Cryptography Reference
In-Depth Information
3.
Public Key
:
e
A
.
4.
Private Key
:
d
A
(enciphered usingCAST-128, 3DES, or IDEA). The
actual key
d
A
is not stored on Alice's computer, only the encrypted ver-
sion. Here is the actual mechanism by which Alice accesses the private
key, when needed, in order to achieve maximum security.
Private Key Storage and Access Steps
(i) Alice chooses a passphrase that she will use for encipheringprivate
keys. (It is paramount that she keep this secure, never write it down,
or disclose it to anyone.)
(ii) When the PGP program generates a new RSA key pair, such as
(
e
A
,d
A
), it will prompt Alice for her passphrase,
P
, and usingSHA-
1, a 160-bit hash
h
(
P
) is formed, and the passphrase is discarded.
(iii) The program enciphers
d
A
, usingan SKC,
E
(which is one of
3DES, IDEA, or CAST-128), with
h
(
P
) as the key, namely, to form
E
h
(
P
)
(
d
A
), and discards
h
(
P
). Then
E
h
(
P
)
(
d
A
) is stored on Alice's
private key ring.
(iv) Whenever Alice wants to access
d
A
, she must provide the passphrase.
The PGP program provides her with
E
h
(
P
)
(
d
A
), generates
h
(
P
), and
deciphers
d
A
using
E
with
h
(
P
), namely, via
E
−
1
h
(
P
)
(
E
h
(
P
)
(
d
A
)) =
d
A
.
5.
User ID
:
ID
A
, which could be, for instance:
Alice@PGPprivateRing.com
.
Public Key Ring Individual Entry
This ringis used to store the public keys of other users, such as Bob, with
whom Alice communicates. The followingare the fields in Bob's entry, which
may be viewed as a public-key certificate (see Section 6.2 on PKI). Items 4, 6,
and 8 are under a framework, called a
trust-flag-byte
, the contents of which are
described individually in each field entry, and refer to the web-of-trust model
described on pages 238 and 239.
1.
Timestamp
:
t
B
, which is the creation time of the entry.
2.
Key ID
:
I
e
B
(mod 2
64
).
3.
Public Key
:
e
B
.
4.
Owner Trust
:
trust
byte
, which is the trust, assigned by Alice,
that indicates the degree to which
e
B
can be trusted to sign other public-
key certificates. When a new public key is to be added to the public-key
ring, the PGP program prompts Alice to assign a level of trust to the key
owner, Bob in this case. When the level of trust is
complete trust
, then the
−
flag
−
Search WWH ::
Custom Search