Mgmt. 298D: Electronic Commerce

Fall 1998
(updated 10/00)

Prof. A. Geoffrion

PGP: Notes and Optional Homework

You should have a good understanding of items 4 and 5 on the Week 3 Assignment sheet before continuing.

Suppose you have an on-line business, and your customers wish to pay you with a credit card over the Web (or email). You both worry about a criminal who can listen in to messages sent over the Internet. Such a person (cryptographers would call him an adversary) can collect your customers' credit card numbers and then use them fraudulently. As far as is known, there have been no such incidents. Possibly because anyone who has the skills to do that, and is located at the right place in the Internet hierarchy to have the necessary access, is already making a very nice legal income and wouldn't want to risk it by illegal activities. Nevertheless, your customers would like to have a more robust guarantee that their credit cards aren't been intercepted by criminals.

Encryption solves the problem very well. Instead of sending a message containing the credit card number over the Internet, the message is first encrypted on the customer's computer to yield the ciphertext, then this ciphertext is sent over the Internet, and finally it is decrypted on your company's computer. Now the adversary who intercepts your Internet communications gains nothing unless he can break your encryption system.

The encryption system's main component is a computerized algorithm that can encrypt and decrypt messages. The other important part of the system is the method of distributing keys (passwords) to the users. Fortunately, you don't have to invent a brand-new encryption system in-house (it would almost surely be very easily breakable). There are a number of systems invented and developed over the years that are now standard for certain types of communications. The benefits of standardized systems are that they

(a) have been subjected to many years of attempted break-ins by the best cryptographers in the world; if they didn't break by now, there is a good chance they won't be broken in your lifetime;

(b) are incorporated into widely-used software, such as browsers, etc., so that encryption comes virtually at no cost in time and money to users.

We briefly review by distinguishing two types of encryption: symmetric encryption and public-key encryption.

In our example, symmetric encryption works as follows. First you would somehow provide each of your customers with a lengthy password (e.g., "52A5Gdvcnaw8DslVKiaFQjmps221dd") that will be used for encryption; it is called a secret key. Once your customer has the secret key, her computer uses this key to encrypt her messages to you.

Incidentally, note that the passwords users invent for themselves, e.g. to access some computer system, are not good for encryption; they usually try to pick a simple word, and make a couple of changes to it. This implies that an adversary can break the system by trying all words in the English dictionary with all possible simple changes applied (e.g., adding a digit at the end of the word). Therefore, in any serious encryption system, the keys must be generated by the computer.

The problem with symmetric encryption is that you don't really have a good way to distribute secret keys to your customers. If you use the Internet, the adversary can intercept them. If you use US mail, yours is no longer an on-line business.

In the 1970s MIT researchers invented a public-key encryption system that relies on a pair of keys, a public key and a private key. The gist of the scheme is that you need the public key to encrypt, and the private key to decrypt. You make the public key widely available, so everyone can encrypt messages they send to you. By keeping your private key safely inside your computer, you ensure no one but you can decrypt messages intended for you.

Using that scheme, your customer just picks up your public key on the Web, not worrying if anyone can see this. Her message is encrypted while still on her computer, and only ciphertext goes across the Internet. If you want to learn more about public key encryption, go to the "FAQs" link on http://www.pgpi.com/ (the International PGP Home Page), which contains several PGP-related FAQs. Another good source is James Heath's “How Electronic Encryption Works and How It Will Change Your Business” at http://www.viacorp.com/crypto.html.

The main rule of public key encryption is never to let anyone obtain your private key. As soon as someone gets it, the whole wonderful scheme stops working. Usually it is the human factor that defeats even the best cryptographic system.

Today, most of the necessary encryption is done automatically by your browser. E.g., when you go to a "secure" Web page (whose address starts with shttp:// instead of http://), you are using a public-key encryption system without so much as pressing an extra button. However, some good uses of public-key encryption are not yet incorporated conveniently into major software, and that is why we shall discuss encryption in greater detail.

PGP

PGP is one of the best and most popular encryption standards on the Web. It has the following features:

it is based on the public-key scheme (as are all Web-oriented encryption standards)
it has been tested for a decade by the best cryptographic scientists and practitioners, and no problems have been found with it
it is in the public domain (no license fees or royalties)
it is used by a huge number of people, so a lot of nice software has grown around this standard.

Good software based on PGP is available even as freeware (i.e., completely free). We will work with PGPfreeware version 6.5, which can be downloaded, both for PC and for Mac, from Network Associates, Inc. at http://www.pgpi.org/products/pgp/versions/freeware/. (For legal reasons, we elected not to put this software on an AGSM server.)

Task 1: Download and install PGP to your personal computer. This is straightforward, and is guided by on-screen prompts. Run PGPkeys (e.g., click on the PGPtray icon on your taskbar and choose Launch PGPkeys), and follow the instructions to generate your initial private key. Choose key of any size, but make sure you select the default option (Diffie-Hellman / DSS). When the software asks if you want to upload your public key to the keyserver, say "Yes". It isn't necessary to read the long help manual that comes with PGP, since these class notes are explicit and PGP offers context-sensitive help wherever you might need it. Or just launch Help from the PGPtray icon.

This software allows you to

exchange confidential email messages with other people
digitally sign messages you send
encrypt files on your PC to prevent others from reading them
upload your public key to the central server, and find other people's public keys on that server.

PGP stores your private key in a file called secring.skr. If you lose that file, you will never be able to read anything encrypted with the corresponding public key. It is not a big problem for your email, since you can usually ask your correspondents to resend any messages. But if you encrypt any important files, this may be a big problem.

It is very difficult to keep secring.skr completely safe, even though it is but one file. Therefore, PGPfreeware guards your private key by an extra layer of protection. You are told to invent a secret phrase that nobody else has a chance to guess. This secret phrase is not stored in your computer. And you are not supposed to write it down. Just pick any easy-to-remember phrase. Even if someone steals the file with your private key, they still need to know the secret phrase to get the key from the file. And so do you! If you forget the secret phrase, you might as well throw away your secret key ring and anything that was encrypted with the corresponding public key.

Exchanging Public Keys

Before you can send encrypted email to someone, you need to get that person's public key. There are several ways to do this:

Try the central keyserver where most people put their public keys (you did this in Task 1). To do this, run PGPkeys, select Keys / Search, type (any part of) the person's name or email address in the User ID box, and click Search. If you obtained the key, right-click on it and select "Import to Local Keyring".
Look to see if the person has their public key on their Web page or in their email signature; if so, copy that key in full to the clipboard, click on the PGP icon, and select "Add Key from Clipboard".
Ask the person to send you their public key by email, and use the same method as in the prior bullet point.

There is one subtlety here. Suppose you are really into something very serious and suspect that someone badly wants to read your confidential communications. What if your adversary arranges for you to get a bogus public key? For example, suppose that you want John's public key. You look up his name on the keyserver, find it, and download his public key. But, unknown to you, that key was placed by an adversary, Jeff. Now if Jeff can see your message to John, he will be able to decrypt it. Of course, you will eventually discover the plot, when John tells you he has no key on the server, and cannot read what you sent him. But still it is nice to know that this can be avoided if necessary.

What you can do is look at the fingerprint of John's public key (a rather short, unique string of letters and numbers generated when the key was created), call John on the phone, perhaps, and verify that his public key indeed has that fingerprint. Your conversation has nothing confidential in it, as it just verifies that it is indeed John's public key that you are looking at. Fingerprints are available in PGPkeys by right-clicking on a person's key and selecting Key Properties.

There's more to these matters than we have time to discuss here; have a look at PGP's help screens on such items as "Validity" and "Trust".

A more streamlined alternative is provided by digital certificates, such as are provided by VeriSign. Its aim is the same: to prevent fraudulent public keys from being used. The advantages of that approach are convenience and speed: if you buy something on-line, the merchant cannot be expected to talk to you over the phone just to confirm your identity! The disadvantages are cost ($20 per year for a reasonably reliable Class 2 certificate from VeriSign) and initial delay in getting a certificate (if your correspondent doesn't have one, it would take but a minute to check the fingerprint over the phone, and several days to obtain a reliable certificate). Fingerprints are easier for secure personal communications, whereas digital certificates are better for commercial purposes.

Task 2: Obtain the public key of the TA for this class, Max Moroz, from the public keyserver. Note that he has several keys on the server, and all but one of them are revoked: they are old keys, which he no longer wants to use. Add this key to your public key ring.

Exchanging Encrypted Messages

To send an encrypted message, pick the file with the message (it can be a simple .txt file or a binary file made with Word, etc.), right-click on it, and choose the PGP menu item that offers to encrypt it. Select (drag and drop) the name of the user for whom you want to encrypt; this will encrypt your message using their public key so that only they can read it. Check the "Text Output" box if you intend to copy/paste the encrypted result into the body of a Compose Message email window, otherwise the encrypted result will contain some funny characters that Simeon and some other mail programs will drop during email transmission. The result is a new file with the same name, but with an added .pgp extension.

Alternatively for a pure text message whose encrypted version you intend to copy/paste into the body of a Compose Message email window, you can copy the text of your message to the clipboard and choose the Encrypt Clipboard menu item from the PGPTray icon on your taskbar. Paste then yields the encrypted version.

To send the encrypted message: attach the .pgp file if you have one to your email, or paste the encrypted text into the body of your message if the Text Output box was checked during encryption.

Note: You can even encrypt a message in such a way that it can be read by any one of a group of people. Just choose several people from your public key list as shown by PGPTools when you ask it to encrypt the text.

Note: There is a problem if you use Outlook Express, the default mailer of Microsoft Internet Explorer: it doesn't paste text correctly; it removes some newlines that you have to restore yourself. The latest version of PGP offers a special plug-in specifically for Outlook Express, which makes the whole process even more intuitive.

Decryption is very similar to encryption. If you have an encrypted file, double-clicking or right-clicking on it brings up a decryption dialog. So does the PGPTools Decrypt/Verify button. If you have copied the encrypted text to the clipboard, click on the PGPTray icon on your taskbar and choose the Decrypt/Verify Clipboard menu item.

Note: Although this discussion concerned sending and receiving messages, you could just as easily be encrypting and decrypting files of any sort, including Excel spreadsheets or PowerPoint presentations, for exchange with others or simply for keeping secure on your own machine.

Digital Signature

Another important feature of PGP (as of any other public key cryptographic system) is its ability to produce digital signatures. You can encode a message in such a way that only you could have done the encoding. Anyone who has your public key can read this message, and can be sure that it was you who wrote it and that the message was not altered. Of course, if you give out your private key to someone (i.e., give them your secret key file and tell them the secret phrase), they can also send such messages. Your signature is only as good as your efforts to keep your private key secret.

A digital signature can either be appended at the end of the document much as a regular handwritten signature is, or it can have the whole document completely encoded. In both cases, anyone with access to the public key of the author can read the document and check that it was indeed created by that person.

Task 3: Send to Max Moroz at mmoroz@anderson.ucla.edu a message encrypted and signed by you. The message may contain anything you want. Max will attempt to decrypt it. If he succeeds, you get a Check-Plus on this assignment.