Tiểu luận kỹ thuật mã hóa PGP

I HC NNG

TRNG I HC BCH KHOA

KHOA CNG NGH THNG TIN Tel. (84-511) 736 949, Website: itf.ud.edu.vn, E-mail: [email protected]

BO CO TIU LUN MN HC

AN TON V BO MT MNG

NGNH KHOA HC MY TNH

TI :

K THUT M HA PGP

Nhm HV: 1. Trn Tn Phc

2. o L Tng

Lp Cao hc KHMT Kha 28 (2013 2015)

NNG, 12/2014

mailto:itf.ud.edu.vn

An ton v bo mt mng

Nhm 7 KHMT K28 Trang 1

MC LC

LI NI U ..................................................................................................... 3

Chng 1. CC KHI NIM C BN ........................................................... 4

1. Gii thiu ................................................................................................. 4

2. K thut m ha ..................................................................................... 4

2.1. Khi nim h m ha .......................................................................... 4

2.2. H m ha kha i xng................................................................... 5

2.3. H m ha kha bt i xng (h m ha kha cng khai) ............... 5

2.4. Ch k s ............................................................................................ 6

2.5. Hm bm ............................................................................................ 7

Chng 2. TM HIU K THUT M HA PGP ....................................... 8

1. Gii thiu v h m ha PGP ................................................................. 8

2. Cc thut ton s dng trong PGP ....................................................... 8

2.1. M ha i xng ................................................................................. 8

2.2. M ha bt i xng ......................................................................... 10

2.3. Hm Hash ......................................................................................... 11

Chng 3. QUY TRNH THC HIN M HA ......................................... 13

1. M ha ................................................................................................... 13

1.1. Chun b file ..................................................................................... 13

1.2. Ch k s .......................................................................................... 14

1.3. Nn ................................................................................................... 14

1.4. M ha .............................................................................................. 14

1.5. Tnh tng thch Email .................................................................... 14

2. Gii m ................................................................................................... 15

3. Kha ....................................................................................................... 15

3.1. Kha cng khai ................................................................................. 16

3.2. Kha b mt ...................................................................................... 16

4. Ch k s ............................................................................................... 17

5. Nn.......................................................................................................... 19

6. M ha v gii m thng ip ............................................................. 19

Chng 4. H THNG MINH HA .............................................................. 22

1. Chun b ................................................................................................ 22

An ton v bo mt mng


2. Qun l kha ......................................................................................... 22

2.1. To kha ........................................................................................... 22

2.2. Chng ch thu hi ............................................................................. 24

2.3. To kha b mt v kha cng khai.................................................. 27

2.4. Nhp kha cng khai v upload ln my ch .................................. 31

3. M ha v gii m ................................................................................. 34

3.1. M ha .............................................................................................. 34

3.2. Gii m ............................................................................................. 36

4. To ch k in t ................................................................................ 36

KT LUN ........................................................................................................ 38

TI LIU THAM KHO ................................................................................ 39

An ton v bo mt mng


LI NI U

Vi s pht trin mnh m ca mng my tnh c bit l s ra i ca

mng ton cu (Internet), n gip cho mi ngi khp trn th gii c th trao

i thng tin v lin lc vi nhau mt cch chnh xc, d dng trong mt thi gian

ngn nht.

Trong mi trng mng, mt lng tin hay mt khi d liu khi c gi i

t ngi gi n ngi nhn thng phi qua nhiu nt, nhiu trm vi nhiu

ngi s dng khc nhau, khng ai dm bo m rng thng tin n ngi nhn

khng b sao chp, khng b nh cp hay khng b xuyn tc

Chng ta nghe nhiu v my tnh v nhng mi e do t Internet i vi

s ring t ca chng ta, hay nhng k nh cp mt khu, nhng k sn tin

chuyn nghip, nhng k quy nhiu, chng s khng bao gi bung tha chng

ta.

Chnh bi l do ny m vn an ton d liu trn mng ni ring v an ton

d liu ni chung l mt trong nhng vn ang c quan tm hng u khi

nghin cu n truyn d liu trn mng. Vic xut ra cc h mt m ha

d liu trc khi truyn hoc trc khi lu l mt trong nhng cng vic cp bch,

khi d liu c m ha th k tn cng d c ly c d liu th chng

cng kh c kh nng gii m. c bit l vi mt h thng m ha c nh

gi kh nng bo mt cc k cao l h m ha PGP.

Chnh v nhng l do trn nhm chng em chn ti: K thut m

ha PGP c th o su nghin cu v cch thc hot ng, cc thut ton s

dng trong n, ng dng thc tin cng nh vic xy dng v ci t h thng

minh ha.

Do trnh chuyn mn cha nhiu nn khng th trnh khi nhng thiu

st. V vy em rt mong nhn c s gp ca cc thy v cc bn nhm

chng em c th hon thin tt hn ti ny.

Cui cng em xin chn thnh cm n TS. Nguyn Tn Khi tn tnh

gip nhm chng em hon thnh ti ny.

An ton v bo mt mng


Chng 1. CC KHI NIM C BN

1. Gii thiu

Gii thiu v cc phng php bo v thng tin truyn thng:

Xy dng h thng cc bc tng la.

p dng cc phng php xc thc.

Thit lp mng ring o, cc h thng cnh bo truy cp tri php

Da vo cc c ch an ton bo mt trn, chng ta khng c cch no m

bo an ton (tnh b mt, ton vn v xc thc) ca thng tin gia hai i tng

bt k (v khng c cch tng qut no xc nh tin cy gia chng trc

khi truyn thng).

Phn di y s cp n mt s phng php bo v thng tin bng

mt m (cryptography). Phng php ny c xem nh l mt phng php b

sung bo v thng tin cho h thng hin thi.

2. K thut m ha

2.1. Khi nim h m ha

M ha d liu l c ch chuyn i d liu sang mt nh dng khc khng

th c c, c th ngn cn nhng truy cp bt hp php khi d liu trao i

trong mi trng mng khng an ton. V nhng ngi tham gia lin lc hiu

c ni dung ca nhau th ngoi thut ton m ha d liu, h phi thng nht

vi nhau v kha m ha v gii m.

Theo quan im ton hc, h m ha c nh ngha l mt b nm (P, C,

K, E, D) trong :

P l tp hu hn cc bn r c th.

C l tp hu hn cc bn m c th.K l tp hu hn cc kha c th.

An ton v bo mt mng


E l tp cc hm lp m.

D l tp cc hm gii m.

Vi mi , c mt hm lp m , : v mt hm gii m

, : sao cho (()) = , .

2.2. H m ha kha i xng

H m ha kha i xng hay l h m ha m kha m ha c th d tnh

ton c t kha gii m v ngc li. Trong nhiu trng hp, kha m ha v

kha gii m l ging nhau. Thut ton ny yu cu ngi gi v ngi nhn phi

tha thun trc mt kha khi thng bo c gi i, v kha ny phi c tuyt

i gi b mt gia 2 ngi. H m ha ny cn c gi l h m ha kha b

mt.

M hnh m ha s dng kha i xng c m t nh sau:

Hnh 1. M hnh m ha kha i xng

2.3. H m ha kha bt i xng (h m ha kha cng khai)

H m ha kha cng khai hay cn c gi l h m ha bt i xng s

dng mt cp kha, kha m ha cn gi l kha cng khai (public key) v kha

An ton v bo mt mng


gii m c gi l kha b mt hay kha ring (private key). Trong h mt ny,

kha m ha khc vi kha gii m. Ch s hu gi kha ring v cho cng khai

kha m ha (public key). Bt c ai cng c th s dng kha cng khai (public

key) m ha thng ip v gi i, nhng ch c ngi s hu kha ring

(private key) mi c th gii m c. V cp kha ny khng th suy ra nhau,

tc l nu c kha cng khai th cng khng c cch no c th suy ra c

kha ring.

M hnh s dng kha bt i xng c m t trong hnh sau:

Hnh 2. M hnh m ha kha bt i xng

2.4. Ch k s

Qu trnh m ha thng ip vi kha ring ca ngi gi gi l qu trnh

k s.

S ch k l mt b nm (P, A, K, S, V), trong :

An ton v bo mt mng


P l mt tp hu hn cc vn bn c th

A l mt tp hu hn cc ch k c th

K l mt tp hu hn cc kha c th

S l tp cc thut ton k

V l tp cc thut ton kim th

Vi mi , c mt thut ton ,

: v mt thut ton kim th ,

: {, }, tha mn iu kin sau y

, :

(, ) = {, = ()

, ()

2.5. Hm bm

Hm bm c hiu l cc thut ton khng m ha ( y ta dng thut

ng bm thay cho m ha), n c nhim v bm thng ip c a vo

theo mt thut ton mt chiu no , ri a ra mt bn bm vn bn i din

c kch thc c nh. Gi tr ca hm bm l duy nht v kh c th suy ngc

li ni dung thng ip t gi tr bm ny. Hm bm mt chiu h c hai c tnh

quan trng sau:

Vi thng ip u vo x thu c bn bm z = h(x) l duy nht.

Nu d liu trong thng ip x thay i hay b xa ha thnh thng ip

x th () ().

Hm bm ng dng trong vic to v kim tra tnh ton vn ca ch k s.

An ton v bo mt mng


Chng 2. TM HIU K THUT M HA PGP

1. Gii thiu v h m ha PGP

PGP (Pretty Good Privacy) l mt phn mm my tnh dng m ha d

liu v xc thc. PGP c cng b u tin bi Philip R. Zimmermann nm 1991

trong thi gian ang lm vic ti PKWARE. K t , phn mm ny c nhiu

ci tin v hin nay tp on PGP cung cp nhiu phn mm da trn nn tng

ny. Vi mc tiu ban u l phc v cho m ha th in t, PGP hin nay

tr thnh mt gii php m ha cho cc cng ty ln, chnh ph v c nhn. Cc

phn mm da trn PGP c dng m ha v bo v thng tin lu tr trn

my tnh xch tay, my tnh bn, my ch v trong qu trnh trao i thng qua

email, IM hoc chuyn file. Giao thc hot ng ca h thng ny c nh hng

ln v tr thnh mt trong hai tiu chun m ha (tiu chun cn li l S/MIME).

PGP thng c s dng cho ch k in t, m ha v gii m text,

email, tp tin, th mc, cc phn vng ca a cng hay tng tnh bo mt trong

vic truyn ti email.

2. Cc thut ton s dng trong PGP

2.1. M ha i xng

2.1.1. IDEA

IDEA ra i t nhng nm 1991 c tn IPES (Improved Proposed Encyption

Standard). n nm 1992 c i tn thnh International Data Encrytion

Algorithm. Tc gi l Xuejia Lai v James Massey. Thit k loi m ny da trn

php cng modulo 2(OR), php cng modulo 216 v php nhn modulo 216+1 (s

nguyn t 65537). Loi m ny rt nhanh v phn mm (mi chp x l ca my

tnh c nhn c th thc hin php nhn bng mt lnh n). IDEA c cp bng

sng ch v bng ny do cng ty Ascom Tech AG ca Thu s cp. n nay

cha c cuc tn cng no cho php hu c hon ton thut ton IDEA. Do

An ton v bo mt mng


y l mt thut ton c an ton cao. IDEA l loi m khi s dng mt Cha

kha 128 bit m ha d liu trong nhng khi 64 bt vi 8 vng lp. Mi ln

lp IDEA s dng 3 php ton khc nhau, mi php ton thao tc trn hai u vo

16 bt sn sinh mt u ra 16 bt n. Ba php ton l:

1. Php XOR theo bt.

2. Php cng modulo 216 vi u vo v u ra l nhng s nguyn khng

du 16 bt. Hm ny ly hai s nguyn 16 bit lm du vo v sn sinh

mt tng 16 bt; nu b trn sang bt th 17, th bit ny b vt b.

Php nhn s nguyn theo modulo 216+1. vi u vo v u ra l nhng s

nguyn 16 bt. Tr trng hp c khi u l 0 th c xem nh 216.

2.1.2. 3DES

Thut ton DES (Data Encryption Standard) c chnh ph M to ra nm

1977 (NIST v NSA) da trn cc cng vic m IBM lm. DES thuc loi m

khi 64 bits vi kho di 64 bits. Thut ton DES u tin c nghin cu

trong thi gian di.

Thut ton 3DES ci thin mnh ca thut ton DES bng vic s dng

mt qu trnh m ha v gii m s dng 3 kha. Cc chuyn gia xc nh rng

3DES rt an ton. Nhc im ca n l chm hn mt cch ng k so vi cc

thut ton khc. Bn thn DES chm do dng cc php hon v bit. L do duy

nht dng 3DES l n c nghin cu rt k lng.

2.1.3. AES

AES (Advanced Encryption Standard) c da trn mt nguyn tc thit

k c bit n nh l mt mng hon v thay th. l nhanh chng c hai

phn mm v phn cng. Khng ging nh thut ton tin nhim ca n, DES,

AES khng s dng mng Feistel. AES c kch thc khi l 128 bit v kch

thc kha 128, 192, hoc 256 bit.

http://translate.googleusercontent.com/translate_c?hl=vi&langpair=en%7Cvi&rurl=translate.google.com.vn&twu=1&u=http://en.wikipedia.org/wiki/Substitution-permutation_network&usg=ALkJrhgnJ_vtajf4UpIha-QfI33Pv7_asQhttp://translate.googleusercontent.com/translate_c?hl=vi&langpair=en%7Cvi&rurl=translate.google.com.vn&twu=1&u=http://en.wikipedia.org/wiki/Computer_software&usg=ALkJrhgVKcSTwhYWJ5hqMFLZ7Vrqu8P5Kghttp://translate.googleusercontent.com/translate_c?hl=vi&langpair=en%7Cvi&rurl=translate.google.com.vn&twu=1&u=http://en.wikipedia.org/wiki/Hardware&usg=ALkJrhip-vgL9ANQG1Atl_AZ4uCstklAighttp://translate.googleusercontent.com/translate_c?hl=vi&langpair=en%7Cvi&rurl=translate.google.com.vn&twu=1&u=http://en.wikipedia.org/wiki/Feistel_network&usg=ALkJrhh2mzmzxB8dq1BBhC9RyO_rEaD2fAhttp://translate.googleusercontent.com/translate_c?hl=vi&langpair=en%7Cvi&rurl=translate.google.com.vn&twu=1&u=http://en.wikipedia.org/wiki/Block_size_%28cryptography%29&usg=ALkJrhh88BaY09lA_wJRW9JCWjTFAQnhmwhttp://translate.googleusercontent.com/translate_c?hl=vi&langpair=en%7Cvi&rurl=translate.google.com.vn&twu=1&u=http://en.wikipedia.org/wiki/Bit&usg=ALkJrhiEnoeAOozdQY0pTJPo1x4tQhBbYQhttp://translate.googleusercontent.com/translate_c?hl=vi&langpair=en%7Cvi&rurl=translate.google.com.vn&twu=1&u=http://en.wikipedia.org/wiki/Key_size&usg=ALkJrhhwTFUfVT-Q2P8aFtNldz9CBwiy2Ahttp://translate.googleusercontent.com/translate_c?hl=vi&langpair=en%7Cvi&rurl=translate.google.com.vn&twu=1&u=http://en.wikipedia.org/wiki/Key_size&usg=ALkJrhhwTFUfVT-Q2P8aFtNldz9CBwiy2A

An ton v bo mt mng


2.2. M ha bt i xng

2.2.1. RSA

Thut ton RSA c pht minh nm 1978. Thut ton RSA c hai kha:

kha cng khai (hay kha cng cng) v kha b mt (hay kha c nhn). Mi

kha l nhng s c nh s dng trong qu trnh m ha v gii m. Kha cng

khai c cng b rng ri cho mi ngi v c dng m ha. Nhng thng

tin c m ha bng kha cng khai ch c th c gii m bng kha b mt

tng ng. Ni cch khc, mi ngi u c th m ha nhng ch c ngi bit

kha c nhn (b mt) mi c th gii m c.

Thut ton s dng ch m ha khi P, C l mt s nguyn (0, n)

Nhc li: C= EPU (P) : m ha kha PU

P= DPR(EPU (P)) : gii m kha PR (ko cho php tnh c PR

t PU)

- Dng m ha/gii m:

C= Pe mod n

P= cd mod n = Ped mod n

PU = {e, u} -> Public

PR = {d, n} -> Private

- Ngi gi v ngi nhn bit gi tr ca n v e, nhng ch ngi

nhn bit gi tr ca d

- Mc ch: tm cc gi tr e, d, n (chn) tnh P v C

Nhn xt:

- C th tm gi tr ca e, d, n sao cho Ped = P mod n vi P < n

- Khng th xc nh d nu bit e v n

An ton v bo mt mng


2.2.2. ElGamal/ Diffie Hellman

Trong PGP thut ton Diffie Hellman c gi l DH v thng c dng

trao i kho v khng c dng k. V nu dng k th ch k s kh

ln. Trong lc , ElGamal c th dng k v bo mt mc d ch k s phi

dng hai s cng kch thc l 1024 bit trong khi RSA ch cn mt con s c

di l 1024 bit. i vi DSA th ch cn 2 con s c di l 160 bit.

2.2.3. DSA

DSA l mt phin bn c bit ca ElGamal. y l phin bn ElGamal cn

mt lng ln cc tnh ton i vi con s c di 1024 bit, mc d cc con s

ch k c chn ra l mt tp con ca 2160 phn t. Cc nh thit k thnh

cng khi to ra mt th tc ch cn 160 bit th hin nhm con ca cc phn t

. iu ny lm cho cc ch k c sinh ra c kch thc kh nh, n ch

cn hai con s c ln l 160 bit thay v phi dng hai s ln c di 1024 bit.

2.3. Hm Hash

Hm hash c nh ngha l mt nh x

H: X-->{0,1}k

Trong X l khng gian cc bn r di tu , {0,1}k l tp cc dy s

0,1 c di K cho trc. Hm Hash c xy dng sao cho tha mn cc tnh

cht c bn sau:

1. Tnh cht mt chiu

2. Hm Hash yu

3. Hm Hash mnh

Hm hash c gi l tho mn tnh cht mt chiu nu cho trc gi tr

hash (gi tr c rt gn) Z th v mt tnh ton khng th tm c gi tr

thng bo x sao cho Z = h(x). Tuy nhin cho trc thng bo x th vic xc nh

Z = h(x) li c thc hin nhanh chng.

An ton v bo mt mng


Hm h c gi l c tnh cht yu nu cho trc mt thng bo x th v

mt tnh ton khng th tm c mt thng bo xx (x,x X) sao cho h(x) =

h(x).

Cn hm hash c gi l c tnh cht mnh nu tng thc hnh khng th

tm c 2 thng bo x, xX khc nhau sao cho h(x) = h(x). Cc phin bn trc

PGP s dng hm bm MD5 bm d liu cn hin nay MD5 c thay bng

thut ton SHA.

An ton v bo mt mng


Chng 3. QUY TRNH THC HIN M HA

Hai dch v chnh m PGP cung cp cho ngi dng l: m ha v xc thc

thng ip. Khi thit k mt ng dng bo mt email, ngi thit k phi ng

u vi hai vn chnh, trc ht, phi bo mt ng dng bng nhng gii thut

no?

Trong trng hp ca PGP, nhng dch v ca n da vo ba gii thut:

IDEA (m ha kha b mt), RSA (m ha kha cng khai) v MD5 (Hm bm

an ton). Trong phn ny chng ta s nghin cu ton b nhng bc thc hin

ca PGP trong truyn v nn thng ip v nhng thng bo x l thng ip.

Sau chng ta s tm hiu chi tit nhng bc chnh ca qu trnh x l ny.

1. M ha

Hot ng thc t ca PGP gi v nhn thng ip bao gm nm dch

v: ch k s, m ha thng ip trong PGP. Quy trnh thc hin theo cc bc

sau:

Hnh 1. Qu trnh m ha mt thng ip trong PGP

1.1. Chun b file

Mi ln thc hin, PGP ch x l mt file. Nhng file c x l bi PGP

ni chung thng l vn bn. y l dng ph bin nht ca truyn thng email.

Nhng PGP c th chp nhn bt k file no, k c file nh phn, file PICT... Mt

trong nhng dch v tin li do PGP cung cp cho php ngi dng gi file theo

ng email bnh thng.

Bn r K NnM ha

M ha kha phin

nh dng ASCII

Armor

Bn m

An ton v bo mt mng


1.2. Ch k s

Khi nhn file u vo, bc u tin ca PGP l to mt ch k s gn

vo file. y ch l mt dch v la chn. Nu ngi gi yu cu ch k s, PGP

s to mt m bm ca file v sau m ha m bm vi RSA s dng cho kha

ring t ngi gi. Kt qu m ha m bm l ch k s cho file ny. Ch k s

bo m file ny l ca ngi gi v file khng b bin dng.

1.3. Nn

Vic nn li s gip tit kim thi gian truyn, khng gian a v quan trng

hn l gip tng cng tnh bo mt ca mt m. Hu ht cc k thut phn tch

m ha c tm thy trong bn r ph mt m. Nn lm gim bt i cc m

hnh ny, qua gip tng cng kh nng chng gii m. Tuy nhin ngi dng

c th la chn dng nn hoc khng.

1.4. M ha

u tin ngi dng s s dng thut ton m ha i xng m ha bn r

bng mt kha chung (cn gi l kha phin). Tip theo ngi dng s s dng

cp kha cng khai b mt c to bi thut ton m ha bt i xng. S dng

kha cng khai trong cp kha cng khai b mt m ha kha phin c to ra

sau qu trnh m ha bn r bng thut ton m ha i xng.

Phn m ha thng ip gi i ca PGP s dng c hai thut ton m ha

i xng v m ha bt i xng tn dng u th ca c hai. Thut ton m

ha bt i xng m bo vic phn phi kha phin trong h thng vi bo

mt cao cn thut ton m ha b mt c u th v tc m ha v gii m

(nhanh hn c 1000 ln).

1.5. Tnh tng thch Email

Nu k, nn hoc m ha c thc hin trn file gc th khi d liu c

sn sinh ra l nhng d liu nh phn. Tuy nhin, nhiu h thng email khng th

An ton v bo mt mng


x l vi d liu nh phn m ch c th x l nhng file vn bn. Khc phc hn

ch ny, PGP chuyn i d liu nh phn thnh nhng k t c th in c. PGP

s dng khun dng ASCII armor chuyn i d liu.

2. Gii m

Hnh di m t qu trnh gii m mt thng ip trong PGP. V c bn,

gii m, PGP ch cn thc hin o ngc cc bc ca qu trnh m ha.

Hnh 2. Qu trnh gii m mt thng ip trong PGP

u tin PGP s thc hin vic chuyn file bn m v li dng nh phn

thc hin gii m. Tip theo ngi dng s s dng kha ring t ca mnh trong

cp kha cng khai ring t thc hin vic gii m kha phin. Sau khi c

c kha phin thc hin vic qu trnh gii m bn r. Vic gii nn s c

thc hin khi phc y cc m hnh trong vn bn. Cui cng l vic kim

tra ch k xem vn bn c b sa i hay xm phm trong qu trnh truyn i

hay cha.

3. Kha

Kha l mt gi tr lm vic vi mt thut ton m ha to ra mt bn

m c th. V c bn kha l nhng con s rt ln. Kch thc ca kha c o

bng bit. Trong cc thut ton m ha, kha cng ln th tnh bo mt cng cao.

Tuy nhin kch thc ca cp kha cng khai b mt so vi kha thng

thng l khng h lin quang vi nhau. Nh mt kha thng thng 80 bit c

sc mnh tng ng vi mt kha cng khai 1024 bit. Kch thc kha l quan

Bn mChuyn v file

m ha

Khi phc kha phin

Gii mGii nn

Kim tra ch

kBn r

An ton v bo mt mng


trng cho s an ton, nhng cc thut ton c s dng cho tng loi l rt khc

nhau.. V th khng th so snh ch kch thc kha ca cc h mt m vi nhau.

Nn tng nhng thao tc ca PGP l yu cu mi ngi dng c mt cp

kha cng khai b mt cng nh cc bn sao chp cc kha cng khai ca ngi

nhn. Mc d mt cp kha cng khai b mt v mt ton hc l c lin quan

n nhau, n rt kh c th suy ra c mt kha b mt nu nh ch c kha

cng khai. Tuy nhin, vn c th suy ra c kha b mt nu c thi gian v

kh nng tnh ton. iu ny dn n mt vn rt quan trng l lm sao

chn ra c mt kha ng kch c, tc l ln c th m bo an ton v

nh c th p dng mt cch nhanh chng. Ngoi ra bn cng cn phi xem

xt nhng ai c th c gng c cc tp tin ca bn, h c bao nhiu thi gian v

kh nng h c th.

Kha c lu tr dng m ha. PGP lu tr cc kha trong hai tp tin

trn a cng ca bn. Mt cho kha cng cng v mt cho kha b mt. Nhng

tp tin ny c gi l mt vng kha.

3.1. Kha cng khai

PGP thng lu li nhng cha kha cng khai m ngi dng thu c. Cc

kha ny c tp hp v lu li trn vng kha cng khai. Mi mc vng gm

cc phn:

Kha cng khai.

User ID ch nhn ca kha cng khai ny, tn c trng ca ch nhn.

Mt keyID, l nh danh cho kha ny.

Thng tin khc lin quan n tin cy ca kha v ch nhn ca n.

3.2. Kha b mt

s dng PGP, ngi dng cn phi c mt kha b mt. Nu mun ngi dng

c th to nhiu kha b mt. Vng kha b mt cha ng thng tin ca mi kha.

An ton v bo mt mng


Kha ring gm 128 bit c sinh ra nh mt passphrase v hm bm MD5.

User ID.

Key ID ca kha cng khai tng ng.

4. Ch k s

Mt ch k s phc v cng mt mc ch nh mt ch k vit tay. Tuy

nhin mt ch k vit tay rt d dng b gi mo. Mt ch k s cao cp hn mt

ch k vit tay l gn nh khng th lm gi, v n l minh chng cho ni dung

ca thng tin cng nh danh tnh ca ngi k.

Ch k s cho ngi nhn thng tin xc minh tnh xc thc ca ngun gc

thng tin, v cng xc nhn rng thng tin cn nguyn vn. Mt ch k s cng

khai rt quan trng trong cung cp chng thc v ton vn d liu.

Cch thc lm vic ca ch k s c m t trong hnh 3.

Hnh 3. Lc k trn mt thng ip PGP

Ngi gi to ra mt thng ip.

1. PGP s dng MD5 bm thng ip to ra mt m bm 128 bit.

2. Ngi gi ly kha b mt trn vng kha s dng.

Ti liu cha

k

To gi tr

bm bng

MD5

Thm ch k

s vo ti

liu

Ch k

To ch k

bng RSA

Kha b mt ca ngi gi

An ton v bo mt mng


3. PGP m ha m bm bng RSA s dng cha kha b mt ca ngi gi,

v gn kt qu vo thng ip. Key ID ca kha cng khai ca ngi gi

tng ng gn lin vi ch k.

Hnh 4. Lc kim tra ch k trn mt thng ip

PGP ca ngi nhn

1. PGP ly Key ID c gn trong ch k v s dng n ly kha cng

khai ng t vng kha cng khai.

2. PGP s dng RSA vi kha cng khai ca ngi gi gii m khi phc

m bm.

3. PGP to ra mt m bm mi cho thng ip v so snh n vi m bm gii

m. Nu c hai trng nhau, thng ip c xc thc.

S kt hp ca MD5 v RSA cung cp mt s ch k s hiu qu. Vi sc

mnh ca RSA, ngi nhn chc chn rng ch ngi s hu ring vi kha thch

hp mi c th to ch k. Vi sc mnh ca MD5, ngi nhn chc chn rng

Vng kho

cng khai ca

ngi nhn

Gn key ID

cho ch k

Kha cng khai

ca ngi gi

Gii m ch

k bng RSA

To gi tr

bm bng

MD5

So snh

Thng ip

c k

Ch k

An ton v bo mt mng


khng ai khc c th to ra mt thong ip mi m m bm trng vi m bm ca

thng ip gc v v vy khng th trng vi ch k ca thng ip gc.

5. Nn

PGP s mc nh nn thng ip sau khi k nhng trc qu trnh m ha. iu

ny c li cho vic ct gi khng gian va cho truyn thng email va cho lu

tr trn my tnh. PGP s dng gii thut Zip nn thng ip. Thc cht gii

thut Zip tm kim nhng chui k t lp li trong d liu vo v thay th nhng

chui nh vy vi nhng m gn hn.

6. M ha v gii m thng ip

Mt dch v c bn khc ca PGP cung cp l m ha nhng thng ip truyn

i hoc ct gi trn my tnh. Trong c hai trng hp u s dng gii thut m

ha truyn thng IDEA. Nhng phin bn mi nht, PGP s dng thut ton AES

thay v IDEA.

Trong khi cc thut ton m ha lun ch trng vo vn phn phi kha. Th

vi PGP mi kho truyn thng ch c s dng mt ln; vi mi thng ip ch

c mt kha 128 bt ngu nhin c to ra. V ch c s dng mt ln, nn

kho phin c gn vo thng ip v truyn cng vi thng ip. bo v

kho phin, PGP s dng RSA vi kho cng cng ca ngi nhn.

Hnh 5 minh ha vn ny bao gm cc bc sau:

1. PGP ch to mt s 128 bit ngu nhin nh vic bm passphrase ca ngi

gi bng MD5 v s dng n lm kha phin cho thng ip.

2. PGP m ha thng ip s dng kha phin.

3. PGP m ha kha phin vi RSA. S dng kha cng khai ca ngi nhn

c gn vo kha phin m ha.

An ton v bo mt mng


Hnh 5. Lc m ha thng ip trong PGP

Hnh 6 m t qu trnh gii m thng ip.

1. PGP ly key ID c gn vo thng ip v s dng n ly kha b mt

ng t vng kha b mt. Mt ngi dng c th c hn mt kha ring.

2. Ngi nhn cung cp mt passphrase. N cho php PGP gii m kha ring

ca ngi nhn.

3. PGP s dng RSA vi kha ring gii m v khi phc kha phin.

4. PGP s dng kha phin gii m thng ip.

Vng kho

cng khai

ca

ngi gi

Dng MD5 bm

passphrasse to cha

kho phin mt ln

128 bt

M ho kho

phin bng

RSA

Thng ip

nn

M ho

thng ip

nn

Kha cng khai

ca ngi nhn

Thng ip

v bn sao

kha phin

m ha

An ton v bo mt mng


Hnh 6. Lc gii m thng ip trong PGP

Vng kha b

mt ca ngi

nhn

Thng ip

gii m

nhng vn

b nn.

Gn key ID

cho kho b

mt

Kha phin

v thng

ip m

ho

Gii m

Gii m

kho b mt

Gii m bng

kha b mt

RSA

Passphrase ca

ngi nhn

Kha b mt ca ngi

nhn

Kha phin mt ln

An ton v bo mt mng


Chng 4. H THNG MINH HA

1. Chun b

1. Ci t chng trnh qun l kha Gnu4win

2. Ci t chng trnh qun l Mail Mozilla Thunderbird s dng 2 email

chy minh ha:

- [email protected]

- [email protected]

3. Ci t tin ch m rng h tr m ha mail Enigmail cho chng trnh

Mozilla Thunderbird.

2. Qun l kha

2.1. To kha

Vo Enigmail Qun l kha.

Vo To ra Cp kha mi

An ton v bo mt mng


Cc thuc tnh:

- Ti khon/ Tn ngi dng: l ti khon mail ang s dng trn Mozzila

Thunderbird.

- Cm t mt khu (Passphrase): nhp mt khu s dng. m bo an

ton thng tin cho Cm t mt khu cng nh mt khu ng nhp vo

ti khon, Cm t mt khu ny ch cung cp mt ln. Nu nh mt Cm

t mt khu th khng th k message hay gii m ti liu nhn c. Cm

t mt khu phi di, kh. Nu khng mun t cm t mt khu

th c th chn nt Khng c cm t mt khu.

- Kha ht hn: mc nh ca chng trnh l 5 nm. C th thay i n hoc

chn Kha khng c hn.

An ton v bo mt mng


- Nng cao: chn kch c kha v kiu m ha. hai thut ton m ha DSA

v RSA cung cp 3 size m ha d liu. Nu gi ti liu trong mt thi

gian ngn th nn s dng 1024bits, v ty theo s nm s dng chn

kch c kha cho hp l. Nu kch c kha cng cao th qu trnh to kha

cng mt nhiu thi gian m ha d liu.

Chn To ra kha

2.2. Chng ch thu hi

2.2.1. To chng ch thu hi

Mc ch: thu hi li kha cp khi khng s dng cp kha na hoc

khi b mt kha b mt.

Vo To ra Chng nhn thu hi t tn v lu chng ch thu hi.

Nhp Passphrase (Cm t mt khu) c to.

An ton v bo mt mng


Mt chng ch thu hi s c dng nh sau.

2.2.2. Thu hi kha

Nhy chut phi vo kha Thu hi kha

An ton v bo mt mng


Kim tra xem kha b thu hi hay cha. V d s dng email

[email protected] kim tra xem th kha b mt ca email

[email protected] b thu hi hay cha.

Vo my phc v kha Tm kim kha

Chn server upload kha cng khai ln.

Thng bo kha cng khai trn server c ti v.

An ton v bo mt mng


Email [email protected] c mu xm m chng t kha cng khai

ny c thu hi.

2.3. To kha b mt v kha cng khai

Khi qu trnh to kha hon tt, PGP s to ra mt cp kha cng khai v

b mt. Kha b mt l kha ring phi lu tr cn thn m bo an ton thng

tin ca kha. m bo iu nn dng phn mm nn li v t mt khu

bo v cho kha. Kha cng khai dng gii m, c th gi cho i tc dng

m ha thng ip gi i.

An ton v bo mt mng


Vo Tp tin Xut kha ra tp tin

Chn Xut cc kha B mt ra. Nn nn li v lu kha b mt mt ni

an ton nhm bo v thng tin ca kha b mt.

Mt kha b mt s c dng nh sau:

An ton v bo mt mng


Tng t bn cng lm nh vy to ra kha cng khai. Vo Tp tin

Xut kha ra tp tin

Chn Ch xut kha cng ra thi.

An ton v bo mt mng


Mt kha cng khai c to c dng nh sau:

An ton v bo mt mng


Sau khi to kha cng khai, nn gi kha cng khai cho cc i tc tham

gia lin lc. Vo Tp tin Gi kha cng bng th in t .

Thng tin ca kha cng khai s c nh km trong ni dung th gi ti

nhng ngi tham gia. Sau khi nhn c, ngi tham gia nhp kha t tp tin

c th s dng kha ny m ha thng ip.

2.4. Nhp kha cng khai v upload ln my ch

2.4.1. Nhp kha cng khai

m ha thng ip trc khi gi i th ngi nhn phi gi kha cng

khai cho i tc ca mnh, v ngi gi phi nhp kha cng khai vo, dng kha

cng khai ca ngi nhn m ha.

An ton v bo mt mng


Vo Tp tin Nhp kha vo t tp tin chn ng kha ca ngi nhn

Open.

Thng bo qu trnh nhp kha thnh cng.

Kha ca ngi nhn s xut hin trn ca s chng trnh.

An ton v bo mt mng


2.4.2. Upload kha cng khai ln my ch lu tr

Chn kha mun upload ln my ch lu tr my phc v kha Ti

kha cng ln.

Chn my ch mun lu tr. C rt nhiu my ch lu tr thng dng

lu tr kha cng khai:

- Sks.mit.edu

- Centserver.pgp.com

- Subkeys.pgp.net

An ton v bo mt mng


- Pgp.mit.edu

- Pool.sks-keyservers.net

- Zimmerman.mayfirst.org

3. M ha v gii m

3.1. M ha

Sau khi c kha cng khai ca ngi nhn v nhp kha vo trong chng

trnh. Ta tin hnh son tho th gi i.

m ha th gi i, nhy chut vo nt Enigmail trn thanh cng c.

An ton v bo mt mng


Chn hai ty chn Force Encryption (m ha thng ip gi i) v Force

Signing (k thng ip gi i) v nhn OK.

Khi gi thng ip n cho ngi nhn, chng trnh s bt nhp

Passphrase (Cm t mt khu).

An ton v bo mt mng


Sau khi nhp mt khu, thng ip s c m ha v gi i.

3.2. Gii m

Khi nhn c thng ip m ha t i tc gi i. Th khi vo xem tin

nhn, chng trnh s bt buc nhp Passphrase (cm t mt khu).

Khi nhp ng Passphrase th ni dung tin nhn s c gii m, nu khng

th vn s dng m ha.

4. To ch k in t

Chng trnh cung cp cc ch k tin cy c th c s dng to ra cc

chng thc s (Certiface Authentication). Mt ch k tin cy c th chng t rng

mt kha thc s thuc v mt ngi s dng v ngi ng tin cy k xc

nhn mt kha mc thp hn.

- Mc 0 tng ng vi ch k trong m hnh mng li tn nhim.

- Mc 1 tng ng vi ch k ca mt CA v n c kh nng xc nhn

cho mt s lng khng hn ch cc ch k mc 0.

- Mc 2 tng t nh ch k trong danh sch cc CA mc nh trong trnh

duyt internet; n cho php to ra cc CA khc.

k xc thc mt ch k ca i tc l ng ca ngi s hu, nhy

chut phi vo kha ca i tc K tn kha.

An ton v bo mt mng


C 4 mc ty chn v mc kim tra i vi kha ca i tc. Chn mc

no thy hp l nht v OK.

Chng trnh s yu cu nhp Passphrase. Nhp ng Passphrase v OK.

An ton v bo mt mng


KT LUN

Vi mc ch nghin cu v k thut m ha PGP. ti tm hiu v

cc khi nim i vi k thut m ha PGP, cc thut ton lin quan v quy trnh

thc hin m ha ca PGP. Mt s vn c nhm lm sng t v trnh by

trong bo co, tuy nhin vn cn mt s mt hn ch nhm cha lm c.

Nhng vn t c:

o Trnh by tng quan cc k thut m ha.

o Gii thiu v k thut m ha PGP, cc thut ton lin quan.

o Quy trnh thc hin m ha ca PGP.

o Ci t h thng minh ha k thut m ha PGP.

Cc mt hn ch:

o Cha trnh by mt cch c th v r rng hn v k thut m ha

PGP v cc thut ton lin quan.

o Cha nghin cu v cc ng dng ca PGP.

An ton v bo mt mng


TI LIU THAM KHO

[1]. Website www.vi.wikipedia.org

[2]. Website www.pgpi.org

[3]. Nguyn Tn Khi, An ton thng tin mng, H Bch Khoa Nng, 2013.

[4]. Larry L.Peterson and Bruce S. Davie, Computer Networks, Morgan

Kaufmann, Fifth Edition, 2012.

[5]. Network Associates, An Introduction to Cryptography, 1990-1999.

http://www.vi.wikipedia.org/http://www.pgpi.org/

Documents

Tiểu luận kỹ thuật mã hóa PGP