openpgp-notes/book/source/03-cryptography.md

136 lines
8.1 KiB
Markdown
Raw Normal View History

(cyrptography_chapter)=
2023-09-29 19:01:22 +02:00
# Cryptographic concepts and terms
2023-09-28 17:53:56 +02:00
```{admonition} VISUAL
:class: warning
2023-09-21 13:09:48 +02:00
- Introduce visualizations for cryptographic primitives
2023-09-26 20:06:44 +02:00
- Show example visualizations for operations? (encrypt/decrypt and signing/verification - only if we're going to reuse the visual primitives later)
```
2023-10-12 16:31:59 +02:00
## Cryptographic hash functions
2023-10-12 16:31:59 +02:00
[Cryptographic hash functions](https://en.wikipedia.org/wiki/Cryptographic_hash_function) take data strings of any length (like a text message or file) and output a fixed-size code, often called a "hash" or "digest." This hash acts like a unique identifier for the original data.
2023-09-28 16:02:30 +02:00
2023-10-12 16:31:59 +02:00
Here are two important properties of cryptographic hash functions:
2023-10-12 16:31:59 +02:00
- ["Pre-image resistance"](https://en.wikipedia.org/wiki/Preimage_attack): Given a hash value, it should be very difficult to determine the original data it represents.
- ["Collision resistance"](https://en.wikipedia.org/wiki/Collision_resistance): It should be very difficult to find two distinct pieces of data that map to the same hash value.
2023-09-26 20:06:44 +02:00
## Symmetric-key cryptography
[Symmetric-key cryptography](https://en.wikipedia.org/wiki/Symmetric-key_algorithm) uses the same cryptographic key for both encryption and decryption, unlike asymmetric cryptography where a pair of keys is used: a public key for encryption and a corresponding private key for decryption. Symmetric-key cryptographic systems support *encryption/decryption* operations.
2023-09-26 20:06:44 +02:00
Participants in symmetric-key operations need to exchange the shared secret over a secure channel.
2023-09-28 17:53:56 +02:00
```{admonition} VISUAL
2023-09-26 20:06:44 +02:00
:class: warning
- visualization? (maybe a black key icon, following wikipedia's example?)
```
2023-09-29 19:01:22 +02:00
### Benefits and downsides
2023-09-28 16:02:30 +02:00
Symmetric-key cryptography has major benefits: It is much faster than public-key cryptography (see below). Also, most current symmetric cryptographic algorithms are considered quantum-resistant[^postquantum].
```{admonition}
:class: warning
I am not convinced that this information is helpful but, if it remains, perhaps we need this additional statement: "That is, symmetric-key cryptographic mechanisms are currently considered to be resilient against known computer threats, providing a measure of assurance in the evolving landscape of cryptography and quantum computing."
2023-10-04 20:18:34 +02:00
[^postquantum]: Daniel J. Bernstein (2009). ["Introduction to post-quantum cryptography" (PDF)](http://www.pqcrypto.org/www.springer.com/cda/content/document/cda_downloaddocument/9783540887010-c1.pdf) states that: "many important classes of cryptographic systems", including secret-key cryptographic mechanisms like AES "[..] are believed to resist classical computers and quantum computers." (pages 1, 2).
```
2023-09-28 17:53:56 +02:00
2023-09-29 19:01:22 +02:00
However, exchanging the required shared secret is a problem that needs to be solved separately.
[Hybrid cryptosystems](hybrid_cryptosystems) combine the advantages of symmetric-key cryptography with a separate mechanism for managing the shared secret, using public-key cryptography.
2023-09-28 16:02:30 +02:00
2023-09-26 20:06:44 +02:00
### Symmetric-key cryptography in OpenPGP
2023-10-04 20:18:34 +02:00
Symmetric-key cryptography is used in OpenPGP in three contexts:
- most prominently, as part of a hybrid cryptosystem to encrypt and decrypt data,
- to encrypt [password-protected private key material](https://www.ietf.org/archive/id/draft-ietf-openpgp-crypto-refresh-10.html#name-secret-key-encryption), and
2023-10-12 17:19:59 +02:00
- for [password-protected data encryption](https://www.ietf.org/archive/id/draft-ietf-openpgp-crypto-refresh-10.html#name-symmetric-key-encrypted-ses), a less commonly used feature of the standard.
2023-09-26 20:06:44 +02:00
2023-10-04 20:18:34 +02:00
Where symmetric keys are used in OpenPGP for data encryption, they are called either "message keys" or "session keys[^sessionkey]."
2023-10-12 17:19:59 +02:00
[^sessionkey]: In OpenPGP version 6, the ["Version 2 Symmetrically Encrypted Integrity Protected Data Packet Format"](https://www.ietf.org/archive/id/draft-ietf-openpgp-crypto-refresh-10.html#name-version-2-symmetrically-enc) requires that a "message key" is derived from a "session key." In contrast, up to OpenPGP version 4, and in version 6 when using ["Version 1 Symmetrically Encrypted Integrity Protected Data Packet Format"](https://www.ietf.org/archive/id/draft-ietf-openpgp-crypto-refresh-10.html#name-version-1-symmetrically-enc), the "session key" was used directly as a symmetric encryption key.
2023-09-26 20:06:44 +02:00
### Authenticated encryption with associated data (AEAD)
[Authenticated encryption](https://en.wikipedia.org/wiki/Authenticated_encryption) offers more than just confidentiality; it ensures data integrity too.
2023-09-28 16:02:30 +02:00
In OpenPGP version 6, AEAD replaced the MDC[^MDC] mechanism to address malleability. In earlier OpenPGP versions, malicious alterations to ciphertext might go unnoticed. AEAD guards against such undetected changes.
2023-10-04 20:18:34 +02:00
[^MDC]: In OpenPGP version 4, a mechanism called MDC (Modification Detection Code) was introduced to serve a comparable purpose as AEAD. While MDC is a non-standard mechanism, as of this writing, there are no known attacks against the scheme.
By addressing the malleability problem, AEAD also counters a variation of the EFAIL[^efail] attack.
2023-10-04 20:18:34 +02:00
[^efail]: A variation of the [EFAIL](https://en.wikipedia.org/wiki/EFAIL) attack can be prevented by both the MDC and AEAD mechanisms. Also see ["No, PGP is not broken, not even with the Efail vulnerabilities,"](https://proton.me/blog/pgp-vulnerability-efail) especially the section "Malleability Gadget Exfiltration Channel Attack."
2023-10-04 20:18:34 +02:00
2023-09-26 20:06:44 +02:00
## Public-key (asymmetric) cryptography
2023-09-26 20:06:44 +02:00
[Public-key cryptography](https://en.wikipedia.org/wiki/Public-key_cryptography) uses asymmetric pairs of related keys. Each pair consists of a public key and a private key. These systems support encryption, decryption, and digital signature operations.
2023-09-26 20:06:44 +02:00
Unlike symmetric cryptography, participants are not required to pre-arrange a shared secret. In public-key cryptography, the public key material is shared openly for certain cryptographic operations, such as encryption and signature creation, while the private key, kept confidential, is used for operations like decryption and signature verification.
2023-10-02 21:40:28 +02:00
(asymmetric_key_pair)=
### Asymmetric cryptographic key pairs
In many places, we'll deal with asymmetric cryptographic key pairs:
```{figure} diag/cryptographic_keypair.png
---
---
2023-09-26 20:06:44 +02:00
An asymmetric cryptographic key pair
```
2023-09-29 19:01:22 +02:00
An asymmetric cryptographic key pair consists of a public and a private part. In this document, we'll show the public part of a key pair in green, and the private part in red.
Note that in many contexts, only the public part is present (more on that later):
```{figure} diag/keypair_pub.png
---
---
2023-09-26 20:06:44 +02:00
Only the public part of an asymmetric key pair
```
2023-09-28 17:53:56 +02:00
### Public-key cryptography in OpenPGP
OpenPGP makes heavy use of public-key cryptography, both for encryption and signing operations.
```{admonition} Terminology
:class: note
For historical reasons, the OpenPGP RFC and other documentation often use the non-standard term "secret key" instead of the more common "private key."
2023-09-29 19:01:22 +02:00
So in OpenPGP, the pair of terms "public/secret key" is sometimes used instead of the more common "public/private key."
```
2023-09-28 17:53:56 +02:00
2023-09-26 20:06:44 +02:00
### Cryptographic digital signatures
2023-09-28 17:53:56 +02:00
[Digital signatures](https://en.wikipedia.org/wiki/Digital_signature) are a mechanism that is based on asymmetric cryptography. With this mechanism, one actor can make a signature over a digital message, and another actor can check the validity of that signature.
2023-09-28 17:53:56 +02:00
The signer uses digital signatures to make statements about the message. Third parties can then inspect these statements.
2023-09-25 16:43:26 +02:00
2023-09-28 17:53:56 +02:00
```{admonition} VISUAL
:class: warning
- add visualization showing: message + private key + sign = signature -> message + signature + public key + verify = ok?
```
In OpenPGP, digital signatures are used in two different contexts:
- [Certification statements](certifications_chapter)
- [Signatures over data](signing_data)
2023-09-28 16:02:30 +02:00
(hybrid_cryptosystems)=
2023-09-26 20:06:44 +02:00
## Hybrid cryptosystems
2023-09-25 16:43:26 +02:00
2023-09-28 17:53:56 +02:00
[Hybrid cryptosystems](https://en.wikipedia.org/wiki/Hybrid_cryptosystem) combine two cryptosystems and make use of their respective advantages:
- A public-key cryptosystem is used to safely handle shared secrets over insecure channels (in OpenPGP: so-called "session keys")
- A symmetric-key cryptosystem is used to efficiently encrypt and decrypt long messages (using an OpenPGP "session key" as the shared secret)