations are read from;
unset by default and instead $HOME is used
Environment_variabes:
${GPG_TTY}
${PINETRY_USER_DATA}
gpg [options] [files] : encrypts files
the --version flag also prints the available algorithms
— o [file] : specifies output file
Symetric_encryption:
— c : symmetric encryption
--cipher-alog [algo] : use encryption algorithm [algo]
--no-symkey-cache : do not cache password (therefor always ask for it)
Asymetric_encryption:
--full-gen-key : generate key pair
--list-public-keys : ?!
--list-secret-keys : ?!
--import [key] : adds someone else-s public key
gpgtar [options] [folder]
. ### Secure communication using GPG ###
1. Create keys:
• the default-s are fine if you dont know any better
• the creation is private and offline, the email address doesnt have to be valid (or verified)
• the name field will later be used to refer to the key
$ gpg --full-gen-key
Success can be verified by querying the keys:
$ gpg --list-public-keys
/home/anon/.gnupg/pubring.kbx
-----------------------------
pub ed25519 2023-02-10 [SC]
05D4D579A672AB3789322FB70F6007032F38734E
uid [ultimate] man <example@email.biz>
sub cv25519 2023-02-10 [E]
$ gpg --list-secret-keys
/home/anon/.gnupg/pubring.kbx
-----------------------------
sec ed25519 2023-02-10 [SC]
05D4D579A672AB3789322FB70F6007032F38734E
uid [ultimate] man <example@email.biz>
ssb cv25519 2023-02-10 [E]
2. Share the public key:
• query the public key in block format:
$ gpg --armor --export <name>
-----BEGIN PGP PUBLIC KEY BLOCK-----
mDMEY+aWzRYJKwYBBAHaRw8BAQdABWkIK/MJ1759U9/XKxncuPC77+KxMAi7BoVF
DgnLbKK0/%=(b24gPGFub25AYW5vbi5hbm9u(796BBMWCgA7FiEEBdTVea+LkgeJ
Mi+3D2AHAy84c04FAmPmls0CGwMFCwkIBwICIgIGFQoJCAsSBBYCAwECHgcCF4AA
CgkQD2AHAy84c06AOgEAwmLKr73DEJyejsuvs1Eio/3JeWY0JJfI6ANqCtprGAsB
AOc9xUPCEhpplb2pRSUJLOgTsaMS3gZFtwN1JyVir2UMuDgEY+aWzRIKKwYBBAGX
VQEFAQEHQLX371h7snspNaCVsC1OJDrEXBULHBCtazbT05YOgJE/AwEIB4h4BBgW
CgAgFiEEBdTVea+LkgeJMi+3D2AHAy84c04FAmPmls0CGwwACgkQD2AHAy84c04n
AQEAAklKej3ZHsMSEiX/JwDrc8MIf/LACCk/D9rOZOJhjsoBAMxkY41uz4gVp2Ls
iAY0XDD8c/XB3Qnsum/TPy8rVGcK
=4Nd0
-----END PGP PUBLIC KEY BLOCK-----
#