Lecture
Public key ciphers also have flaws. First, encryption / decryption operations require significantly more computational resources and, accordingly, are performed more slowly than with the use of symmetric ciphers. Secondly, public key algorithms have certain features that make them difficult to use and make it undesirable to use these algorithms for encrypting large amounts of data. Public key ciphers, however, are effective in distributing keys of symmetric ciphers and it is for this purpose that they are used in hybrid cryptosystems.
It should be remembered that a hybrid cipher is no more stable than the weakest cipher it uses. Those. if a weak symmetric cipher is used, then it does not make sense to use a public key cipher with a huge key length.
Type of | PGP |
---|---|
Author | Werner Koch |
Developer | GNU Project |
Written on | Si |
operating system | Cross-platform software |
Interface languages | multiple languages [d] |
First edition | December 20, 1997 [1] |
Latest version | 2.1.12 (May 4, 2015) |
License | GNU General Public License version 3 |
Site | gnupg.org |
GNU Privacy Guard ( GnuPG , GPG ) is a free program for encrypting information and creating electronic digital signatures. Developed as an alternative to PGP and released under the free GNU General Public License. GnuPG is fully compatible with the IETF OpenPGP standard. Current versions of GnuPG can interact with PGP and other OpenPGP-compatible systems.
The project was created by Werner Koch (him. Werner Koch ). The original name of the project was not GnuPG, but G10 (in honor of the tenth article of the Constitution (him. G rundgesetz ) of Germany). This article is similar to Article 23 of the Constitution of the Russian Federation, which guarantees confidentiality of correspondence, negotiations and other communications. American programmer Philip Zimmermann published the source code of his PGP program (designed to protect e-mail messages) on the Internet. Restrictions in the United States did not allow the export of cryptographic software abroad. The US government began to pursue Zimmermann, and then he bypassed this restriction - he published the source code in the book, and already abroad it was possible to type this source code from the book and compile it on a computer. The severe restrictions of the US government did not allow other countries to use strong cryptography in software of American companies (including Microsoft Windows). It is impossible to develop cryptographic software in the United States with the possibility of further export to other countries, and therefore some of this software was created outside the United States (for example, OpenBSD in Canada, GnuPG in Germany). The German government, wanting to get strong cryptography in the Microsoft Windows operating system, sponsored GnuPG porting to the Windows platform in 2000. The US government tried to force the German government to reconsider its stance on the release of strong cryptography on the Windows platform, but, having achieved nothing, it eventually weakened its export restrictions on cryptographic software.
Version 0.0.0 was released on December 20, 1997. Version 1.0.0 was released on September 7, 1999.
August 1, 2006 version 1.4.5 was released; November 13, 2006 - version 2.0; October 3, 2014 - version 2.1.
Currently the following versions exist:
All branches of GnuPG versions are developed in parallel.
GnuPG is a program that runs on almost all operating systems: from Microsoft Windows and GNU / Linux to Mac OS X, FreeBSD, OpenBSD, NetBSD, etc.
Although the main GnuPG interface is the command line, there are various external add-ons that make the functionality of this program available through a graphical user interface. For example, GnuPG is integrated into KMail and Evolution graphical email clients. The plugin engine is fully compatible with the OpenPGP standard.
Using the Enigmail extension, GnuPG works in the Mozilla Thunderbird email client to encrypt and authenticate messages. GnuPG support is also available in Mutt, The Bat! and gnus.
Using GPGrelay, you can encrypt and sign emails using GnuPG by any email client using the POP3, IMAP4, SMTP protocols.
For users of the Microsoft Windows operating system, the second branch of GnuPG comes immediately with a graphical interface. Since 2005, the developers of the GnuPG project have been releasing Gpg4win (GNU Privacy Guard for Windows) - an installation package that includes:
In essence, Gpg4win is the official version of GnuPG for the Windows platform and all components included in this package are also free.
Also, using additional GnuPG or SecureIM plugins, you can achieve message encryption using GnuPG in the Miranda IM instant messaging client.
GnuPG is supported by Psi and Gajim Jabber clients.
Until June 7, 2010, FireGPG [2] was being developed - an add-on for Firefox, which allowed GnuPG support to be added to this browser. Among other things, it allowed GnuPG to be integrated into Gmail. Due to the fact that the Gmail web interface was constantly changing, the author of the plug-in stopped first supporting encryption of Gmail mail, and then the entire plug-in. About 30 thousand people used this FireGPG plugin.
Another WebPG browser plugin exists in versions for Firefox (Seamonkey, Thunderbird) and Chrome (Chromium). It supports functions: encryption, decryption, digital signature, key management. The current version is 0.9.2 dated January 24, 2013. There is experimental integration with Gmail.
Another valid plugin that allows the use of cryptographic protection (encryption and EDS) in a message on a page on the Internet for the Chrome browser is GPG4Browsers. This plugin was originally released by the German company Recurity Labs, but then transferred to a separate project OpenPGP.js.
Using plug-ins in browsers allows you to guarantee that a message belongs to a person (via EDS) or allows you to read a message that is publicly available to someone (for whom this message is encrypted). Including possible use of these plugins in social networks or email.
GnuPG encrypts messages using asymmetric key pairs generated by GnuPG users. Public keys can be exchanged with other users in various ways, including through the Internet using key servers. GnuPG also allows you to add a cryptographic digital signature to a message, while the integrity and the sender of the message can be checked.
GnuPG does not use proprietary or otherwise limited software and / or algorithms, including the IDEA algorithm, which is introduced in PGP almost from the beginning. GnuPG uses other generic algorithms CAST5, 3DES, AES, Blowfish and Twofish. However, it is possible to use the IDEA algorithm in GnuPG with the help of an additional module.
GnuPG is a hybrid cryptographic software that uses a combination of standard encryption using symmetric keys and public key encryption for secure key exchange, the recipient's public key is needed to encrypt the session key once. This mode of operation is part of the OpenPGP standard and part of PGP in its first version.
The OpenPGP standard defines several methods for digitally signed messages. Because of an error made as a result of trying to make these methods more efficient, a vulnerability appeared. This affects only one method in digitally signing messages, only for some releases of GnuPG (1.0.2 to 1.2.3), and there were less than 1000 such keys listed on key servers. [3]
Vulnerability (CVE-2016-6313) was found by experts from the Karlsruhe Institute of Technology, Felix Dörre and Vladimir Klebanov; The bug is present in all versions of GnuPG and Libgcrypt, released before August 17, 2016.
The essence of the problem: if an attacker succeeds in extracting 4620 bits of data from a random number generator, he will be able to predict the next 160 bits of the sequence.
The developers statement specifically states that the problem should not affect the security of existing RSA keys. Also, experts believe it is highly unlikely that someone will be able to use public information to predict the private keys DSA and Elgamal, but the document says that the problem is still being investigated.
Vulnerability resolved with release of Libgcrypt 1.7.3, 1.6.6 and 1.5.6 and release of GnuPG 1.4.21. [four]
Comments
To leave a comment
Information security, Cryptographic ciphers
Terms: Information security, Cryptographic ciphers