21C3 Schedule Release 1.1.7

21st Chaos Communication Congress
Lectures and workshops

Speakers
Picture of Seth Hardy Seth Hardy
Schedule
Day 2
Location Saal 1
Start Time 12:00 h
Duration 01:00
INFO
ID 131
Type Lecture
Track Hacking
Language english
FEEDBACK

Learning OpenPGP by example

The goal of this talk is to help demystify some of the internals of the OpenPGP standard, through example, so that others can learn from and hopefully continue the process. The current (free) open source implementations of the OpenPGP standard are easily better than many commercial solutions, as well as more readily supported. To do this, I will show off a number of the OpenPGP-based projects I've been working on lately, including: subliminally leaking keys in digital signatures; vanity key generation; extending the web of trust to ssh host keys; and maybe even some attacks against the keyserver network that I'll later regret showing off code for.

In years past, PGP was the de facto standard for application level encryption, specifically for applications such as email. Now, with the advancement of the open source movement, we have the open source replacement (GPG, Gnu Privacy Guard), as well as an open standard for future interoperability (the openPGP standard, aka RFC 2440).

Open source code and a well documented open standard make for a much easier time to improve and develop tools that make encryption readily available to everyone, even people who are not very technical.

The goal of this talk is to help demystify some of the internals of the OpenPGP standard, through example, so that others can learn from and hopefully continue the process. The current (free) open source implementations of the OpenPGP standard are easily better than many commercial solutions, as well as more readily supported.

I will cover the recent work i have been doing with gpg, including: use of the subliminal channel in DSA for purposes of leaking keys, tagging, and tracking people; extension of gpg to allow for beneficial use of the subliminal channel; how writing tools to integrate encryption functionality with existing systems is easy, using the perl Crypt::OpenPGP implementation; and how i am working on implementing elliptic curve cryptography for GPG.

Archived page - Impressum/Datenschutz