Source |
AlienVault Blog |
Identifiant |
542673 |
Date de publication |
2018-03-26 13:00:00 (vue: 2018-03-26 13:00:00) |
Titre |
Explain PGP Encryption: An Operational Introduction |
Texte |
If you don’t already know what Pretty Good Privacy (PGP) is; you may have heard of PGP before, perhaps during a discussion on how to secure your communications, or perhaps in one of those how-to maintain privacy guides. PGP is a popular solution for encrypting, decrypting, signing, and verifying messages and files, often found in email communications and package repository identity verification (because security matters).
Most generic guides simply explain PGP at a high-level or how to encrypt and decrypt messages using specific software, and not much more than that. The goal of this introduction to PGP is to illustrate a more timeless and operational approach to using PGP safely, with respect to both information security and operational security.
Firstly, we introduce PGP theoretically and practically, this means understanding how PGP works and what we can actually do with PGP. To better understand our security stance, we assess the CIA Triad, a theoretical Information Security model, that considers the confidentiality, integrity, and availability of information. Next, we get familiar with our threat model (similar to OPSEC Model); in this step, we analyze personalized risks and threats. To mitigate any identified threats and reduce risk, we implement operational security practices.
At a more concise glance, we will discuss the following:
PGP, OpenPGP & GPG
Public & Private Key Pairs
Information Security (CIA Triad)
Confidentiality: message encryption, information storage
Integrity: message/file authenticity, web of trust
Availability: key servers, web of trust, metadata
Assessing Threats & Risk
Threat Modeling
Operational Security
Clients & Use Guides: Windows, Linux, Mac, Web
With that caveat in mind, let’s jump straight in.
PGP, OpenPGP & GPG: What is it?
PGP is a protocol used for encrypting, decrypting and signing messages or files using a key pair. PGP is primarily used for encrypting communications at the Application layer, typically used for one-on-one encrypted messaging. You may find yourself needing to use PGP if you want to be certain that only the intended receiver can access your private message, thwarting the efforts of intercepting parties, or if you just want to verify the sender’s identity.
There are different variations of PGP: OpenPGP, PGP and GPG, but they generally all do the same thing. Here is the quick terminology run-down:
PGP: Pretty Good Privacy, original proprietary protocol. Released in 1991.
OpenPGP: Pretty Good Privacy, but it is an open-source version, and it has become the universally-accepted PGP standard. Released in 1997.
GPG: GNU Privacy Guard, another popular solution that follows OpenPGP standards. Released in 1999.
When someone says PGP, it is generally s |
Envoyé |
Oui |
Condensat |
“mess >https://www `man accessibility accordingly available basis being best better better; blank build can carefully caution clear client client: com/2015/02/20/pgp com/2015/02/21/pgp com/blog/posts/encryption comes command conclusion craft decrypting deepdotweb despite done easy email encrypting encryption encryption: even explain explanatory fact files flags forward gnupg goals gpg gpg4win/ gpg` have https://hashrocket https://www ideal identity information instant introduction itself just keybase keybase’s keys kleopatra know less limit linux m/eatra mac many may messages messaging mitigate model need not one operational otr people perfect personalized pgp practice protocol really risk rollout safely security self sharing sheer should signing solutions story straight suite target= threat threats tutorial tutorial: understand unnecessary up” use used web website what when windows xmpp |
Tags |
|
Stories |
APT 15
|
Notes |
|
Move |
|