GNU Privacy Guard (GPG) For Secure Cloud Computing

GNU Privacy Guard (GPG) is used for code signing in Free Software. For secure Cloud Computing, GPG can be used for Emails and Messaging. Basically, GPG is stable, qualified as a software for production use and is commonly included in unix like operating systems and Microsoft Windows too. Although basically the program has a textual interface, currently there are several graphics applications using GPG resources.

 

GNU Privacy Guard (GPG) For Secure Cloud Computing : Basics

 

GNU Privacy Guard (GPG) has been integrated into certain Email Clients, there is a plugin called that integrates with Mozilla and Thunderbird working in Windows, GNU/Linux and other operating systems. Because the plugins are not part of the mechanism of GPG and are not specified in the OpenPGP standard, nor their respective developers are linked to projects plugins, one might think that the security benefits of GPG may be losing their effectiveness as a result of this lack of coordination and support, but being open source tools or interpreted scripts (as in the case of plugins for Thunderbird), reliable operation is guaranteed with GPG tool.

GPG can also be compiled on other platforms such as Mac ( OS X ) and Windows. In OS X, there is a free application, which has been adapted to use the user environment and its native class definitions. Cross compilation is not a trivial exercise, at least in part because security provisions change the operating system and adaptation often becomes difficult, but High quality compilers must produce executable to interact properly with other GPG implementations.

GnuPG has set itself the goal of achieving the largest possible group of users, the use of cryptographic methods to confidential transmission of electronic data. GnuPG also supports the following functions:

 

1. Encryption of data (eg. as e-mail ) to transmit confidential information to one or more receivers that can only be decrypted by the receiver again.
2. Generating a signature on the data sent in order to ensure the authenticity and integrity.

 

Both functions can be combined. In general, the signature is created first and appended to the data. This package is then encrypted and sent to the receiver. The combination of both in one call GnuPG support only in this order. When sending e-mails (as PGP / MIME according to RFC 3156 ), although both variants are possible, but due to limitations of the mail client that is in practice the only possible sequence; the ability to encrypt an email first and then sprayed with a clear text signature (so that a virus scanner or spam filter that can not decrypt the message itself) is not provided. However, one can encrypt files independent of the e-mail, attach it to an email and let the email then sign as PGP / MIME.

 

As most of the Email services, Messaging Services etceteras are based on Cloud Computing Platform; i.e. are multi tenant in nature, in short; GNU Privacy Guard (GPG) can be used for Secure Cloud Computing.

 

GNU Privacy Guard (GPG) For Secure Cloud Computing : Operation

 

On IaaS Model of Cloud Computing, we run an instance over a software like OpenStack, which in turn runs on either a virtual hardware or real hardware. It is near impossible to know where the cloud computing software like OpenStack is running. For the shared hosting services, assumably it is virtual, for cost reduction. Further adding a PaaS adds more complexity. These platforms are difficult to rely for generation of the keys as multiple nodes are associated. Generating keys on real hardware is safer and trusted.

GPG is a public-key encryption method , that is, to encrypt messages, no secret information is needed. Each user creates a GPG key pair that consists of two parts: the private key and the public key. The owner only has the access to the private key. Therefore, this is usually protected with a password. This data can be decrypted and signed. The public key is used to encrypt data and to verify signed data. User must have a communication partner available to perform these two actions. The data can be not signed nor decrypted with the public key, so its distribution is also fraught with no security risk.

 

The public key can be shared with other users through a variety of channels, eg. As Internet key servers . The combination of public key and user ID should definitely be reliably checked before use to prevent identity manipulations because the public key listed in identity information (usually name and e-mail, possibly even in a comment), which can be forged. GPG can only determine whether the data has been signed or encrypted with a particular key. Whether the key is itself trustworthy, the user has to decide finally anyone can create a key with the data of other users and invite him to a keyserver. One from an uncertain source (eg., The Internet) loaded key should not be relied first. To test, the fingerprint ( hash value ) of the key over a secure channel should compare it with the downloaded key locally generated. This is safe, because it is not possible to generate a matching key for a given fingerprint. This security depends (and the set of possible keys) on the strength of the hash function.

 

To encrypt the data, or sign, there are different degrees of keys. Normally there are 2048- to 4096-bit strong key with 2048 bit length. GPG is currently used with not patented algorithms to encrypt data with those keys, such as RSA , ElGamal , CAST5 , Triple DES (3DES), AES and Blowfish .

GnuPG supports with master keys a security feature that goes beyond the OpenPGP standard and therefore does not work reliably if such secret key to be imported into another OpenPGP application. The master key is not used for everyday signing and decrypting, but for the management of own key components (user IDs and subkeys) and the certification of other keys. These actions fall at comparatively rare, so that you can back up the master key special. The advantages of this approach are:

 

1. The verification of the key does not need to be repeated by the communication partner. The master key remains valid.
2. Subkey can be easily replaced. Expiring and new subkeys are nothing special for OpenPGP, are automatically included in key updates, and uses transparent to the user.
3. If the master key must also needed to be signed for significantly higher level of security to sign information of great importance.

 

The technical approach is to export the private key without the master key (making a backup of the master key), then delete all the secret key, and then import only the subkey. Unfortunately, these GnuPG function is not yet supported by the GUI, so one need to perform actions in the console for the necessary steps.

 

GNU Privacy Guard (GPG) For Secure Cloud Computing and Web of Trust

 

Using a Web of Trust address the problem of connecting with all the communication partners. Users can sign other keys with their own key and confirm third party so that they have verified the authenticity of the key. In addition, one can determine how much you trust the signings of the person. This results in the Web of Trust. If John Doe has, for example, confirmed with their signature with the authenticity of the key of Mary Doe, Abhishek Ghosh can even trust the authenticity of the key of John Doe, when they themselves could not convince directly. There are some certification bodies (certification authority, CA) to determine the authenticity of keys, for example, by personal contact with verification of the identity card.

The web of trust has been extensively studied by scientists and visualized in detail. It was found that a large proportion of users belonging to a subset that is connected by mutual acknowledgments completely with each other, the so-called Strong Set the Web of Trust. Studies have also shown that the crypto campaign contribution was made ‹‹to strengthen the links between the participants. Another important contribution to the Web of Trust provides the Debian project that requires digital signatures for the inclusion of contributions.

 

GNU Privacy Guard (GPG) For Secure Cloud Computing and GPG Agents

 

As the ssh-agent (in OpenSSH ) serves as the gpg-agent, among theother things, to keep the pass phrase for a configurable period, thus eliminating the need to re-enter; gpg-agent stores the pass phrase. Unlike OpenSSH, the gpg-agent, however, since Version 2 of GnuPG all operations involving private key, outsourced to gpg-agent, which makes it possible to store the key on another computer and to use only indirectly. The second important task of gpg-agent for GnuPG 2.0.x is access to smart cards.

On most Unix-like desktop environments the gpg-agent is equal to a daemon. Because the startup script of the desktop environment exported this environment variable, all programs have access to it. If gpg-agent is not running (or not found), it is gpg, gpgsm and gpgconf which start automatically. Access to a running gpg-agent can be done in console via gpg-connect-agent. gpg-agent, therefore, is independent of OpenPGP and OpenSSH use to manage passphrases for their own programs.

To use GnuPG in different application contexts, many are frontends been created. Front-ends that provide the functions of the command-line based program through a graphical interface available, such as the Gnu Privacy Assistant (GPA), which is distributed by the Free Software Foundation as default frontend, seahorse and kgpg for integration into the Desktop environments GNOME or KDE, WinPT or Gpg4win for working under Windows, as well as GPGTools for Apple OS X.
GnuPG works with Mail programs/Email Agents either directly or via a plug-in. Chat programs like Gabber, Miranda IM as well as the partially cross-platform encrypted chats over networks such as ICQ permit GnuPG.
Server-based front-ends such as GNU Anubis, freenigma or GPGrelay works as the SMTP relay server to allow a centralized and transparent email encryption. For the web browser Mozilla Firefox, there was an add-on called FireGPG, which recognizes and processes on any website GPG blocks, but it is no longer being developed.
There are also other interfaces for the use of GnuPG from various scripting languages ‹‹such as Perl, PHP or Python.

The person who talked about so much applications of GNU Privacy Guard (GPG) for Secure Cloud Computing on the part Email, is no one but NSA leaker, Lionhearted Edward Snowden.