* 3 *
None this week.
The purpose if this week's exercises is
- To gain experience with public-private key methods.
- To obtain your own key pair, so that I can verify whether
you have written the answers to your problems.
- To understand why these cryptographic methods do not really
increase security -- only change the nature of the problem.
If you experience problems carrying out these exercises, try them
on a GNU/Linux machine with version 1.0.4 or greater of GPG. Some
versions of GPG have known bugs.
Note: everyone must complete this exercise in person. You will
use the techniques here to identify your contributions to the
- Think of a phrase which is easy to remember, then
make yourself a public-private key pair with
Choose all the default values. If you make a mistake, delete your
keys cd; rm -r .gnupg and start again.
- If anyone gets hold of your private key, they have the digital
equivalent of your fingerprints and DNA! Draw a vulnerability tree for
your private key. Bear in mind that the key is stored in a file on
your disk. How would your tree be different if you were working on a
- Download my public key, by typing
gpg --import filename
If you are complete certain that this key is mine, you could
sign it, to indicate that you trust that they key is mine.
If you are not sure, you could ask me for my key in a more secure
gpg --edit-key mark
- A slightly more secure way for me to distribute my key is for me to sign
my key like this:
gpg --clearsign markskey
This results in a file called markskey.asc. Save
this to a file and type
gpg --verify markskey.asc
You can now verify that the owner of the private key for "Mark Burgess"
is the same person as the owner of the public key that you have received,
because the signature was made with the private key.
For these exercises we are using "cleartext"
keys and signatures, so that you can see what they look like. These
cleartext forms are useful for sending by E-mail, but it is
also possible to save in binary format..
- Ask yourself how you know that the key you have collected
is mine? Do you trust it? If so why?
Is there anything stopping you from making a keypair for
Bill Clinton or Mickey Mouse? Do you see why PGP does not solve the problem of
- Make your public key available to others as a file in your
home directory, by doing this:
gpg --export -a loginname > ~/www/pubkey; chmod 644 ~/www/pubkey
Check that the file is readable, and that it appears on the web page
of local public keys, so that
others can see your public key, and you can see theirs.
- This part must be done with your group, and documented for your
This problem is about a trust attack on these encryption
and sign mechanisms. For several years it was believed that, if
a message was encrypted and signed, then it was secure because
In this problem you will see that, based on what PGP/GPG
normally tells you about a message, you can be fooled about
who wrote what to whom!
You will need three users, each with their own key-pairs
in order to do this problem.
- It could only be read by the intended recipient (because
on he/she had access to a key which could decrypt it).
- That the identity of the sender would be confirmed by
signing the message, since only the owner of the sender's
private key could sign a message with his/her own identity.
- Sign then encrypt:
- A writes a message, signs it, then encrypts the message for B.
- B receives the message and decrypts it. B now has a message with
A's signature on it, which can be kept. The message says "I love you!".
- B is cold and unsympathetic to A's declaration of affection and decides
to embarrass A by sending the message to C.
- B encrypts a message, already signed by A, for C and sends it.
- C receives the message, but PGP/GPG does not say who encrypted
the message, only who signed it. Thus C believes that the message was
sent by A directly to C, and that A loves C.
- Encrypt then sign:
- A describes a secret money-making invention, encrypts it for B and signs it.
- C intercepts the message to B and hijacks the message.
- C strips off A's signature and replaces it with his own.
- C sends the altered message to B, whereupon C believes that it came from B.
- Think of some more examples of how these attacks could be used
Last modified: Sat Aug 4 15:44:33 MET DST 2001