Secdocs

Learn, hack!

Hacking and security documentation: slides, papers, video and audio recordings. All in high-quality, daily updated, avoiding security crap documents. Spreading hacking knowledge, for free, enjoy. Follow on .

Learning OpenPGP by example

General Info
Type
Audio
Tags
cryptography
Authors
Seth Fogie
Event
Chaos Communication Congress 21th (21C3) 2004
Indexed on
Mar 27, 2013
File details
URL
http://ftp.ccc.de/congress/21c3/audio/131%20Learning%20OpenPGP%20by%20Example.mp3
File name
131%20Learning%20OpenPGP%20by%20Example.mp3
File size
21.0 MB
MD5
f6352e38957683720c47a7ac6d12a170
SHA1
01e60c169113ecd6fdba2b8d384300b3ff7498aa
Abstract

The goal of this talk is to help demystify some of the internals of the OpenPGP standard, through example, so that others can learn from and hopefully continue the process. The current (free) open source implementations of the OpenPGP standard are easily better than many commercial solutions, as well as more readily supported. To do this, I will show off a number of the OpenPGP-based projects I've been working on lately, including: subliminally leaking keys in digital signatures; vanity key generation; extending the web of trust to ssh host keys; and maybe even some attacks against the keyserver network that I'll later regret showing off code for. In years past, PGP was the de facto standard for application level encryption, specifically for applications such as email. Now, with the advancement of the open source movement, we have the open source replacement (GPG, Gnu Privacy Guard), as well as an open standard for future interoperability (the openPGP standard, aka RFC 2440). Open source code and a well documented open standard make for a much easier time to improve and develop tools that make encryption readily available to everyone, even people who are not very technical. The goal of this talk is to help demystify some of the internals of the OpenPGP standard, through example, so that others can learn from and hopefully continue the process. The current (free) open source implementations of the OpenPGP standard are easily better than many commercial solutions, as well as more readily supported. I will cover the recent work i have been doing with gpg, including: use of the subliminal channel in DSA for purposes of leaking keys, tagging, and tracking people; extension of gpg to allow for beneficial use of the subliminal channel; how writing tools to integrate encryption functionality with existing systems is easy, using the perl Crypt::OpenPGP implementation; and how i am working on implementing elliptic curve cryptography for GPG.

About us

Secdocs is a project aimed to index high-quality IT security and hacking documents. These are fetched from multiple data sources: events, conferences and generally from interwebs.

Statistics

Serving 8166 documents and 531.0 GB of hacking knowledge, indexed from 2419 authors from 163 security conferences.

Contribute

To support this site and keep it alive, you can click on the buttons below. Any help is really appreciated! This service is provided for free, but real money is needed to pay bills.

Flattr this Click here to lend your support to: Keep live SecDocs for an year and make a donation at www.pledgie.com !