December 10, 2006

Keys and Ciphers

Posted in Commentary, OSX Software, OSX Technical at 9:27 am by Michael Sweeney Media

Ciphers have been used since the earliest days of Egypt (found as early as 1900BC) and have evolved over the years to ciphers that are nigh unbreakable even by the NSA and their supercomputers. A cipher is just the device or algorithm used to encrypt the data that you want to keep private. There are many ciphers such as DES, 3DES, AES, BLOWFISH, IDEA and more. This blog entry is not meant to be a treatise on cipher design or even an in-depth discussion on encryption. I just want to give an overview of a set of tools available to the OSX user that provides decent encryption and an easy way to use it. So to that end, I will explain a few terms and concepts and then I will over GPG and some nice GUI tools for OSX to use with GPG.

There are some key terms to know for Public Key Infrastructure or PKI.

• Private Key – This is one half of the pair of keys used in PKI and the one key that is NEVER given out to anyone. You can protect this key by using an expiration date and/or a passphrase.
• Public Key – This is the second half of the PKI and this is the one key that you CAN give out to anyone or even place on a keyserver for anyone to use to send you encrypted or signed files.
• Hash – Hashing is a method of taking a piece of data and generating a mathematical checksum from it using a hashing algorithm such as MD5 or Message Digest 5.
• RSA – RSA or Rivest, Shamir and Alderman is a public key cipher both to encrypt and digitally sign data.
• DSA – DSA or Digital Signing Algorithm is also a public key cipher but only used to digitally sign data, not encrypt.
• AES – AES or Advanced Encryption Standard and is symmetrical and intended to replace DES.
• IDEA – IDEA or International Data Encryption Algorithm is a “drop in” replacement for DES.
• DES – DES and 3DES are both Data Encryption Standard which was designed in 1976 and is in widespread use today. It was thought to relatively secure but with the advent of low cost personal computers and distributed computing, it was proven to b e easily cracked.
• SHA – SHA or Secure Hash Algorithm comes in two version, version 1 and 2. SHA is intended to be a replacement for MD5.

Now that you know some terms, lets hit some light history of Cryptography. I mentioned earlier that the Egyptians so far have the record of the earliest known use of ciphers. Julius Caesar used a simple substitution method of encryption to protect his messages in Rome. Our own Thomas Jefferson in 1790 developed a cipher wheel that was actually used by the US Navy in WWII. In the late 20s and early 30s, the FBI had to establish an office for the combating of Rum runners using ciphers and encryption in their illicit business. In 1976, DES was introduced to the world and in 1977, RSA was introduced to the world in Scientific American Magazine and the Feds promptly flipped out over it. Apparently it was just ok for the Feds to have encryption and not the common man. That battle is still raging today with PGP (Pretty Good Privacy) which had the Feds sue the inventor, Phil Zimmermann, for trafficking in munitions (they lost in the end). We now have the free version of PGP called GPG (GNU Privacy Guard). And GPG is what we care about today on our Macs.

What we need to do first is get the packages or the source files for GPG. There are several DMG files to find that will make your life much easier. Before we do anything, we have to install GPG on our Mac. We can get it here. Once you have downloaded it (I am assuming here that you will have the DMG file), we need to run the installer. The installer makes it very easy to install GPG on the Mac. You should always verify the  checksum of the files before you run them just to be sure.

Once you have GPG installed, you can download the rest of the files and start to use GPG.

GnuPG1.4.5GPG_Keychain_Access
GPGDropThing
GPGFielTool
GPGPreferences
GPGMail

The installation of these tools is very straightforward, they are just any other OSX application. Either run the package installer or drag the application into your App folder. The first application we need to run is the GPGkeys. We need to make a pair of keys, one private and one public. It is these keys that gives us the ability to encrypt or digitally sign files, documents and other data.

Making a new Key

step1

Setting the Expiration Date

step2

Setting the Identity of the Key pair
step3

Now we set the passphrase. DO NOT FORGET THIS PASSWORD!!

step4

Now we actually make the key. Depending on the size of the key and the speed of the processor, this step can take awhile.

step5

And FINALLY, we have our key pair made and ready to use.
step6

This is it for now. Next time I will show you how to use the other parts of GPG with OSX to encrypt files and mail.

Advertisements

1 Comment »

  1. Hi!

    I came across your article while searching for documentation about GPGDropThing.

    I just reinstalled gpg on my new Macbook Pro. As I decided to go from Thunderbird and enigmail to a webmail service I wanted to try out GPGDropThing. It does decrypt mails sent to me fine, but I’m only able to encrypt outgoing mails to my own address. Other recipients – although I have their public keys and GPG Keychain Access shows them – are not in the drop down list.

    Do have any idea what could cause this problem? Any help is higly appreciated!

    Thanks a lot!

    Marc Loehrwald


Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: